Skip to content
Logo

Risk and Stress

Lucent is designed so solvency and peg pressure are handled by permissionless economic mechanisms first, not by discretionary team intervention.

XLM Volatility

When XLM price falls, Troves can cross the minimum collateral ratio. Troves at or below MCR are permissionlessly liquidatable. The liquidation waterfall absorbs the position through JIT liquidation, Stability Pool offset, and redistribution.

The key requirement is that the oracle adapter remains fresh and sane. If oracle validity fails, minting pauses instead of allowing unsafe new debt.

Stability Pool Drained

An empty or insufficient Stability Pool is not by itself a solvency event.

If the pool cannot fully offset a liquidation, JIT liquidation can source starUSD on demand. If that is unavailable or uneconomic, redistribution allocates remaining debt and collateral to active Troves while preserving protocol accounting.

Redemption Stress

Liquity-style redemptions are stabilizing. A redeemer exchanges starUSD for hard collateral, reducing circulating starUSD supply and repaying debt from the lowest-rate Troves.

This is different from a reflexive design that prints a volatile governance token. No separate token is minted to defend the peg.

Redemption stress should self-extinguish as starUSD returns toward parity and low-rate debt is cleared.

Oracle or Infrastructure Failure

Oracle failure is the main case that requires operational response. The system should fail safe:

  • Freshness and sanity checks pause minting immediately.
  • Existing positions can still close.
  • Liquidations and redemptions remain available when safe price rules allow.
  • The team restores oracle config through governed/security procedures.
  • Minting resumes only after valid price conditions return.

During the pause, no discretionary solvency call should be required.

Shutdown

Branch shutdown stops new debt and normal adjustments. It keeps solvency-preserving paths available: repayment, closes, liquidations, Stability Pool actions, and urgent redemptions.

External Monitoring

Lucent should monitor exploit patterns, admin and multisig activity, oracle anomalies, treasury risk, and upgrade proposals through internal systems and an external provider such as Hypernative or an equivalent service.