Ctrlk

Risk Disclosure

Known Risk Categories

Risk Type
Description
Mitigation Measures

Valuation Risk

Outdated or conflicting NAV input data

Multi-source verification, audit cycle constraints, outlier exclusion

Liquidity Risk

Redemption surges exceeding budgeted capacity

Layered liquidity, two-channel redemptions with approval, quota management

Market Manipulation

PP pool depth may be insufficient, making prices susceptible to manipulation

TWAP sampling, buffer trigger, NAV disregarding short-term prices

Governance Attacks

Vote-buying leading to poor-quality assets being listed

Layered governance, hard thresholds non-voting coverage, timelock

Smart Contract Risks

Code vulnerabilities leading to fund losses

Multi-round audits, bug bounties, phased rollout

Underlying Asset Risks

RWA/Private Equity/Fund Credit/Market Risk

Launchpad hard thresholds, continuous disclosure, diversified allocation

Contingency Planning for Extreme Scenarios

Scenario: Mass Redemption Wave

  1. Emergency quota depletion → T+0 redemptions rejected until quota refreshed

  2. Standard quota exhausted → New T+7 redemptions rejected until quota refreshed

  3. Large redemptions → Require keeper approval before processing

  4. Quota status disclosed → Market-driven pricing of premiums/discounts

  5. Risk control intervention → Keepers evaluate whether to refresh quotas or pause

Scenario: Significant NAV Decline

  1. Underlying asset impairment → NAV downward adjustment via AssetController

  2. PP market price may react prematurely → Discount widens

  3. Keeper intervention → May reduce quotas or pause redemptions (Protection Band automation planned for Phase 2)

  4. Ongoing disclosure → Market receives updated information

  5. Asset disposal completed → NAV stabilizes → Quotas restored → Normal operations resume

Emergency Reserve Fund

Parameters
Configuration

Funding Sources

Agreement fee deductions + Initial reserves

Target Size

3-5% of Prime TVL

Trigger Conditions

Weekly NAV decline >10% or liquidity event

Authorization Usage

Risk Control Multi-Signature (3/5)

Disclosure Requirements

Weekly public disclosure of balances and transaction records

Risk Control Flow

Risk Level Trigger Thresholds

Level
Deviation (D_t)
Quota Utilization
Pending Approvals
Response

Normal

< 8%

< 70%

< 10 requests

Continue operations

Low

8-12%

70-85%

10-20 requests

Warning issued, increased monitoring

Medium

12-15%

85-95%

20-50 requests

Keeper review, may reduce quotas

High

> 15%

> 95%

> 50 requests

Emergency review, quotas paused

Response Timeline

Phase
Duration
Actions

Detection

0-1h

Automated alerts, initial assessment

Immediate

1-24h

Risk committee review, protective measures

Short-term

1-7d

Root cause analysis, stakeholder communication

Recovery

7-30d

Remediation, gradual return to normal

Valuation Risk Deep Dive

NAV Data Sources

Source Type
Update Frequency
Weight

External Audit

Quarterly

High

Custodian Report

Monthly

Medium

Issuer Disclosure

Weekly minimum

Medium

On-chain Oracle

Real-time

Low (signal only)

Conflict Resolution

When sources disagree:

  1. Flag the conflict publicly

  2. Use most conservative value

  3. Escalate to risk committee

  4. Publish resolution rationale

Liquidity Risk Deep Dive

Quota Stress Testing

Scenario
Emergency Quota
Standard Quota
Keeper Action

Normal

<50% utilized

<50% utilized

Routine refresh

Moderate Stress

50-80% utilized

50-70% utilized

Increased monitoring

Severe Stress

>80% utilized

>70% utilized

Reduced refresh, stricter approval

Crisis

Depleted

>90% utilized

Pause new redemptions

Recovery Timeline

Phase
Duration
Actions

Immediate

0-24h

Pause emergency redemptions, assess situation

Short-term

1-7d

Process pending T+7 redemptions, communicate clearly

Medium-term

1-4w

Asset liquidation if needed

Recovery

4-12w

Gradually restore quotas, return to normal operations

Governance Attack Vectors

Known Attack Types

Attack
Description
Mitigation

Vote Buying

Purchasing votes to pass harmful proposals

Timelock, hard threshold protection

Flash Loan Governance

Borrow tokens, vote, return

Snapshot-based voting, lock requirements

Sybil Attack

Many fake accounts

Minimum stake requirements

Collusion

Coordinated voting by insiders

Transparent voting, community monitoring

Protected Parameters

These parameters cannot be changed by governance voting alone:

  • Launchpad hard thresholds (custody, audit, disclosure)

  • Protection band emergency triggers

  • Supply cap (10B PAIMON)

  • Core safety mechanisms

Smart Contract Security

Audit Status

All core contracts will undergo comprehensive security audits before mainnet deployment. The audit process includes:

  1. Pre-audit: Internal code review and testing

  2. Primary audit: Engagement with a reputable security firm

  3. Remediation: Address all identified issues

  4. Re-audit: Verification of fixes

  5. Public disclosure: Full audit reports published

Audit reports will be made publicly available upon completion. Subscribe to our official channels (X, Telegram) for audit announcements.

Bug Bounty Program

Severity
Reward Range

Critical

$50K - $500K

High

$10K - $50K

Medium

$2K - $10K

Low

$500 - $2K

Pre-IPO SPV Risks (xSPCX / pSPCX)

In addition to the Prime Vault risks above, holders of pre-IPO SPV tokens should understand:

Risk
Description
Mitigation

Single-issuer concentration

xSPCX value tracks one underlying SPV (today: SpaceX). Idiosyncratic events at the issuer fully reflect into the token

Diversify across products / venues; do not size positions assuming PP-style portfolio cushion

SPV-administrator solvency

The off-chain SPV is a separate legal entity; insolvency or fraud at the SPV administrator can impair the underlying claim

Operational due diligence on SPV partners; documented in drop metadata

Private-market valuation

The underlying private equity has no daily mark-to-market; large bid-ask spreads may emerge

Treat reported NAVs as point estimates, not closing prices

KYC-asymmetric exit

Non-KYC holders can transfer xSPCX freely but cannot redeem to pSPCX. If primary settlement against the SPV becomes the only liquidity venue, non-KYC holders rely on KYC counterparties

Plan exit through xSPCX secondary trading; do not assume primary redemption is available without KYC

Bridge invariant

totalSupply(xSPCX) = locked(pSPCX) × ratio is enforced in TokenBridge, but a UUPS upgrade error or compromised admin key could in principle break the peg

Multi-sig + timelock on UPGRADER_ROLE; on-chain invariant check verifiable by anyone

EIP-3643 agent powers

AGENT_ROLE on pSPCX can freeze, forcedTransfer, pause. Used for compliance enforcement but represents centralization

Multisig agent + event emission; agent actions auditable

Regulatory change

Securities-law treatment of the SPV interest depends on jurisdiction; future changes can affect transferability or holder rights

Geographic disclosure; KYC onboarding restricted to permitted jurisdictions

User Responsibility

Users should understand:

  1. PP is not a stablecoin — NAV fluctuates with underlying assets

  2. Instant liquidity is not guaranteed — Redemptions are subject to quota availability and approval thresholds

  3. Large redemptions require approval — Amounts exceeding thresholds (50K standard, 30K emergency) need keeper approval

  4. xSPCX and pSPCX are not equivalent in legal rights — xSPCX is a tradable mirror; only pSPCX holders have direct settlement rights against the SPV. Conversion requires KYC

  5. KYC onboarding is currently institutional-only — retail wallets should treat xSPCX as their endpoint

  6. Smart contract risk exists — despite audits, bugs are possible

PreviousToken EconomicsNextObservability

Last updated