Edge Cases

Mass Redemption (Bank-Run Behavior)

Scenario: a large share of investors attempt redeem-style exits in a short time window.

Expected behavior:

Each exit uses the same conversion mechanics for that position.
Wrapper and strategy liquidity governs immediate execution capacity.
Circuit breaker can throttle outflow velocity.
Processing may stretch over time if upstream liquidity is constrained.

Mass redemption is not a death spiral. Each redemption is self-balancing. The last person to redeem gets the same rate as the first.

Design intent is to avoid first-mover-only extraction by preserving deterministic conversion rules and applying controlled outflow limits.

Yield Strategy Failure

Scenario: strategy-layer exploit or severe loss event.

Expected behavior:

Reported strategy value drops.
Exit paths continue, but payouts settle against actual remaining collateral.
Loss is isolated to the affected raise context.

Circuit breaker may activate to throttle outflows and prevent front-running.

Principal protection is designed against project-token downside, not against reserve depletion from upstream strategy compromise.

Oracle Outage

Scenario: oracle feed is stale, zero, or invalid.

Expected behavior:

New deposits are blocked/reverted.
Existing position exits remain available through conversion math and reserve state.

Oracle outage prevents new money in, but never prevents money out.

In the current model, deposit-time pricing depends on oracle input, while exit execution does not require fresh market price reads in the same way.

Reserve Shortfall

Scenario: reserve collateral is below expected target (loss event, accounting issue, or exceptional market condition).

Expected behavior:

Exits settle against real available collateral and conversion constraints.
Outflow controls can be used to slow panic/exploit velocity.

The system never promises a fixed dollar amount per position. It promises your proportional share of whatever is in the pool. In normal operation this equals your deposit. In a shortfall it equals your proportional share of what remains.

Project Abandonment

Scenario: project team becomes inactive.

Expected behavior:

User exit rights remain on-chain and user callable.
Strategy may continue accruing yield passively.
Yield collection is permissionless — anyone can trigger the claim function.
Administrative pull/operations paths (for example buyback execution) may halt if no operator acts.

The platform is designed so that investor exit never depends on the project team being active.

Partial Upstream Liquidity

Scenario: strategy cannot provide full requested liquidity immediately.

Expected behavior:

Availability checks reflect constrained withdrawal capacity.
Calls may partially succeed at lower layers or revert in exact-amount flows.
Users can retry as liquidity conditions improve.

This is a temporary delay, not a loss. The capital exists — it is lent out.

Circuit Breaker Activation

Scenario: outflow exceeds configured limits.

Expected behavior:

Withdrawal velocity is limited according to breaker buffers and config.
Once capacity replenishes, withdrawals resume at normal pace.

Circuit breaker is a velocity control, not a permanent lock on user exits.

Rounding and Dust

Scenario: integer division leaves residual dust.

Expected behavior:

Rounding always favors the protocol (reserve), never the individual. The amounts are negligible (wei-level).
Small residual balances can remain until final cleanup/sweep operations.

Admin Key and Upgrade Risks

Scenario: compromised or malicious admin flow.

Mitigations in current design direction:

Multisig-admin model
Delayed admin rotation acceptance
Controlled upgrade authorization paths

Residual trust assumptions still exist around upgrade governance and operational key management.