Back to ATLAX
ATLAX · Technical Audit Mode · Pre-testnet
// 11 / 15

Institutional Threat Model

Identified threats, mitigations, current status, and next milestones.

// threat.cards

Oracle Manipulation

Risk: High
Attack
Manipulated or stale price feed causes invalid liquidations or bad debt.
Mitigation
Multi-oracle median, TWAP fallback, deviation thresholds, staleness checks, circuit breakers.
Status
Designed / simulated
Next
Oracle adapter testnet implementation

Bad Debt

Risk: High
Attack
Under-collateralized accounts create losses after rapid price movements.
Mitigation
Maintenance margin, liquidation penalty, insurance fund, leverage caps, open interest caps, dynamic margin.
Status
Designed / simulated
Next
Margin engine testnet implementation

Liquidity Shock

Risk: Medium-High
Attack
Thin liquidity causes large slippage and liquidation cascades.
Mitigation
Dynamic margin, reduce-only mode, max skew limits, liquidity monitoring.
Status
Designed / simulated
Next
Liquidity simulation testing

Smart Contract Exploit

Risk: High
Attack
Contract bug causes loss of funds or incorrect accounting.
Mitigation
Unit tests, fuzz tests, invariant tests, internal review, external audit, bug bounty.
Status
Not audited
Next
Test suite and audit preparation

Admin Key Risk

Risk: Medium
Attack
Privileged role misuse or compromised admin key.
Mitigation
Multisig, role separation, timelock, emergency-only controls.
Status
Planned
Next
Admin policy v0.1

Bridge Risk

Risk: Medium-High
Attack
Cross-chain bridge failure affects collateral or settlement flows.
Mitigation
Bridge limits, monitoring, withdrawal delays, exposure caps.
Status
Research
Next
Bridge risk memo

Liquidation Bot Failure

Risk: Medium
Attack
Liquidations do not execute during market stress.
Mitigation
Multiple keepers, incentives, monitoring, fallback liquidators.
Status
Planned
Next
Keeper design

Market Manipulation

Risk: Medium-High
Attack
Attackers manipulate order book, funding, or oracle-adjacent pricing.
Mitigation
OI caps, mark/index deviation controls, surveillance, dynamic funding.
Status
Designed / simulated
Next
Market surveillance module

Insurance Fund Depletion

Risk: Medium
Attack
Bad debt exceeds insurance fund balance.
Mitigation
Risk limits, liquidation penalties, dynamic margin, insurance fund monitoring.
Status
Designed
Next
Insurance fund simulation

Invalid Fill Submission

Risk: High
Attack
Invalid or fake fills are sent to settlement.
Mitigation
Signature checks, nonce checks, fill IDs, settlement validation, public logs, future Merkle proofs.
Status
Designed / simulated
Next
Verifiable fill system

Matcher Centralization Risk

Risk: Medium
Attack
Centralized matcher could censor or reorder trades.
Mitigation
Transparent logs, signed orders, verifiable fill batches, independent indexers, future decentralized operator set.
Status
Prototype simulated
Next
Verifiable matching roadmap

Sequencer Downtime

Risk: Medium
Attack
Matching layer outage prevents order execution.
Mitigation
Failover systems, reduce-only mode, public status page, operator redundancy.
Status
Planned
Next
Reliability design