# Incident Response Flow

Ledgity is built to operate reliably under normal conditions, but the protocol also includes a defined response framework for anormal or unexpected situations.\
The goal is always the same:

**Protect user funds first.**\
**Stabilize the system second.**\
**Restore normal operation responsibly.**

Incident response applies to both:

* **On-chain irregularities** (unexpected contract behavior, exploit attempts, liquidity anomalies)
* **Off-chain disruption** (delays in RWA repayment, market stress affecting liquidity timing)

***

#### Detection

Monitoring occurs continuously at multiple levels:

| Source                          | Type of Monitoring                             |
| ------------------------------- | ---------------------------------------------- |
| Smart contract event tracking   | Withdrawal, mint/burn, and state anomalies     |
| Liquidity buffer monitoring     | Sudden or large outflows                       |
| RWA repayment schedule tracking | Expected vs actual cash flow reconciliation    |
| Automated alerts & dashboards   | Internal operational monitoring                |
| Community + partner escalation  | Open reporting channels via Discord / Telegram |

If anormal behavior is detected, the Council is immediately alerted.

***

#### Initial Action: Temporary Pause

The protocol includes a **Global Pause** mechanism that allows deposits and withdrawals to be temporarily stopped.

* **This does&#x20;*****not*****&#x20;move funds**
* It only prevents *new* inflows/outflows until conditions are reviewed

This mechanism prevents cascading effects during uncertainty.

Pause may be triggered when:

* Liquidity buffer is unexpectedly depleted
* Off-chain repayment delays exceed predefined tolerances
* Smart contract inconsistencies are detected
* Security audit or exploit alerts require investigation

***

#### Assessment & Diagnosis

Once paused, the Council performs structured investigation:

| Area Reviewed                  | Purpose                                   |
| ------------------------------ | ----------------------------------------- |
| On-chain contract state        | Confirm integrity and balance correctness |
| Vault accounting vs. PPS       | Ensure yield calculations remain valid    |
| RWA portfolio cash flow        | Confirm repayment schedule status         |
| Custody and banking operations | Ensure off-chain balances are intact      |

If needed, external security or financial auditors may be engaged.

***

#### Resolution Actions

Depending on the diagnosis:

| Scenario                         | Action                                                                            |
| -------------------------------- | --------------------------------------------------------------------------------- |
| Smart contract anomaly           | Patch and redeploy through audited upgrade path                                   |
| Liquidity shortage due to timing | Coordinate scheduled repayment release                                            |
| RWA repayment delay              | Communicate adjusted withdrawal timeframes                                        |
| Confirmed malicious exploit      | Execute defensive withdrawal, coordinate fund protection, publish forensic report |

The priority is **protecting capital**, not rushing to reopen operations.

***

#### Communication

Transparent communication is critical.\
Users are informed through:

* Discord announcements
* Telegram updates
* Website banner (if needed)
* Formal written post-mortem (for major incidents)
* DAO governance update

No silent interventions. No hidden decisions.

***

#### Resumption

Once the system is confirmed stable:

* The pause is lifted
* Regular withdrawals and deposits resume
* A summary of findings is provided to the DAO
* If applicable, governance proposes long-term mitigation adjustments