Risk Register

risk-register.md

This route preserves legacy markdown access inside the Next.js surface. The raw repository file remains authoritative.

Purpose

This register summarizes the most important real risks that remain relevant to PrivateDAO after the current hardening and documentation work.

The intent is to make residual risk explicit rather than implicit.

Risk	Category	Current Status	Mitigation Surface	Residual Note
mainnet release without external audit	deployment / assurance	open	readiness docs, audit handoff, release gates	no external audit is claimed by the repository
production signer misuse or poor custody	operations	open	production operations, cutover runbook, incident response	requires real organizational controls outside the codebase
RPC degradation or divergence	infrastructure	open	monitoring docs, RPC health scripts, operator checklist	still depends on provider selection and active monitoring
strategy alpha / APY proof not embedded in protocol package	product / competition fit	open	Ranger docs, strategy operations, risk policy	requires the paired strategy stack and live or backtest evidence
Android runtime verification outside this shell	product surface	partial	Android native docs and code	full runtime validation needs Android SDK/device environment
commit-reveal hides vote content but not timing metadata	privacy boundary	known design limit	protocol docs and threat model	this is documented honestly and not treated as solved privacy
CustomCPI is intentionally unsupported rather than arbitrary CPI execution	execution scope	intentional	protocol spec, tests, and docs	unsupported actions are rejected to keep the live execution surface conservative

Review this register before: