Failure Scenario Simulations

T+0 (first 2 hours)

• ‣Halt issuance (new activations) to prevent imbalance.
• ‣Publish "Reserve Status" update: supply, backing method, last merkle root time.
• ‣Treasury begins hourly reconciliation.
• ‣Exchange lead monitors pools and spreads.

T+24h

• ‣Enable redemption throttle per published policy (no special treatment).
• ‣Publish redemption queue statistics and next update time.
• ‣If stablecoin conversions are used, implement bounded pricing windows (avoid exploit via stale prices).
• ‣Increase comms cadence: 2 updates/day.

T+72h

• ‣If discount persists, highlight redemption arbitrage path (burn → redeem) with step-by-step verification.
• ‣Maintain PoR snapshots on schedule.
• ‣If liquidity is chaotic, reduce LP incentives, prioritize redemption integrity.

T+7d

• ‣Full post-mortem: causes, response effectiveness, policy updates.
• ‣Consider additional liquidity buffers only if disclosed and policy-backed.

T+0

• ‣Immediate halt issuance.
• ‣Freeze any messaging that implies immediate redemption.
• ‣Legal lead initiates contract and insurance review.
• ‣Custody ops requests written confirmation of holdings status.

T+24h

• ‣Publish a factual notice: "Vault partner has operational disruption. Issuance halted. Redemption processing paused/throttled per policy pending confirmation."
• ‣Begin contingency: identify alternate custodians, logistics, re-vaulting process.

T+72h

• ‣If gold is confirmed allocated and transferable: execute migration plan.
• ‣If not confirmed: escalate insurance claims / legal action.
• ‣Update PoR statement to reflect "verification pending" and publish last known merkle root.

T+7d

• ‣Transition custody, refresh audits, update disclosures, and re-open issuance only after stable.

T+0

• ‣Pause all mint-related functions (issuance contract pause).
• ‣Snapshot chain state: balances, supply, backing positions.
• ‣Begin coordinated disclosure with counsel (avoid incomplete claims).
• ‣Notify key partners privately (custody, major venues).

T+24h

• ‣Patch plan: fix contract, define migration if needed.
• ‣Publish short statement: "Potential mint vulnerability identified. Issuance paused. No evidence of exploitation (or state clearly if unknown). Next update time."

T+72h

• ‣Deploy fix / migration contract if required.
• ‣Provide verifiable accounting: old supply vs new supply, mapping and proofs.

T+7d

• ‣Post-mortem + upgraded change control.
• ‣Consider formal verification / expanded audits.

T+0

• ‣Halt stablecoin conversions.
• ‣Move to alternate regulated stablecoin where possible (policy-driven).
• ‣Publish "Conversion temporarily paused" notice.

T+24h

• ‣Treasury rebalancing per policy.
• ‣Re-open conversions only with bounded pricing and multiple references.

T+72h

• ‣Document losses (if any) and publish updated reserve ratio.

T+7d

• ‣Update treasury policy and disclosures.

T+0

• ‣Legal lead drafts "control policy addendum" and acceptable boundaries.
• ‣Engineering proposes implementation with: role separation, immutable logs, narrow scope (e.g., only stolen funds with documented request), public transparency report.

T+24h

• ‣Decide: implement or decline listing.
• ‣If implementing: publish policy and effective date before enabling.

T+72h

• ‣Ship controlled module with timelock and audit trail.
• ‣Notify market clearly: what can happen, when, and how to appeal.

T+7d

• ‣Publish first transparency report template (even if empty).