White Paper (English)

Potential risks and ways to minimize their consequences

If anything can go wrong it will go wrong.

Murphy's Law

Venture capital investment involves many different risks, but modernity provides many effective ways to hedge them, and in some cases completely prevent negative consequences. The table presents the main risks of the Open Galaxy DAO, their sources and treatment / prevention measures.

Change of Project priorities

Risk type (external / internal): internal Risk owner: project team Consequences of a hazardous event (I): 2 The probability of a HE (L): 0,5 Risk assessment (I × L): 1

Proposed risk treatment arrangements:

  • general meeting of the team to determine the best methods for the required changes, clarification of the calendar and financial plan

  • identification and active use of various operational indicators to prevent abrupt transformations of the Project priorities

Changes in the requirements for the Project

Risk type (external / internal): internal Risk owner: investors, project team Consequences of a hazardous event (I): 1 The probability of a HE (L): 0,2 Risk assessment (I × L): 0,2

Proposed risk treatment arrangements:

  • identification of new most promising areas, setting new goals and determining the best

  • methods to achieve themgeneral meeting of the team to determine the methods, clarification of the calendar and financial plan

Lack of team engagement

Risk type (external / internal): internal Risk owner: СЕО, HR Consequences of a hazardous event (I): 3 The probability of a HE (L): 1 Risk assessment (I × L): 3

Proposed risk treatment arrangements:

  • conducting team building events

  • options as a reward system for employees

Insufficient communication between the stakeholders of the Project

Risk type (external / internal): internal Risk owner: COO, PR Consequences of a hazardous event (I): 3 The probability of a HE (L): 1,5 Risk assessment (I × L): 4,5

Proposed risk treatment arrangements:

  • creation and regular updating of several information channels (website, telegram channel, instagram, Facebook, VK, twitter, etc.)

  • the contacts of the head of the press service are published in the public domain, and most of the communication is carried out through it in accordance with the adopted media policy

  • to organize and maintain a channel of direct communication between users and creators of the Project (for example, monthly direct lines with the management on YouTube)

Poor project documentation

Risk type (external / internal): internal Risk owner: CTO, legal Consequences of a hazardous event (I): 2 The probability of a HE (L): 2 Risk assessment (I × L): 4

Proposed risk treatment arrangements:

  • independent audit of legal agreements

  • conducting regular audits of technical documentation and licensed code purity

  • allocation of a structural unit for design and documentation

Illness (dismissal, death) of a key Project employee

Risk type (external / internal): internal Risk owner: CEO, HR Consequences of a hazardous event (I): 4 The probability of a HE (L): 3 Risk assessment (I × L): 12

Proposed risk treatment arrangements:

  • maintaining code repositories with specific access policies

  • allocation of funds from the force majeure fund to compensate the consequences for the employee and his relatives

  • maintaining project documentation in accordance with accepted standards

  • creation and implementation of a policy of daily backup of key project information and preservation of hard copies

  • HR activities to avoid bus-factor <2

Lagging behind the schedule of the Project

Risk type (external / internal): internal Risk owner: CEO, COO Consequences of a hazardous event (I): 2 The probability of a HE (L): 2,5 Risk assessment (I × L): 5

Proposed risk treatment arrangements:

  • identifying the causes of delays, identifying needs to eliminate them

  • bonuses for overtime work of employees

  • allocation of funds from the force majeure fund for hiring additional personnel

Project infrastructure design error

Risk type (external / internal): internal Risk owner: project team Consequences of a hazardous event (I): 3 The probability of a HE (L): 0,1 Risk assessment (I × L): 0,3

Proposed risk treatment arrangements:

  • Independent expertise of the Project infrastructure from rock-star experts

Error in the program code of smart contracts of the Project

Risk type (external / internal): internal Risk owner: CTO Consequences of a hazardous event (I): 3 The probability of a HE (L): 0,2 Risk assessment (I × L): 0,6

Proposed risk treatment arrangements:

  • independent external double audit of the skin of smart contracts released in prod

  • error risk insurance with help of DeFi

  • bug-bounty program

Error in the program code of the Project website / marketplace

Risk type (external / internal): internal Risk owner: CTO Consequences of a hazardous event (I): 2 The probability of a HE (L): 0,2 Risk assessment (I × L): 0,4

Proposed risk treatment arrangements:

  • independent audit of the program code of the site and marketplace

  • error risk insurance through DeFi

  • bug-bounty program

Technical failure, crash of the Project website / marketplace

Risk type (external / internal): internal Risk owner: CTO Consequences of a hazardous event (I): 2 The probability of a HE (L): 0,1 Risk assessment (I × L): 0,2

Proposed risk treatment arrangements:

  • SLA with clearly defined procedures and fixed in contractual documents

  • creation and implementation of a policy of daily backup of key project information and preservation of hard copies

  • error risk insurance with help of DeFi

  • risk insurance in conventional insurance

Bankruptcy (or exit scam) of a partner exchange

Risk type (external / internal): external Risk owner: COO, legal Consequences of a hazardous event (I): 3 The probability of a HE (L): 0,5 Risk assessment (I × L): 1,5

Proposed risk treatment arrangements:

  • careful study of partner documentation, formalization of risks and responsibilities

  • risk insurance with help of DeFi

Technical failure, accident at the partner exchange

Risk type (external / internal): external Risk owner: COO Consequences of a hazardous event (I): 3 The probability of a HE (L): 1 Risk assessment (I × L): 3

Proposed risk treatment arrangements:

  • SLA with clearly defined procedures and fixed in contractual documents

Targeted financial attack (manipulation of the price of the Project's management token)

Risk type (external / internal): external Risk owner: CEO, COO Consequences of a hazardous event (I): 3 The probability of a HE (L): 3 Risk assessment (I × L): 9

Proposed risk treatment arrangements:

  • clearly defined procedures and procedures for employees in case of force majeure situations

Lack of industry experts for some projects placed on the marketplace

Risk type (external / internal): internal Risk owner: CEO, COO, HR Consequences of a hazardous event (I): 2 The probability of a HE (L): 4 Risk assessment (I × L): 8

Proposed risk treatment arrangements:

  • preliminary internal examination does not allow the project to be peer reviewed in the absence of a quorum of experts in the direction declared in the project

Poor expertise of projects placed on the marketplace

Risk type (external / internal): internal Risk owner: COO, HR Consequences of a hazardous event (I): 2 The probability of a HE (L): 3 Risk assessment (I × L): 6

Proposed risk treatment arrangements:

  • regular analysis (of all parameters) of startups and adjustment of their assessment models

  • parametric assessment of startup risks (according to IC standards)

  • investment risk insurance with help of DeFi

Lack of guarantees for reimbursement of losses of the clients of the Project

Risk type (external / internal): internal Risk owner: COO, PR Consequences of a hazardous event (I): 2 The probability of a HE (L): 4 Risk assessment (I × L): 8

Proposed risk treatment arrangements:

  • legally justified disclaimer of guarantees for anonymous customers

  • legally justified KYC / AML procedures for clients from certain jurisdictions or refusal to service them

  • risk insurance with help of DeFi

Lack of regulatory framework for the Project in most jurisdictions

Risk type (external / internal): external Risk owner: CEO, legal Consequences of a hazardous event (I): 3 The probability of a HE (L): 2 Risk assessment (I × L): 6

Proposed risk treatment arrangements:

  • the use of the DAO form allows you not to limit the activities of the Platform to any jurisdiction and compliance with any rules and regulations, except for your own, published on the Platform's website and voluntarily accepted by any user of the Platform to interact with it

Current legal uncertainty in the regulation of cryptocurrencies / virtual assets (in the future, it is possible to ban transactions with them)

Risk type (external / internal): external Risk owner: CEO, legal Consequences of a hazardous event (I): 3 The probability of a HE (L): 2 Risk assessment (I × L): 6

Proposed risk treatment arrangements:

  • the platform, in fact, is a decentralized application, exists in the blockchains ETH, BSC, Polygon, etc., accordingly, the risk of imposing any responsibility for the use of this system is transferred to the end user

High volatility of major cryptocurrencies

Risk type (external / internal): external Risk owner: CEO, COO Consequences of a hazardous event (I): 2 The probability of a HE (L): 4 Risk assessment (I × L): 8

Proposed risk treatment arrangements:

  • using both DeFi / P2P and CeFi liquidity mechanisms (through partnership agreements with exchanges)

using both DeFi / P2P and CeFi liquidity mechanisms (through partnership agreements with exchanges)

Hacker attack

Risk type (external / internal): external Risk owner: CTO, COO Consequences of a hazardous event (I): 3 The probability of a HE (L): 3 Risk assessment (I × L): 9

Proposed risk treatment arrangements:

  • SLA with clearly defined procedures and fixed in contractual documents

  • clearly defined procedures and procedures for employees in case of force majeure situations

Raider attack

Risk type (external / internal): external Risk owner: CEO, COO, legal Consequences of a hazardous event (I): 2 The probability of a HE (L): 1 Risk assessment (I × L): 2

Proposed risk treatment arrangements:

  • measures that make non-collegial decisions in the Project impossible (for example, the use of multisignature to initiate a number of financial actions)

  • clearly defined procedures and procedures for employees in case of force majeure situations

Prohibition of activity in certain jurisdictions due to the lack of standard KYC / AML procedures

Risk type (external / internal): external Risk owner: CEO, legal Consequences of a hazardous event (I): 3 The probability of a HE (L): 2 Risk assessment (I × L): 6

Proposed risk treatment arrangements:

  • due to the fact that the platform is a dapp, we can carry out these procedures in case of our own interest. In all other cases, all responsibility is transferred to the end user

Difficulty (impossibility) of bringing unscrupulous counterparties to justice

Risk type (external / internal): external Risk owner: CEO, legal Consequences of a hazardous event (I): 3 The probability of a HE (L): 2 Risk assessment (I × L): 6

Proposed risk treatment arrangements:

  • creation of a security service (or outsourcing services to a world famous brand)

  • multisignature procedure for all financial transactions in DAO and in projects where an independent auditor plays one of the roles

Incorrect dismissal of a key employee of the Project team

Risk type (external / internal): internal Risk owner: CEO, COO, HR Consequences of a hazardous event (I): 2 The probability of a HE (L): 0,5 Risk assessment (I × L): 1

Proposed risk treatment arrangements:

  • changing the termination procedures based on the experience gained

  • allocation of funds from the force majeure fund to compensate for the consequences

Leakage (for example, as a result of theft of a medium) of information with limited access

Risk type (external / internal): external Risk owner: CEO, COO, HR Consequences of a hazardous event (I): 3 The probability of a HE (L): 0,1 Risk assessment (I × L): 0,3

Proposed risk treatment arrangements:

  • carrying out measures to prevent such cases in the future (prohibition on the use of personal equipment in the office, tightening control over access to key data, etc.)

Scandal related to unethical behavior of key persons of the Project

Risk type (external / internal): external Risk owner: CEO, HR Consequences of a hazardous event (I): 3 The probability of a HE (L): 0,1 Risk assessment (I × L): 0,3

Proposed risk treatment arrangements:

  • allocation of funds from the force majeure fund to compensate for the consequences

A solar flare with disastrous consequences for communications

Risk type (external / internal): external Risk owner: project team Consequences of a hazardous event (I): 5 The probability of a HE (L): 0,001| Risk assessment (I × L): 0,005

Proposed risk treatment arrangements:

  • creation and implementation of a policy of daily backup of key project information and preservation of hard copies

  • refusal to further implement the project, delivering information to users about the decision as far as possible

Natural disaster, catastrophe of a planetary scale

Risk type (external / internal): external Risk owner: project team Consequences of a hazardous event (I): 5 The probability of a HE (L): 0,001 Risk assessment (I × L): 0,005

Proposed risk treatment arrangements:

  • creation and implementation of a policy of daily backup of key project information and preservation of hard copies

  • refusal to further implement the project, delivering information to users about the decision as far as possible

PreviousGLXY TokenomicsNextProject roadmap

Last updated