Risk Factors
Participating in GNDX Protocol involves significant risks. This page summarizes the primary risk categories. It is not exhaustive. Participants should conduct their own research and consult qualified legal and financial advisors before participating.
This documentation is for informational purposes only. Nothing here constitutes financial advice, investment advice, or a recommendation to buy or sell any token.
Smart Contract Risk
Risk: Bugs or exploits in the smart contract suite could result in partial or total loss of treasury assets.
Mitigations:
- Independent third-party security audits will be commissioned and completed before any production deployment — reports published publicly
ChecklistVerify.s.sol— 30+ on-chain invariant checks before deployment is considered production-ready- Guardian Multisig can pause for up to 72 hours if an active exploit is detected
- UUPS upgradeability allows bug fixes without TVL migration (7-day timelock required)
No audit guarantees the absence of all bugs. Smart contract risk cannot be fully eliminated.
Oracle Manipulation Risk
Risk: Manipulated price feeds could distort NAV calculations, enabling attackers to mint $GNDX at artificially low NAV or redeem at artificially high NAV.
Mitigations:
- Chainlink decentralized price feeds (not a single-source oracle)
- 20-minute TWAP averaging — manipulation requires sustaining a distorted price across multiple Chainlink updates
- 30% spot-vs-TWAP circuit breaker — any spot price diverging more than 30% from the live TWAP is clamped to +/-30% of the TWAP
- TWAP velocity monitoring — if the TWAP itself declines more than 7% in a single window (a real-crash signal), a crisis-mode redemption fee of 50 bps activates for 4 hours to deter exit arbitrage
- Stale feed detection — feeds more than 1 hour old are flagged and cause minting to revert
Governance Attack Risk
Risk: A coordinated attacker acquiring sufficient $GAME could influence governance toward harmful outcomes.
Mitigations:
- veGAME locking requirement — tokens must be locked before a proposal snapshot (flash loan attacks have zero effect)
- 5% quorum minimum — low-participation votes cannot pass
- 66% supermajority threshold — requires broad consensus, not simple majority
- 48-hour timelocks on standard actions — community can respond
- 7-day timelocks on upgrades and large treasury actions
- Hardcoded parameter bounds — even a compromised governance vote cannot exceed fee ceilings or the 10% weight cap
See Attack Defenses for the complete defense matrix.
Underlying Asset Risk
Risk: Individual gaming tokens in the basket may fail, be exploited, or lose all value.
Mitigations:
- Tier structure with 10% single-token weight cap and optional mint-routing exclusion limits maximum damage from any single failure
- Strict inclusion criteria (audit requirement, volume floors, age requirements) filter high-risk tokens
- Gaming Council monitors basket tokens and can fast-track removal proposals for exploited tokens
- Even if every Frontier tier token fails simultaneously: maximum index impact is ~10%
Liquidity Risk
Risk: Thin liquidity in underlying tokens creates slippage on large mints/redemptions.
Mitigations:
- Tiered daily volume inclusion criteria ($1M minimum for Core, $300K for Ascent, $75K for Frontier — measured as 30-day average)
- TWAP execution for orders above $50K USDC — reduces single-transaction price impact
- Three-layer instant mint rate limiting: quadratic fuzzy zone ($25K–$50K), per-address 24h rolling cap ($50K), and global protocol budget ($500K/hour) — prevents threshold-splitting and Sybil attacks
- Basket redemption path sends tokens directly without a DEX swap (no slippage)
Regulatory Risk
Risk: Regulatory treatment of DeFi index tokens remains uncertain across jurisdictions. Legal treatment of $GNDX and $GAME may change.
Mitigations:
- GNDX Protocol is pre-launch; the formal legal entity will be incorporated after the audit and fundraising phase, with structure chosen for regulatory clarity
- $GNDX designed as a utility/product token backed by real assets (not a security)
- $GAME designed as a governance token
- Interface geofencing blocks access from restricted jurisdictions
- Legal counsel engaged regarding token characterization
No mitigation eliminates regulatory risk entirely.
Bridge Risk
Risk: Some basket tokens originally issued on Ethereum mainnet are held on Arbitrum via the official Arbitrum bridge. Bridge exploits could affect those tokens.
Mitigations:
- Only the official Arbitrum bridge is used — no third-party bridges
- Arbitrum-native tokens (MAGIC, XAI, etc.) carry no bridge risk
- Inclusion criteria require tokens to be bridged via the official bridge or be Arbitrum-native
Stablecoin Risk
Risk: USDC (used for minting, fees, and the USDC buffer) carries issuer risk from Circle.
Mitigations:
- USDC is the most widely audited and regulated stablecoin in DeFi
- Protocol exposure is limited to amounts in the USDC buffer and during TWAP execution windows
Concentration Risk
Risk: The Web3 gaming sector may correlate strongly during market downturns, reducing diversification benefits.
Mitigations:
- Three-tier structure provides some sector diversification
- Geographic and platform diversification within tier criteria
- Users seeking non-correlated exposure should hold GNDX alongside other assets, not as their only position
Team and Operational Risk
Risk: The core development team may be unable to continue supporting the protocol.
Mitigations:
- Fully decentralized governance — no action requires team approval after launch
- Smart contracts are immutable after deployment except via governance vote
- 1-year vesting cliff for team tokens aligns incentives with protocol longevity
- The protocol code is proprietary. GNDX Protocol retains all intellectual property rights.
This list is not exhaustive. Participants should review all technical documentation and consult professional advisors.