# Incident Response Flow Ledgity is built to operate reliably under normal conditions, but the protocol also includes a defined response framework for anormal or unexpected situations.\ The goal is always the same: **Protect user funds first.**\ **Stabilize the system second.**\ **Restore normal operation responsibly.** Incident response applies to both: * **On-chain irregularities** (unexpected contract behavior, exploit attempts, liquidity anomalies) * **Off-chain disruption** (delays in RWA repayment, market stress affecting liquidity timing) *** #### Detection Monitoring occurs continuously at multiple levels: | Source | Type of Monitoring | | ------------------------------- | ---------------------------------------------- | | Smart contract event tracking | Withdrawal, mint/burn, and state anomalies | | Liquidity buffer monitoring | Sudden or large outflows | | RWA repayment schedule tracking | Expected vs actual cash flow reconciliation | | Automated alerts & dashboards | Internal operational monitoring | | Community + partner escalation | Open reporting channels via Discord / Telegram | If anormal behavior is detected, the Council is immediately alerted. *** #### Initial Action: Temporary Pause The protocol includes a **Global Pause** mechanism that allows deposits and withdrawals to be temporarily stopped. * **This does *****not***** move funds** * It only prevents *new* inflows/outflows until conditions are reviewed This mechanism prevents cascading effects during uncertainty. Pause may be triggered when: * Liquidity buffer is unexpectedly depleted * Off-chain repayment delays exceed predefined tolerances * Smart contract inconsistencies are detected * Security audit or exploit alerts require investigation *** #### Assessment & Diagnosis Once paused, the Council performs structured investigation: | Area Reviewed | Purpose | | ------------------------------ | ----------------------------------------- | | On-chain contract state | Confirm integrity and balance correctness | | Vault accounting vs. PPS | Ensure yield calculations remain valid | | RWA portfolio cash flow | Confirm repayment schedule status | | Custody and banking operations | Ensure off-chain balances are intact | If needed, external security or financial auditors may be engaged. *** #### Resolution Actions Depending on the diagnosis: | Scenario | Action | | -------------------------------- | --------------------------------------------------------------------------------- | | Smart contract anomaly | Patch and redeploy through audited upgrade path | | Liquidity shortage due to timing | Coordinate scheduled repayment release | | RWA repayment delay | Communicate adjusted withdrawal timeframes | | Confirmed malicious exploit | Execute defensive withdrawal, coordinate fund protection, publish forensic report | The priority is **protecting capital**, not rushing to reopen operations. *** #### Communication Transparent communication is critical.\ Users are informed through: * Discord announcements * Telegram updates * Website banner (if needed) * Formal written post-mortem (for major incidents) * DAO governance update No silent interventions. No hidden decisions. *** #### Resumption Once the system is confirmed stable: * The pause is lifted * Regular withdrawals and deposits resume * A summary of findings is provided to the DAO * If applicable, governance proposes long-term mitigation adjustments --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ledgity.finance/risk-framework/incident-response-flow.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.