Honest by design.
Seven risk categories every Layer 0 institutional reader needs surfaced. Named, characterised, mitigated where possible, accepted where not. No risk on this page is unique to VPAY Genesis — they are the risks of any RWA platform operating between physical commodity and on-chain settlement. We surface them publicly so an institutional or sovereign counterparty does not have to discover them in diligence.
Seven categories. Each named, each addressed.
A counterparty conducting diligence will probe these seven. We pre-empt the question by naming them ourselves.
Smart-contract risk
Despite extensive internal review and a 119-test Foundry suite with 256-run × 128k-call invariant fuzzing across the IP-class contracts (Kommit · Mate Masie), no external Tier-1 audit has yet been published. The smart-contract layer carries inherent execution risk until a published Tier-1 audit report (OpenZeppelin · Trail of Bits · Spearbit · ConsenSys Diligence) is in place.
• Source code public on GitHub (foundry-round2) · reproducible builds
• Bug-bounty programme activated alongside audit publication
• CircuitBreaker contract provides global + per-node pause capability under Safe admin
Oracle risk
$SOV reference pricing depends on the Chainlink XAU/USD feed. Oracle outage, deviation beyond threshold, or feed manipulation could affect mint denomination accuracy and lending ratio computations. Pre-attestation pilot has no live oracle dependency, but production attestation will.
• Deviation threshold 0.5% triggers attestation halt + CircuitBreaker activation
• Attestation-time price-lock prevents post-attestation oracle drift from affecting mint
• Multi-oracle backup engagement planned (Pyth · API3) for Q4 2026
Custodial risk
Physical metal is under EcoVent operational custody pending engagement with a third-party gold custodian (Brink's · Loomis · G4S · Malca-Amit class). Dual-control vault protocols mitigate but do not eliminate operational risk. Founder-key custody remains a structural concern in the pre-third-party-custodian period.
• Dual-control access (operator + supervisor) required for vault entry
• Third-party custodian engagement in progress · target Q3 2026
• Insurance carrier (Lloyd's syndicate) engagement parallel to custody arrangement
• Vesting closes founder-key custody risk on the token side ($SOV minus 50 SOV operational carve-out is irrevocably locked)
Regulatory risk
Tokenised RWA operates in an evolving regulatory landscape across jurisdictions. Ghana Gold Board Act 2025 provides domestic statutory anchor; EU MiCA, US SEC RWA framework, MAS DPT, and other jurisdictional regimes are in active engagement. Adverse regulatory developments — particularly around securities classification of $SOV — could materially affect operations.
• CCO of record (Ibilola Macaulay) — direct regulator contact
• Legal opinion in preparation (counsel selection underway)
• Sandbox-class engagement with named regulators for ongoing dialogue
• $SOV positioned as asset-referenced commodity-backed instrument — not unregistered security
Redemption gating
Physical redemption is subject to KYC verification, regulatory permission, queue depth, and operational throughput. In high-volume redemption scenarios (e.g. macro stress event), redemption queues may extend beyond the standard SLA window. Force-majeure clauses may apply during regulatory or supervisory events.
• Public queue depth surfacing at /protocol/transparency (Q3 2026)
• Standard SLA window: 5 business days from verified request
• Pro-rata gating in stress scenarios — first-in-first-out queue with priority for institutional counterparties under contract
• Force-majeure clauses surfaced in Terms of Service (under counsel review)
Counterparty / sanctions risk
Cross-border tokenised commodity settlement carries elevated counterparty and sanctions screening risk. AML/KYC controls and OFAC screening at every counterparty boundary are required by FATF guidance and US/EU sanctions regimes. Failure modes include sanctioned-party transactions, structured transactions to evade reporting, and trade-based money laundering vectors.
• Tiered KYC programme · institutional and citizen tiers · documented in /compliance
• Suspicious-activity monitoring via integrated AML provider · regulator-grade reporting
• Transfer agent layer (planned · Securitize / Tokeny class) adds additional control for US institutional counterparties
Operational / key-management risk
Founder-concentrated key custody and single-machine operational dependencies represent operational risk. Hardware failure, founder unavailability, or operational discontinuity could affect attestation cadence and protocol response time. This risk is structural to founder-led pre-Series-A operations and is addressed through the team-build and custody-migration roadmap.
• Hire #1 (full-time engineering second) — Q3 2026 target
• Hardware key migration off Mac into HSM-class signer — Q3 2026 target
• Git-tracked operational documentation (CLAUDE.md migration to encrypted repo)
• Backup signatory queued for 2-of-2 → 2-of-3 (third signatory) Safe migration
What this document does and does not constitute.
This risk disclosure is provided for informational purposes only. It does not constitute investment advice, legal advice, tax advice, or a recommendation to buy, sell, or hold any digital asset, tokenised commodity, or financial instrument. The risks described are not exhaustive; additional risks may exist that are not currently identified.
For institutional counterparties: a more detailed risk policy, including jurisdictional-specific risk analyses, is available under NDA via the diligence pack request. Institutional engagement requires execution of the standard EcoVent Institutional Diligence Agreement before access to non-public risk documentation.
For citizen users: any tokenised commodity carries risk of partial or total loss. Save only what you can afford to lose. Read the compliance framework before engaging. Physical redemption is subject to verification, fee, and timeline disclosures provided at the point of purchase.
Last updated: 2026-05-17 · Version 1.0 · Maintained by Office of the CCO · EcoVent Africa Limited