Risk & Mitigations
The big risks in plain English, plus the controls we use to reduce them.
We deliver utility first and assume things break under real use. Below are the main risks and how we contain them.
1) Market and Liquidity
Risk.
Token price swings, thin pools, disorderly markets.
Mitigations.
Dollar-target rewards convert at claim time with price clamps and stale-data floors. Day-one circulating supply stays tight. Liquidity Pool tokens are locked. A disclosed, limited reserve can deepen liquidity or buy back during disorderly moves, with public notice and on-chain proof.
2) Economic Design
Risk.
Rewards outpace sinks, drain the pool, or create farming loops.
Mitigations.
Fixed emission lanes with monthly guardrails. Hourly budgets and soft throttles. One reward per lesson ID. Transfer lock on newly earned tokens. All spends route 50 percent to burn and 50 percent to treasury. We publish usage dashboards and adjust within preset bands under timelock.
3) Abuse and Bots
Risk.
Multi-accounting, scripted completions, collusion in quests and leaderboards.
Mitigations.
Verification tiers with daily and weekly caps. Liveness checks, device fingerprinting, timing analysis, and flagged-account review. Paid retries with cooldowns. Leaderboard and quest anti-smurf rules. Appeals flow to fix false positives.
4) Oracle and Pricing
Risk.
Manipulated or stale feeds that misprice rewards and sinks.
Mitigations.
Rolling averages from on-chain pools plus a reference feed. Update windows and movement clamps. If feeds are stale, pay a temporary floor or queue rewards until healthy. Any source change uses a timelock and public notice.
5) Smart Contract Bugs
Risk.
Exploits that mint, drain, or bypass rules.
Mitigations.
Narrow scope contracts, no post-launch mint. Role separation. Time-locked upgrades. Unit tests, fuzzing, and independent audits before launch and after material changes. Bug bounty at TGE. Emergency scoped pauses with required postmortems.
6) Centralization and Key Risk
Risk.
Single key compromise or unchecked admin actions.
Mitigations.
Multisig for admin and upgrades. Hardware backed keys, rotation, and monitored access. Public timelock for non-emergency changes. Published role addresses and policies.
7) Regulatory and Compliance
Risk.
Regional rules on tokens, KYC, and data handling.
Mitigations.
Tiered KYC where required. Region-aware onboarding and data flows. Clear terms, risk disclosures, and a changelog when rules shift. No profit rights or dividend claims. Utility first.
8) Privacy and Data Security
Risk.
Data leaks, over-collection, or misuse.
Mitigations.
Minimize collection. Encrypt at rest and in transit. Separate PII from learning data. Short-lived audio, clear deletion paths, and audit logs for access. Regular backups and restore drills.
9) AI Quality and Bias
Risk.
Speech recognition drift, accent bias, or uneven scoring.
Mitigations.
Published accuracy targets by accent and device. Ongoing evaluation and retraining. One correction per turn to avoid overload. Human review for high-stakes cases. Opt-in data only for model improvement.
10) Infrastructure and Uptime
Risk.
Outages on API, inference, RPC, or storage that interrupt claims and spends.
Mitigations.
Redundant providers, health checks, rate limits, and circuit breakers. Queued rewards when dependencies fail. Status page and real-time incident updates.
11) Partner and Integration
Risk.
Third-party KYC, DEX, or on-ramp issues that block users.
Mitigations.
Multiple vendors where practical, with clear fallbacks. Public list of dependencies and maintenance windows. Contracts designed to fail safe and resume cleanly.
12) User Safety and UX
Risk.
Wallet confusion, lost access, or surprise fees.
Mitigations.
Wallet abstraction with export. Gas fees covered for in-app actions. Plain language balances that show locked and unlocked amounts. Clear receipts and caps.
Incident Response
Detect and classify.
Scope the blast radius, then apply the smallest effective pause.
Communicate on the status page and in app.
Patch behind a timelock where possible, or use the emergency path if user funds are at risk.
Publish a postmortem within seven days with fixes and timelines.
Bottom line: We cannot remove risk. We can make it visible, bounded, and managed with controls that the public can verify.
Last updated