> For the complete documentation index, see [llms.txt](https://sagitta-protocol.gitbook.io/sagitta-whitepaper/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sagitta-protocol.gitbook.io/sagitta-whitepaper/failure-threat-matrix.md). # Failure / Threat Matrix ### Purpose The Failure / Threat Matrix defines how the Sagitta Protocol responds to adverse conditions across financial, technical, and governance domains. Each failure class is mapped to a governing authority and a deterministic outcome. The matrix demonstrates that **no failure mode results in depositor principal loss or uncontrolled system collapse**. This matrix describes **what happens**, not **how it is implemented**. *** ### Threat Classification Matrix | Failure / Threat Class | Description | Governing Authority | System Response | Depositor Outcome | | ------------------------------------- | ------------------------------------------------------------------------------ | ---------------------------- | -------------------------------------------------------------------------- | ----------------------------------------- | | **Allocation Underperformance** | Allocation batch returns less capital than deployed | Treasury + Reserve | Ordered loss absorption; reserve-relative settlement | Principal preserved; yield adjusted | | **Sustained Allocation Failure** | Repeated underperformance across batches | Treasury + Reserve + AAA | Allocation contraction; strategy restriction; reserve prioritization | Principal preserved | | **Stablecoin Depeg** | Stability Unit deviates materially from peg | Continuity Engine | Currency substitution; valuation normalization | Principal preserved in substituted unit | | **Reserve Asset Volatility** | Reserve asset correlation or valuation shift | Reserve + Continuity Engine | Coverage recalibration; reserve reinforcement | Principal preserved | | **Vault Contract Failure** | Vault accounting or contract fault | Continuity Engine + Reserve | State reconstruction; insured restoration | Principal restored | | **Escrow Execution Failure** | Counterparty or venue failure during execution | Escrow + Continuity Engine | Capital recall; execution isolation; substitution | Principal preserved | | **Treasury Token Market Attack** | Liquidity manipulation or hostile market activity | Treasury + Continuity Engine | Token isolation; lifecycle restriction | Allocation continues; principal preserved | | **Treasury Token Governance Capture** | Token-based governance attack | Continuity Engine | Governance scope restriction; authority freeze | Principal preserved | | **DAO Governance Deadlock** | Governance paralysis or quorum failure | Continuity Engine | Continuity authority enforcement | Principal preserved | | **Oracle Failure** | Pricing or data feed disruption | Continuity Engine | Oracle substitution; conservative valuation | Principal preserved | | **Infrastructure Failure** | Chain halt, RPC failure, or network outage | Continuity Engine | Execution halt; evacuation; reconstitution | Principal preserved | | **Multi-Component Failure** | Concurrent subsystem failures | Continuity Engine | Evacuation; degradation; phased recovery | Principal preserved | | **Catastrophic System Event** | Extreme external or systemic shock | Continuity Engine | Full evacuation; reserve enforcement; reconstitution | Principal preserved | | **Blockchain Failure** | Chain halt, consensus failure, censorship, or irrecoverable network disruption | Continuity Engine | Execution halt; asset evacuation; chain substitution; state reconstitution | Principal preserved | *** ### Interpretation Guidance * **Governing Authority** indicates which system enforces response * **System Response** reflects doctrine-level action, not execution detail * **Depositor Outcome** remains invariant across all threat classes This matrix demonstrates that **every identified failure mode resolves to containment, substitution, or recovery**, never depositor impairment. *** ### Design Implication Sagitta does not optimize for uninterrupted yield. It optimizes for: * capital preservation * deterministic response * survivability under stress Failure is treated as a **managed state**, not an exception. *** ### Closing Statement This matrix operationalizes the Sagitta System Invariants. It ensures that: * risk is bounded * authority is predefined * outcomes are predictable Sagitta does not ask what happens *if* things fail. It defines **what happens when they do**. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sagitta-protocol.gitbook.io/sagitta-whitepaper/failure-threat-matrix.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.