9. Known Failure Modes and Mitigations
9.1 Evidence Retrieval Failures
| Failure Mode | Mitigation | Impact |
|---|---|---|
| RPC provider unavailable | Multi-provider fallback with quorum | Delays evaluation |
| Historical state unavailable | Archive node requirement for > 256 blocks | Limits temporal depth |
| Rate limiting | Provider rotation, WebSocket subscriptions | Reduces throughput |
| Provider data divergence | BCE canonicalization + multi-provider check | Detects inconsistency |
| Solana slot skipping | Use confirmed (not finalized) with buffer | Minor anchor imprecision |
9.2 Graph Construction Failures
| Failure Mode | Mitigation | Impact |
|---|---|---|
Scope limit reached (maxNodes, maxEdges, maxHops, maxExpansionOps) |
scopeExhausted = true; deterministic — same result on replay |
Partial graph, engine adjusts qualification (Section 6.2) |
| Operational timeout (wall-clock) | Construction aborted entirely; VO enters CONSTRUCTION_FAILED |
No graph produced, no attestation, retry with tighter scope |
| Non-deterministic expansion order | BFS canonical ordering by nodeId (UTF-8 byte order) |
Prevented by specification (Section 4.5) |
Critical invariant: Deterministic scope limits produce partial but replayable graphs. Operational timeouts produce no graph. There is no intermediate case where a wall-clock timeout produces a partial graph — this would break replay determinism.
9.3 Replay Evidence Availability Failures
| Failure Mode | Mitigation | Impact |
|---|---|---|
| Archive RPC pruned historical state | Validators maintain own archive nodes; evidence promoted to IPFS/Filecoin within 24h of anchoring (Section 8.5) | Independent re-fetch impossible for affected evidence; fall back to operator-served |
| Operator evidence API unavailable | Decentralized storage fallback (IPFS/Arweave); cross-validator evidence sharing (Section 7.2, Step 2) | Delays replay but does not prevent it if evidence exists in any alternative source |
| Operator evidence API returns UNAVAILABLE for specific evidence unit | Validator falls back to IPFS/Filecoin by CID, then cross-validator sharing | If all sources fail, replay aborted (EVIDENCE_UNAVAILABLE) |
| Evidence hash mismatch on independent re-fetch | Validator escalates to full independent re-fetch of all evidence; submits EVIDENCE_DIVERGENCE dispute (Section 7.2, Step 7) |
Possible operator canonicalization bug or malicious evidence fabrication |
| Off-chain evidence source deleted (social post removed, API changed) | Integrity hash still verifiable from operator/IPFS copy; ref field recorded for audit trail |
Evidence remains valid if content hash matches; original source no longer independently confirmable |
| Partial evidence availability (some units missing) | Validator MUST abort replay entirely — partial evidence produces different graph and guaranteed voId mismatch | No attestation or dispute produced; VO remains in current attestation state |
Evidence availability decay curve: As time passes, evidence becomes harder to retrieve independently. The protocol addresses this through tiered storage promotion (Section 8.5): hot tier (90 days) → warm tier (2 years) → permanent archival (Arweave, after reaching weighted attestation threshold per Section 7.5.3). VOs that fail to reach the attestation threshold within 2 years may become permanently non-replayable — this is an accepted trade-off, as low-attestation VOs have limited protocol weight regardless.
9.4 Inference Failure Modes
| Failure Mode | Mitigation | Impact |
|---|---|---|
| Overconfidence | Explicit confidence bounds, calibration | False precision |
| Proxy collapse | Method versioning, feature monitoring | Stale models |
| Contextual leakage | Strict temporal anchoring | Future info in past eval |
| Insufficient training data | Minimum sample requirements per method | UNQUALIFIED output |
| Adversarial adaptation | Method rotation, detection of detection | Degrading accuracy |
9.5 Metric Gaming and Adaptation
| Gaming Strategy | Detection Approach | Protocol Response |
|---|---|---|
| Synthetic distribution | Wallet clustering (funding correlation) | Inferred concentration |
| Temporary liquidity staging | Temporal stability analysis | Time-series anomaly |
| Volume wash trading | Benford's Law + SCC detection | Adjusted organic volume |
| Bot-inflated social metrics | Bot detection ensemble | Adjusted engagement |
| Coordinated KOL campaigns | Timing correlation + independence test | KOL quality adjustment |
| Fake holder growth | Sybil detection (star topology) | True maker count |
The protocol's response to gaming is not to prevent it, but to treat it as a signal. When gaming is detected, inference confidence drops, bounds widen, or claims become INCONCLUSIVE. These are accurate reflections of increased uncertainty.
9.6 System-Level Risks
| Risk | Mitigation |
|---|---|
| Engine bug in evaluation logic | Versioning ensures historical results remain valid |
| Consensus failure among validators | Attestations are additive, not majority-vote |
| Chain reorganization | Finality requirements per chain; re-evaluation on reorg |
| Key compromise (validator) | Slashing, key rotation, multi-sig option |
| Data source manipulation | Multi-source verification, DexScreener + RPC cross-check |