@ballkidz/defifa 0.0.1

package/CRYPTO_ECON.tex

@@ -0,0 +1,800 @@
+\documentclass[11pt,a4paper]{article}
+
+\usepackage[utf8]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage{lmodern}
+\usepackage{amsmath,amssymb,amsthm}
+\usepackage{graphicx}
+\usepackage{hyperref}
+\usepackage{geometry}
+\usepackage{booktabs}
+\usepackage{enumitem}
+\usepackage{float}
+\usepackage{xcolor}
+
+\geometry{margin=1in}
+\emergencystretch=1.5em
+
+\hypersetup{
+    colorlinks=true,
+    linkcolor=blue!70!black,
+    urlcolor=blue!70!black,
+    citecolor=blue!70!black
+}
+
+\newtheorem{theorem}{Theorem}
+\newtheorem{corollary}[theorem]{Corollary}
+\newtheorem{definition}{Definition}
+
+\title{\textbf{Cryptoeconomics of Defifa}}
+\author{Claude Opus 4.6 (Anthropic) in coordination with Jango from the Defifa Team.\\[4pt]
+\small This analysis was generated by Claude Opus 4.6 based on its study of the Defifa V5 codebase\\
+\small and the \href{https://cryptoeconlab.com/paper/pub-0?paper=https\%253A\%252F\%252Fstorage.googleapis.com\%252Fcel-public-resources\%252FRevnet-Whitepaper.pdf}{Revnet Whitepaper} by CryptoEconLab.}
+\date{March 2026}
+
+\begin{document}
+
+\maketitle
+
+\begin{abstract}
+Defifa is a prediction-game protocol built on Juicebox V5 that transforms NFT minting into a parimutuel wagering mechanism with governance-ratified outcomes. Players purchase ERC-721 game pieces representing competing tiers (teams, candidates, outcomes), forming a shared treasury. After the event concludes, a decentralized attestation process ratifies a scorecard that assigns weights to each tier, redistributing the treasury proportionally. This paper formalizes the cryptoeconomic mechanics of Defifa games: the prize distribution formula, the attestation governance model, the fee extraction pipeline, the protocol-token incentive layer, and the rational actor strategies that emerge. We derive solvency guarantees, characterize equilibrium behavior under various participation profiles, analyze the game-theoretic properties of the scorecard ratification process, and identify the parameter regimes that maximize game integrity and participant welfare.
+\end{abstract}
+
+\tableofcontents
+\newpage
+
+%==========================================================================
+\section{Introduction}
+%==========================================================================
+
+\subsection{What is Defifa?}
+
+Defifa is a prediction-game protocol that transforms the act of purchasing an NFT into a wager on the outcome of a real-world event. It is deployed using the Juicebox V5 protocol and governed by a combination of immutable smart-contract rules and a minimal, time-bounded governance process for outcome resolution.
+
+A Defifa game is a \emph{tokenized parimutuel pool}: money goes in via NFT purchases, forming a shared pot; after the event concludes, a governance process assigns weights to each tier (team, outcome, candidate), and the pot is distributed proportionally. The game pieces are ERC-721 tokens organized into tiers, where each tier represents a distinct prediction. The purchase price of a tier token is fixed at game creation, and the payout is determined by post-event scorecard ratification.
+
+Defifa games are:
+\begin{itemize}[nosep]
+    \item \textbf{Deterministic in structure}: all phases, durations, tier prices, and fee schedules are fixed at deployment.
+    \item \textbf{Governance-minimal}: the only human input is the scorecard---a mapping from tiers to weights---ratified through an attestation process.
+    \item \textbf{Self-custodial}: all funds remain in the Juicebox treasury; no operator can access them outside the protocol rules.
+    \item \textbf{Composable}: games are standard Juicebox projects, inheriting the full protocol's accounting, terminal, and hook infrastructure.
+\end{itemize}
+
+\subsection{How a Defifa Game Works (at a glance)}
+
+\begin{enumerate}[nosep]
+    \item \textbf{Mint (pot formation).} During the mint phase, anyone can purchase NFTs representing tiers. Each NFT has a fixed price denominated in the game's base asset (e.g., ETH). All payments flow into a shared treasury---the \emph{pot}. Players may delegate their attestation power to a chosen delegate at mint time.
+
+    \item \textbf{Refund (optional exit window).} If configured, a refund phase follows minting. During this period, players may burn their NFTs to reclaim the original mint price, allowing a risk-free exit for those who change their minds. No new mints are accepted.
+
+    \item \textbf{Score (outcome resolution).} Once the real-world event concludes, anyone may propose a \emph{scorecard}---a vector of weights summing to $W_{\text{total}} = 10^{18}$---assigning each tier its share of the pot. NFT holders attest to the scorecard they believe reflects the correct outcome. Once a scorecard achieves quorum, it can be ratified.
+
+    \item \textbf{Complete (prize distribution).} After ratification, protocol fees are extracted, and the remaining pot is available for claims. Each NFT holder burns their token to receive their proportional share, plus any accrued protocol tokens (\$DEFIFA and \$BASE\_\allowbreak{}PROTOCOL).
+\end{enumerate}
+
+\subsection{The Design Parameters}
+
+A Defifa game is fully specified at deployment by a parameter tuple:
+\begin{equation}
+\mathcal{G} = \left( \{T_i\}_{i=1}^{N}, \; t_{\text{mint}}, \; t_{\text{refund}}, \; t_{\text{start}}, \; \phi_{\text{defifa}}, \; \phi_{\text{base}}, \; \mathcal{S}, \; \tau_{\text{attest}}, \; \tau_{\text{grace}} \right)
+\end{equation}
+
+Where:
+\begin{enumerate}[nosep]
+    \item \textbf{Tier configuration} $\{T_i\}_{i=1}^{N}$: For each of the $N$ tiers, a fixed price $p_i$, an optional reserved rate $\rho_i$, and a reserved-token beneficiary address. The initial supply per tier is set to $999{,}999{,}999$ (effectively unlimited).
+
+    \item \textbf{Mint period duration} ($t_{\text{mint}}$): How long the minting window stays open, in seconds.
+
+    \item \textbf{Refund period duration} ($t_{\text{refund}}$): How long the refund window stays open after minting closes. May be zero (no refund phase).
+
+    \item \textbf{Game start time} ($t_{\text{start}}$): When the scoring phase begins---typically aligned with the real-world event's conclusion.
+
+    \item \textbf{Defifa fee divisor} ($\phi_{\text{defifa}}$): The fraction $1/\phi_{\text{defifa}}$ of the pot sent to the Defifa protocol project. Default: $\phi_{\text{defifa}} = 20$ (5\%).
+
+    \item \textbf{Base protocol fee divisor} ($\phi_{\text{base}}$): The fraction $1/\phi_{\text{base}}$ of the pot sent to the base protocol project. Default: $\phi_{\text{base}} = 20$ (5\%).
+
+    \item \textbf{Splits} ($\mathcal{S}$): Additional payout splits configured at deployment (e.g., for game organizers, charities).
+
+    \item \textbf{Attestation start time} ($\tau_{\text{attest}}$): Delay before attestation voting opens on a submitted scorecard.
+
+    \item \textbf{Attestation grace period} ($\tau_{\text{grace}}$): Duration of the attestation voting window.
+\end{enumerate}
+
+Once set, the tuple $\mathcal{G}$ is immutable. Phase transitions occur automatically by timestamp, with the scoring phase having infinite duration (duration $= 0$) until the scorecard is ratified.
+
+%==========================================================================
+\section{Mathematical Model of Defifa Economics}
+%==========================================================================
+
+\subsection{Parameters and State Variables}
+
+The economic behavior of a Defifa game is determined jointly by:
+\begin{enumerate}[nosep]
+    \item The immutable game parameters $\mathcal{G}$ (cf.\ Section 1.3), fixed at deployment;
+    \item The evolving state variables, which track the pot, token supplies, and claim status over time.
+\end{enumerate}
+
+\textbf{State variables.} The core dynamic variables are listed in Table~\ref{tab:state}.
+
+\begin{table}[H]
+\centering
+\begin{tabular}{ll}
+\toprule
+\textbf{Variable} & \textbf{Description} \\
+\midrule
+$B(t)$ & Pot (treasury balance) at time $t$ \\
+$n_i(t)$ & Number of NFTs minted in tier $i$ at time $t$ \\
+$N_{\text{total}}(t)$ & Total NFTs outstanding: $\sum_i n_i(t)$ \\
+$M(t)$ & Total mint cost accumulated: $\sum_i n_i(t) \cdot p_i$ \\
+$w_i$ & Scorecard weight assigned to tier $i$ ($\sum_i w_i = W_{\text{total}}$) \\
+$d_i(t)$ & Tokens redeemed from tier $i$ after ratification \\
+$B_{\text{prize}}$ & Net prize pool after fee extraction \\
+\bottomrule
+\end{tabular}
+\caption{Core state variables of a Defifa game.}
+\label{tab:state}
+\end{table}
+
+At any time $t$, the state of the game is fully determined by the pair
+$\bigl(\mathcal{G}, \; \{B(t), n_i(t), w_i, d_i(t)\}\bigr)$,
+where $\mathcal{G}$ is the fixed game configuration and the second component evolves endogenously as players interact.
+
+\subsection{Minting --- Pot Formation}
+
+During the mint phase $[t_{\text{mint\_start}},\; t_{\text{mint\_start}} + t_{\text{mint}})$, any participant may purchase NFTs from any tier $i$ at the fixed price $p_i$ per token.
+
+\textbf{Minted quantity.} For a payment amount $x$ of base asset directed at tier $i$:
+\begin{equation}
+q_i = \left\lfloor \frac{x}{p_i} \right\rfloor
+\end{equation}
+
+\textbf{Reserved minting.} If tier $i$ has a reserved rate $\rho_i > 0$, then for every $\rho_i$ tokens minted by paying players, one additional token is minted to the reserved-token beneficiary. Reserved tokens are \emph{not} paid for, but their cost is counted toward $M(t)$ for purposes of protocol-token distribution (cf.\ Section~2.6).
+
+\textbf{State updates.} At the instant of a mint event where player $j$ purchases $q$ tokens of tier $i$:
+\begin{align}
+B(t^+) &= B(t^-) + q \cdot p_i \tag{Treasury balance} \\
+n_i(t^+) &= n_i(t^-) + q \tag{Tier supply} \\
+M(t^+) &= M(t^-) + q \cdot p_i \tag{Total mint cost}
+\end{align}
+
+\textbf{Pot composition.} At the end of the mint phase, the pot is:
+\begin{equation}
+B_{\text{mint}} = \sum_{i=1}^{N} n_i \cdot p_i
+\end{equation}
+
+This is the total capital at risk in the game, and represents the complete prize pool before fee extraction.
+
+\subsection{Refund --- Optionality Window}
+
+If $t_{\text{refund}} > 0$, a refund phase follows minting. During $[t_{\text{mint\_end}},\; t_{\text{mint\_end}} + t_{\text{refund}})$:
+\begin{itemize}[nosep]
+    \item No new mints are accepted (\texttt{pausePay} $=$ \texttt{true}).
+    \item Any NFT holder may burn their token to reclaim its mint price.
+\end{itemize}
+
+\textbf{Refund mechanics.} A player burning $q$ tokens of tier $i$ receives exactly $q \cdot p_i$ base asset from the treasury:
+\begin{equation}
+R_{\text{refund}} = q \cdot p_i
+\end{equation}
+
+\textbf{State updates.} After a refund:
+\begin{align}
+B(t^+) &= B(t^-) - q \cdot p_i \\
+n_i(t^+) &= n_i(t^-) - q \\
+M(t^+) &= M(t^-) - q \cdot p_i
+\end{align}
+
+The refund phase creates a \emph{free option} for participants: they can observe late-breaking information (injury reports, market movements, team changes) and exit at zero cost.
+
+\textbf{Key property.} The refund is dollar-for-dollar: every token refunded removes exactly its mint price from the pot, preserving the per-NFT backing ratio $B(t) / N_{\text{total}}(t)$ for uniform-priced games.
+
+\subsection{Prize Distribution --- The Scorecard Formula}
+
+After the real-world event concludes and a scorecard is ratified, the game enters the COMPLETE phase.
+
+\textbf{The scorecard.} A scorecard is a vector of weights $\mathbf{w} = (w_1, w_2, \ldots, w_N)$ satisfying:
+\begin{equation}
+\sum_{i=1}^{N} w_i = W_{\text{total}} = 10^{18}
+\end{equation}
+
+Each $w_i \in [0, W_{\text{total}}]$ represents the fraction of the prize pool allocated to tier $i$'s holders.
+
+\textbf{Per-token weight.} The weight assigned to a single NFT in tier $i$ is:
+\begin{equation}
+w_i^{\text{token}} = \frac{w_i}{\hat{n}_i}
+\end{equation}
+
+where $\hat{n}_i$ is the \emph{effective} number of tokens eligible for redemption in tier $i$ at the time the scorecard is ratified:
+\begin{equation}
+\hat{n}_i = n_i^{\text{minted}} - n_i^{\text{remaining}} - (n_i^{\text{burned}} - d_i)
+\end{equation}
+
+Here $n_i^{\text{minted}}$ is the initial supply, $n_i^{\text{remaining}}$ is the unminted supply, $n_i^{\text{burned}}$ is the total burned count, and $d_i$ is the number of tokens redeemed \emph{in the complete phase specifically}. This formula ensures that as tokens are redeemed in the complete phase, the denominator adjusts to maintain fair distribution for remaining holders.
+
+\textbf{Cash-out value.} When a player burns a set of token IDs $\{k_1, k_2, \ldots, k_m\}$, the total claim is:
+\begin{equation}
+\boxed{C(\{k_j\}) = \frac{\displaystyle\sum_{j=1}^{m} w_{i(k_j)}^{\text{token}}}{W_{\text{total}}} \cdot \bigl(B_{\text{prize}} + A_{\text{redeemed}}\bigr)}
+\label{eq:cashout}
+\end{equation}
+
+where $i(k_j)$ is the tier of token $k_j$, $B_{\text{prize}}$ is the current treasury balance (post-fee), and $A_{\text{redeemed}}$ is the cumulative amount already redeemed by prior players.
+
+The term $(B_{\text{prize}} + A_{\text{redeemed}})$ reconstructs the \emph{original} post-fee pot, ensuring that the order of redemptions does not affect the payout per token. This is a critical design property: it makes Defifa a \emph{path-independent} mechanism.
+
+\textbf{Special cases:}
+\begin{itemize}[nosep]
+    \item \textbf{Winner-take-all:} $w_j = W_{\text{total}}$ for a single tier $j$, all others zero.
+    \item \textbf{Proportional split:} $w_i = W_{\text{total}} \cdot n_i / N_{\text{total}}$, weights by participation count.
+    \item \textbf{No contest (by convention):} All $w_i$ set proportionally to return mint prices, effectively implementing a full refund through the standard scorecard mechanism.
+\end{itemize}
+
+\subsection{Fee Extraction Pipeline}
+
+Before prize distribution begins, the Deployer contract extracts protocol fees by calling \texttt{fulfill\-Commitments\-Of}. This triggers a \texttt{send\-Payouts\-Of} call on the terminal, distributing the pot according to the scoring-phase splits.
+
+\textbf{Split structure.} The splits configured at game launch allocate the pot as follows:
+\begin{enumerate}[nosep]
+    \item \textbf{Base protocol fee:} $1/\phi_{\text{base}}$ of the pot to the base protocol project (default: 5\%)
+    \item \textbf{Defifa fee:} $1/\phi_{\text{defifa}}$ of the pot to the Defifa project (default: 5\%)
+    \item \textbf{Custom splits} ($\mathcal{S}$): Any additional game-creator-defined splits
+    \item \textbf{Remainder:} Returned to the game's treasury via \texttt{addToBalanceOf}
+\end{enumerate}
+
+\textbf{Fee formulas.} Let $B_{\text{pot}}$ be the treasury balance at commitment fulfillment:
+\begin{align}
+F_{\text{base}} &= \frac{B_{\text{pot}}}{\phi_{\text{base}}} \\[4pt]
+F_{\text{defifa}} &= \frac{B_{\text{pot}}}{\phi_{\text{defifa}}} \\[4pt]
+F_{\text{custom}} &= \sum_{s \in \mathcal{S}} \frac{B_{\text{pot}} \cdot \text{percent}_s}{\text{SPLITS\_TOTAL\_PERCENT}}
+\end{align}
+
+The prize pool available for player claims is:
+\begin{equation}
+\boxed{B_{\text{prize}} = B_{\text{pot}} - F_{\text{base}} - F_{\text{defifa}} - F_{\text{custom}}}
+\end{equation}
+
+With default parameters ($\phi_{\text{base}} = \phi_{\text{defifa}} = 20$, no custom splits):
+\begin{equation}
+B_{\text{prize}} = B_{\text{pot}} \cdot \left(1 - \tfrac{1}{20} - \tfrac{1}{20}\right) = 0.9 \cdot B_{\text{pot}}
+\end{equation}
+
+\textbf{Fee recycling.} The fees paid to the Defifa and base protocol projects are processed as standard Juicebox payments, which mint project tokens (\$DEFIFA, \$BASE\_PROTOCOL) to the beneficiary---in this case, the game's hook contract. These tokens are later distributed to players upon claim (Section~2.6).
+
+\subsection{Protocol Token Allocation}
+
+When fees are paid to the Defifa and base protocol projects, those projects mint their respective tokens to the game hook's address. The hook contract accumulates these tokens and distributes them proportionally when players burn their NFTs in the COMPLETE phase.
+
+\textbf{Token allocation per player.} For a player burning tokens with cumulative mint cost $c$:
+\begin{align}
+X_{\text{defifa}} &= \frac{c}{M} \cdot D_{\text{total}} \\[4pt]
+X_{\text{base}} &= \frac{c}{M} \cdot P_{\text{total}}
+\end{align}
+
+where $M$ is the total mint cost of all tokens ever minted, $D_{\text{total}}$ is the total \$DEFIFA tokens held by the hook, and $P_{\text{total}}$ is the total \$BASE\_PROTOCOL tokens held by the hook.
+
+\textbf{Key property.} Protocol token distribution is proportional to \emph{original mint cost}, not to scorecard weight. This means that even holders of losing tiers ($w_i = 0$) receive protocol tokens when burning their NFTs, creating a partial consolation mechanism that rewards participation regardless of outcome.
+
+%==========================================================================
+\section{Attestation Governance and Scorecard Ratification}
+%==========================================================================
+
+\subsection{Voting Power Model}
+
+The attestation mechanism uses a \emph{per-tier proportional representation} model rather than a simple one-token-one-vote system.
+
+\textbf{Attestation units.} Each tier $i$ carries a maximum attestation power of:
+\begin{equation}
+V_{\max} = 10^9 \quad \text{(MAX\_ATTESTATION\_POWER\_TIER)}
+\end{equation}
+
+This maximum is shared among all holders of tier $i$. A holder's attestation weight for tier $i$ is:
+\begin{equation}
+\boxed{v_i^{\text{holder}} = V_{\max} \cdot \frac{n_i^{\text{holder}}}{n_i^{\text{total}}}}
+\end{equation}
+
+where $n_i^{\text{holder}}$ is the number of tier-$i$ tokens delegated to (or held by) the attestor, and $n_i^{\text{total}}$ is the total minted supply of tier $i$ at the attestation snapshot timestamp.
+
+\textbf{Total attestation weight.} A holder's total attestation power across all tiers is:
+\begin{equation}
+v^{\text{holder}} = \sum_{i \,:\, n_i^{\text{holder}} > 0} V_{\max} \cdot \frac{n_i^{\text{holder}}}{n_i^{\text{total}}}
+\end{equation}
+
+\textbf{Checkpoint-based snapshots.} Attestation power is measured at a fixed historical timestamp (the scorecard's \texttt{attestationsBegin} time), using historical checkpoints. This prevents vote-buying attacks where an actor acquires tokens immediately before voting.
+
+\textbf{Delegation.} During the mint phase only, holders may delegate their attestation units to a chosen delegate address per tier. Delegation is per-tier, snapshot-locked, and mint-phase-only.
+
+\subsection{Quorum and Ratification Conditions}
+
+\textbf{Quorum calculation.} The quorum required for scorecard ratification is:
+\begin{equation}
+\boxed{Q = \frac{N_{\text{minted\_tiers}}}{2} \cdot V_{\max}}
+\end{equation}
+
+where $N_{\text{minted\_tiers}}$ is the number of tiers that have at least one minted token.
+
+\textbf{Example.} For a game with 4 tiers (all minted):
+$$Q = \frac{4}{2} \cdot 10^9 = 2 \times 10^9$$
+
+This requires the equivalent of 2 full tiers' worth of unanimous attestation---for instance, all holders of 2 tiers attesting, or 50\% of holders across all 4 tiers.
+
+\textbf{Ratification conditions.} A scorecard can be ratified when all three conditions are met:
+\begin{enumerate}[nosep]
+    \item The scorecard's grace period has expired,
+    \item The attestation count meets or exceeds quorum,
+    \item No other scorecard has been ratified for this game.
+\end{enumerate}
+
+\subsection{Scorecard Lifecycle}
+
+Each submitted scorecard passes through five states:
+
+\begin{table}[H]
+\centering
+\begin{tabular}{ll}
+\toprule
+\textbf{State} & \textbf{Condition} \\
+\midrule
+PENDING & \texttt{attestationsBegin} $>$ \texttt{block.timestamp} \\
+ACTIVE & \texttt{attestationsBegin} $\leq$ \texttt{now} $\leq$ \texttt{gracePeriodEnds} \\
+SUCCEEDED & Grace period expired AND attestations $\geq$ quorum \\
+DEFEATED & A different scorecard was ratified \\
+RATIFIED & This scorecard was ratified \\
+\bottomrule
+\end{tabular}
+\caption{Scorecard lifecycle states.}
+\end{table}
+
+Multiple scorecards may coexist in ACTIVE or SUCCEEDED state simultaneously, but only one can ever be ratified. This creates a competitive dynamic where multiple proposed outcomes compete for attestation support.
+
+\subsection{Resistance to Strategic Manipulation}
+
+The attestation model incorporates several defenses:
+
+\textbf{Defense 1: Per-tier cap.} No single tier's holders can contribute more than $V_{\max}$ attestation units, regardless of how many tokens they hold.
+
+\textbf{Defense 2: Checkpoint snapshots.} Attestation power is computed at a fixed historical timestamp. Acquiring tokens after the snapshot provides zero additional voting power.
+
+\textbf{Defense 3: Mint-phase-only delegation.} Delegation is locked after the mint phase, preventing last-minute delegation changes during the scoring phase.
+
+\textbf{Defense 4: 50\% quorum across tiers.} Requiring half of all minted tiers' worth of attestation power means no coalition controlling fewer than half the minted tiers can unilaterally ratify a fraudulent scorecard.
+
+\textbf{Remaining attack surface.} A coalition controlling sufficient attestation power across $\lceil N_{\text{minted}}/2 \rceil$ tiers can ratify an arbitrary scorecard. The critical insight is that attestation power within a tier is \emph{proportional to token holdings}, not absolute. An attacker holding 100\% of a tier's supply---even just 1 token---receives the full $V_{\text{max}} = 10^9$ attestation power for that tier.
+
+\textbf{Worst-case attack cost (heavily minted tiers).} When all tiers are well-populated, the attacker must acquire majority holdings in at least $\lceil N/2 \rceil$ tiers:
+\begin{equation}
+C_{\text{attack}}^{\text{worst}} \geq \sum_{i \in \text{majority set}} \left\lceil \frac{n_i + 1}{2} \right\rceil \cdot p_i
+\end{equation}
+
+\textbf{Best-case attack cost (sparse tiers).} When some tiers have zero or minimal mints, the attacker can buy 1 token in each unminted tier, becoming the sole holder and receiving full attestation power:
+\begin{equation}\label{eq:cheapattack}
+C_{\text{attack}}^{\text{best}} = \sum_{i \in \text{cheapest } \lceil N/2 \rceil \text{ unminted}} p_i
+\end{equation}
+
+This is potentially orders of magnitude cheaper. In a 32-tier game at 0.01~ETH where 16 tiers have zero mints, the attacker spends $16 \times 0.01 = 0.16$~ETH to meet quorum---regardless of pot size. \textbf{This is the most significant governance vulnerability identified} and is discussed further in Section~9.2.
+
+For the attack to be profitable, the attacker must redirect more than $C_{\text{attack}}$ in prize value:
+\begin{equation}
+B_{\text{prize}} > C_{\text{attack}} \cdot \frac{W_{\text{total}}}{\sum_{i \in \text{majority}} w_i^{\text{proposed}}}
+\end{equation}
+
+For the sparse-tier attack, this condition is almost always satisfied when the pot is nontrivial. Games with broad, uniform participation across all tiers are resistant; games with uneven participation are vulnerable.
+
+%==========================================================================
+\section{Price Dynamics and Value Flows}
+%==========================================================================
+
+\subsection{NFT Intrinsic Value During Minting}
+
+During the mint phase, the intrinsic value of a tier-$i$ NFT depends on the holder's subjective probability assessment.
+
+\textbf{Expected value at mint.} Let $\pi_i$ be a player's subjective probability that tier $i$ wins. The expected post-fee payout for one tier-$i$ NFT in a winner-take-all game is:
+\begin{equation}
+\mathbb{E}[V_i] = \pi_i \cdot \frac{B_{\text{prize}}}{n_i} + X_i^{\text{protocol}}
+\end{equation}
+
+A rational risk-neutral player mints tier $i$ when $\mathbb{E}[V_i] > p_i$, which requires:
+\begin{equation}
+\pi_i > \frac{p_i - X_i^{\text{protocol}}}{B_{\text{prize}} / n_i}
+\end{equation}
+
+This threshold probability decreases as the pot grows (more participants in other tiers create larger prizes) and increases as more tokens of tier $i$ are minted (diluting the per-token payout within the tier).
+
+\subsection{Post-Scorecard Valuation}
+
+After the scorecard is ratified and fees are extracted, each NFT has a deterministic value:
+\begin{equation}
+V_i^{\text{token}} = \frac{w_i}{\hat{n}_i \cdot W_{\text{total}}} \cdot (B_{\text{prize}} + A_{\text{redeemed}}) + V_i^{\text{protocol}}
+\end{equation}
+
+\textbf{Winning tier (full weight).} In a winner-take-all game with $w_j = W_{\text{total}}$:
+$$V_j^{\text{token}} = \frac{B_{\text{prize}} + A_{\text{redeemed}}}{\hat{n}_j} + V_j^{\text{protocol}}$$
+
+\textbf{Losing tier (zero weight).} When $w_i = 0$:
+$$V_i^{\text{token}} = V_i^{\text{protocol}}$$
+
+Losing-tier tokens have zero prize value but retain protocol-token value.
+
+\subsection{Secondary Market Implications}
+
+\textbf{Pre-ratification.} NFT value is driven by subjective outcome probabilities. Prices reflect the market's consensus probability-weighted expected payout, analogous to prediction-market shares.
+
+\textbf{Post-ratification.} NFT value is deterministic and publicly computable. Any secondary-market price deviating from the redemption value creates an arbitrage:
+\begin{itemize}[nosep]
+    \item If $P_{\text{market}} < V_i^{\text{token}}$: buy on the market, burn for profit.
+    \item If $P_{\text{market}} > V_i^{\text{token}}$: never occurs rationally (burn dominates holding).
+\end{itemize}
+
+Post-ratification secondary markets should converge immediately to redemption value, eliminating any residual price discovery.
+
+%==========================================================================
+\section{Rational Actor Analysis}
+%==========================================================================
+
+\subsection{Mint-Phase Strategy: Entry Timing}
+
+In a fixed-price game, there is no direct price advantage to minting early vs.\ late within the mint phase. However, strategic considerations arise.
+
+\textbf{Equilibrium.} In a Nash equilibrium of the minting game with risk-neutral players, each player mints the tier maximizing their expected payoff. Denoting by $\pi_i$ the true probability of tier $i$ winning and by $f_i = n_i \cdot p_i / B$ the fraction of the pot allocated to tier $i$:
+\begin{equation}
+\mathbb{E}[\text{return}_i] = \frac{\pi_i}{f_i} \cdot (1 - \phi) - 1
+\end{equation}
+
+where $\phi = 1/\phi_{\text{defifa}} + 1/\phi_{\text{base}} + \phi_{\text{custom}}$ is the total fee rate.
+
+In equilibrium, expected returns equalize across tiers: $\mathbb{E}[\text{return}_i] = \mathbb{E}[\text{return}_j]$ for all $i,j$ with non-zero minting, which implies:
+\begin{equation}
+\frac{\pi_i}{f_i} = \frac{\pi_j}{f_j} \quad \Rightarrow \quad f_i = \pi_i
+\end{equation}
+
+\textbf{Result.} In equilibrium, the fraction of the pot in each tier equals the market's consensus probability of that tier winning. This is the classical parimutuel result: the pot allocation \emph{reveals} the collective probability assessment.
+
+\subsection{Refund-Phase Strategy: Option Exercise}
+
+The refund phase creates a \emph{free put option} on each minted NFT, struck at the mint price.
+
+\textbf{Option value.} Let $V_i(t_{\text{refund\_end}})$ be the expected value of a tier-$i$ token at the end of the refund phase. The refund option has value:
+\begin{equation}
+O_i = \max\bigl(p_i - V_i(t_{\text{refund\_end}}),\; 0\bigr)
+\end{equation}
+
+A rational player exercises (refunds) when $V_i(t_{\text{refund\_end}}) < p_i$, which occurs when new information shifts the expected outcome against their chosen tier.
+
+The refund phase serves three purposes:
+\begin{enumerate}[nosep]
+    \item \textbf{Risk reduction}: allows players to participate speculatively with a guaranteed exit.
+    \item \textbf{Information revelation}: refund activity signals belief updates.
+    \item \textbf{Adverse selection mitigation}: partially solves the ``winner's curse'' problem.
+\end{enumerate}
+
+\subsection{Scoring-Phase Strategy: Attestation Delegation}
+
+\textbf{Equilibrium.} In the unique subgame-perfect equilibrium of the attestation game (assuming common knowledge of the event outcome):
+\begin{enumerate}[nosep]
+    \item All holders attest to the \emph{truthful} scorecard---the one reflecting the actual event outcome.
+    \item The truthful scorecard achieves quorum, as holders of winning tiers have the strongest incentive to attest.
+\end{enumerate}
+
+\subsection{Complete-Phase Strategy: Claim vs Hold}
+
+\textbf{Dominant strategy.} For risk-neutral players with positive time preference, burning immediately weakly dominates holding. The claim value does not depreciate (the path-independent formula ensures later claimants receive the same amount), but the time value of money favors immediate realization. Holding is justified only by expected protocol-token appreciation exceeding the discount rate:
+\begin{equation}
+\frac{dP_D}{dt} \cdot \frac{p_i}{M} \cdot D_{\text{total}} > r \cdot V_i^{\text{token}}
+\end{equation}
+
+where $r$ is the player's discount rate.
+
+%==========================================================================
+\section{Solvency and Conservation Laws}
+%==========================================================================
+
+\subsection{The Conservation Guarantee}
+
+\begin{theorem}[Prize Pool Conservation]
+For any scorecard $\mathbf{w}$ with $\sum_i w_i = W_{\text{total}}$ and any sequence of redemptions, the total amount paid out to all NFT holders equals $B_{\text{prize}}$.
+\end{theorem}
+
+\begin{proof}
+The total claim across all tokens is:
+$$\sum_{i=1}^{N} n_i^{\text{eligible}} \cdot \frac{w_i}{\hat{n}_i \cdot W_{\text{total}}} \cdot (B_{\text{prize}} + A_{\text{redeemed}})$$
+
+Since $n_i^{\text{eligible}} = \hat{n}_i$ at the start (before any complete-phase redemptions), and the term $(B_{\text{prize}} + A_{\text{redeemed}})$ is invariant, this equals:
+$$\sum_{i=1}^{N} \frac{w_i}{W_{\text{total}}} \cdot B_{\text{prize}} = \frac{B_{\text{prize}}}{W_{\text{total}}} \sum_{i=1}^{N} w_i = B_{\text{prize}}$$
+\end{proof}
+
+This guarantees that the treasury is exactly drained after all eligible tokens are redeemed---there is no residual and no shortfall.
+
+\subsection{Solvency Under Sequential Cash-Outs}
+
+\begin{corollary}[Order Independence]
+The payout to any individual NFT holder is independent of the order in which other holders redeem their tokens.
+\end{corollary}
+
+\begin{proof}
+The per-token claim formula (Eq.~\ref{eq:cashout}) uses $(B_{\text{prize}} + A_{\text{redeemed}})$ as the reference pot, which is constant regardless of how many tokens have been redeemed. As each token is redeemed, both $n_i^{\text{burned}}$ and $d_i$ increment by 1, leaving $\hat{n}_i$ invariant. Therefore, each token receives the same payout regardless of when it is redeemed.
+\end{proof}
+
+\subsection{Fee Impact on Total Claimable Value}
+
+The total value available to players (prize + protocol tokens) is:
+\begin{equation}
+V_{\text{total}} = B_{\text{prize}} + V_{\text{protocol}} = B_{\text{pot}} \cdot (1 - \phi) + V_{\text{protocol}}
+\end{equation}
+
+With default fees ($\phi = 10\%$):
+$$V_{\text{total}} = 0.9 \cdot B_{\text{pot}} + V_{\text{protocol}}$$
+
+Whether the net present value exceeds the mint cost depends on whether $V_{\text{protocol}} > 0.1 \cdot B_{\text{pot}}$---whether protocol token value compensates for the fee extraction.
+
+%==========================================================================
+\section{Game-Theoretic Properties}
+%==========================================================================
+
+\subsection{Defifa as a Parimutuel Mechanism}
+
+Defifa implements a \emph{generalized parimutuel mechanism} with several distinctive features:
+
+\begin{table}[H]
+\centering
+\begin{tabular}{lll}
+\toprule
+\textbf{Property} & \textbf{Traditional Parimutuel} & \textbf{Defifa} \\
+\midrule
+Outcome resolution & Centralized oracle & Decentralized attestation \\
+Payout computation & House-computed odds & On-chain formula \\
+Fee structure & Fixed takeout rate & Split-based, configurable \\
+Asset type & Fungible bet tickets & Non-fungible ERC-721 \\
+Secondary market & Typically none & Full ERC-721 transferability \\
+Refund option & Typically none & Configurable refund phase \\
+Token rewards & None & Protocol token distribution \\
+\bottomrule
+\end{tabular}
+\caption{Comparison: Traditional parimutuel vs.\ Defifa.}
+\end{table}
+
+\textbf{Parimutuel equivalence.} Under uniform pricing ($p_i = p$), binary scorecard (one winner), and no refund phase, a Defifa game is equivalent to a classical parimutuel pool with odds:
+\begin{equation}
+\text{odds}_i = \frac{B_{\text{prize}}}{n_i \cdot p} = \frac{(1 - \phi) \cdot \sum_k n_k}{n_i}
+\end{equation}
+
+\subsection{Information Aggregation}
+
+The minting and refund dynamics create a multi-round price-discovery mechanism:
+
+\textbf{Round 1 (Mint phase).} Players reveal information through tier selection. Under equilibrium, the pot distribution converges to the collective probability distribution.
+
+\textbf{Round 2 (Refund phase).} Players who received new information can exit, and the refund pattern reveals belief updates.
+
+\textbf{Round 3 (Secondary market).} If NFTs trade on secondary markets during the scoring phase, prices reflect the most current probability assessments.
+
+This three-round structure is informationally richer than single-shot betting mechanisms.
+
+\subsection{Multi-Game Dynamics and Protocol Flywheel}
+
+Defifa generates a \emph{protocol-level flywheel} through its fee-token mechanism:
+
+\begin{enumerate}[nosep]
+    \item Game fees $\to$ minted to protocol projects as payments,
+    \item Protocol tokens are issued to the game hook,
+    \item Players claim protocol tokens upon burning NFTs,
+    \item Protocol token value reflects aggregate fee revenue across all games,
+    \item Higher token value $\to$ higher expected returns $\to$ more participation $\to$ more fees.
+\end{enumerate}
+
+\textbf{Flywheel dynamics.} Let $G$ be the number of active games, $\bar{B}$ the average pot size, and $\phi$ the fee rate. The aggregate fee revenue is:
+\begin{equation}
+R = G \cdot \bar{B} \cdot \phi
+\end{equation}
+
+The fraction of the pot recovered through protocol tokens is:
+\begin{equation}
+\frac{V_{\text{protocol}}^{\text{game}}}{\bar{B}} = \phi^2 \cdot \mu \cdot G
+\end{equation}
+
+where $\mu$ is the revenue multiple of protocol token valuation. This shows that the protocol-token recovery rate increases linearly with the number of games $G$, creating a positive network effect.
+
+%==========================================================================
+\section{Parameter Design Space}
+%==========================================================================
+
+\subsection{Tier Count and Price Calibration}
+
+\textbf{Tier count.} The number of tiers $N$ affects quorum difficulty ($Q \propto N$), per-tier dilution, and attack cost. Optimal regime: $4 \leq N \leq 32$ balances governance tractability with outcome granularity.
+
+\textbf{Price calibration.} Uniform pricing ($p_i = p$) creates clean parimutuel dynamics where pot fractions equal minting fractions. Non-uniform pricing allows odds-adjustment at design time. Recommended: uniform pricing between 0.01 and 1~ETH per NFT.
+
+\subsection{Timing Parameters}
+
+\textbf{Mint duration}: Should approximate time until event, capped at $\sim$30 days.
+
+\textbf{Refund duration}: 1--7 days provides meaningful optionality without excessive uncertainty.
+
+\textbf{Attestation start time}: 1--24 hours delay for preparation.
+
+\textbf{Attestation grace period}: 1--7 days for broad participation.
+
+\subsection{Fee Calibration and Protocol Sustainability}
+
+The default fee structure is competitive with existing markets:
+
+\begin{table}[H]
+\centering
+\begin{tabular}{ll}
+\toprule
+\textbf{Platform} & \textbf{Takeout Rate} \\
+\midrule
+Horse racing (parimutuel) & 15--25\% \\
+Sports betting (vig) & 4--10\% \\
+Prediction markets (fees) & 1--5\% \\
+\textbf{Defifa (default)} & \textbf{10\%} \\
+\bottomrule
+\end{tabular}
+\caption{Fee comparison across prediction platforms.}
+\end{table}
+
+The effective fee rate, accounting for protocol token rebates, is:
+\begin{equation}
+\phi_{\text{eff}} = \phi \cdot (1 - \alpha)
+\end{equation}
+
+where $\alpha$ is the fraction of fee value retained in protocol tokens. For $\alpha = 0.5$: $\phi_{\text{eff}} = 5\%$, competitive with low-fee prediction markets.
+
+%==========================================================================
+\section{Open Problems and Mechanism Design Recommendations}
+%==========================================================================
+
+The formal analysis in Sections~2--8 reveals several structural properties of the Defifa mechanism that merit attention. This section catalogs open problems discovered through systematic code review and game-theoretic analysis, ordered by severity, and proposes concrete protocol-level mitigations.
+
+\subsection{Governance Deadlock and Fund Recovery: A Deep Study}
+
+\textbf{Severity: Significant (design consideration).}
+
+\subsubsection{Historical Context}
+
+The original Defifa (Juicebox~V3 era) included \texttt{NO\_CONTEST} and \texttt{NO\_CONTEST\_INEVITABLE} phases. In~V3, each game phase had to be manually advanced by calling \texttt{queueNextPhaseOf()}. If nobody called this function before a funding cycle ``rolled over,'' the \texttt{\_noContestInevitable()} check detected the rollover and \texttt{\_queueNoContest()} reconfigured the project for permanent full-price refunds (\texttt{duration=0}, \texttt{cashOutTaxRate=0}, \texttt{pausePay=true}). The~V5 port pre-queues all rulesets at launch, eliminating the rollover risk---but also eliminating the sole trigger for no-contest. The dead code was removed as part of the~V5 cleanup (see AUDIT\_FINDINGS L-D5). This section formally analyzes whether a new form of no-contest should be reintroduced.
+
+\subsubsection{Exhaustive Deadlock Scenario Analysis}
+
+We identify five distinct scenarios in which game funds could become permanently inaccessible:
+
+\textbf{Scenario~A: No scorecard submitted.} The game reaches SCORING. Nobody calls \texttt{submitScorecardFor()}. All tier cash-out weights remain zero. The hook returns \texttt{cashOutCount = 0} and \texttt{afterCashOutRecordedWith} reverts with \texttt{NOTHING\_TO\_CLAIM}. Funds remain in the treasury indefinitely.
+
+\textbf{Scenario~B: Quorum unreachable.} A scorecard exists but attestation power is fragmented. No single scorecard accumulates 50\% of eligible attestation weight. The governor's \texttt{stateOf()} returns ACTIVE indefinitely---there is no expiry on attestation.
+
+\textbf{Scenario~C: Dead attestation delegate.} The \texttt{defaultAttestationDelegate} is set to an inaccessible address. Since delegation can only be changed during MINT, the accumulated attestation power is irrecoverably locked after MINT ends.
+
+\textbf{Scenario~D: Attestation power in dead addresses.} If $>50\%$ of game pieces are transferred to contracts that cannot call \texttt{attestToScorecardFrom()}, exercisable attestation power drops below quorum permanently.
+
+\textbf{Scenario~E: Split target reverts on ratification.} \texttt{ratifyScorecardFrom()} calls \texttt{fulfillCommitmentsOf()}, which calls \texttt{sendPayoutsOf()}. If a split target reverts, the entire ratification transaction fails despite a governance-approved scorecard.
+
+\begin{table}[h]
+\centering
+\begin{tabular}{lccc}
+\toprule
+Scenario & Funds stuck? & Delegate resolves? & Automated? \\
+\midrule
+A: No scorecard & Yes & Yes, if active & No \\
+B: Quorum unreachable & Yes & Yes, if has power & No \\
+C: Dead delegate & Yes & No & No \\
+D: Dead attestation holders & Yes & No & No \\
+E: Split target reverts & Yes & No & No \\
+\bottomrule
+\end{tabular}
+\end{table}
+
+\subsubsection{Effectiveness of the Default Attestation Delegate}
+
+When set, the \texttt{defaultAttestationDelegate} receives attestation units from every minter who does not specify a custom delegate. If no minter re-delegates, the delegate holds 100\% of attestation power---easily exceeding quorum. It resolves Scenarios~A and~B in the common case.
+
+However, it provides no hard guarantee because it depends on four assumptions: (1)~the delegate is set (\texttt{address(0)} is valid), (2)~the delegate remains operational, (3)~the delegate acts honestly (it could self-ratify a malicious scorecard), and (4)~minters do not re-delegate. The delegate is an excellent first line of defense---a trusted, social mechanism---but not a trustless, automated one.
+
+\subsubsection{Candidate Mechanism~A: Minimum Participation Threshold}
+
+At game initialization, the organizer sets \texttt{minParticipation}---a minimum treasury balance required to proceed to SCORING. If the balance is below this threshold, the game enters a no-contest state where cash-outs return mint prices. Implementation: one new \texttt{uint256} in the ops data; \texttt{currentGamePhaseOf()} checks the balance before returning SCORING.
+
+\emph{What it solves:} Ghost games with negligible participation skip directly to refundability. \emph{What it does not solve:} Post-threshold governance deadlocks (Scenarios~B--E). \emph{Attack surface:} A majority holder can refund enough tokens to push the balance below threshold, unilaterally killing the game. \emph{Mitigation:} Set the threshold conservatively low (${\sim}10\%$ of expected pot).
+
+\subsubsection{Candidate Mechanism~B: Scorecard Ratification Timeout}
+
+At game initialization, the organizer sets \texttt{scorecardTimeout}---a duration after SCORING begins. If no scorecard is ratified within this window, the game enters a no-contest state. Implementation: one new \texttt{uint256}; \texttt{currentGamePhaseOf()} checks \texttt{block.timestamp > scoringStart + timeout}.
+
+\emph{What it solves:} All five deadlock scenarios (A--E). This is the only mechanism providing a hard, trustless, time-bounded guarantee. \emph{Interaction with the governor:} Partially-attested scorecards expire gracefully. The critical edge case is a SUCCEEDED scorecard that hasn't been ratified when the timeout fires---mitigated by generous timeouts (90--180~days) or a short ``ratification grace period.'' \emph{Attack surface:} Minimal---an adversary cannot accelerate the timeout.
+
+\subsubsection{Do We Need a Formal State?}
+
+Both mechanisms can be implemented as \emph{computed states} in \texttt{currentGamePhaseOf()}---no on-chain state transition required. The SCORING ruleset already has \texttt{cashOutTaxRate = 0} and \texttt{pausePay = true}, which are the correct parameters for refunds. Adding a named enum value provides clearer UI/indexer signaling, but the behavior itself requires no new handler logic beyond the existing MINT/REFUND refund path.
+
+\subsubsection{Assessment and Recommendation}
+
+The \texttt{defaultAttestationDelegate} resolves the vast majority of practical deadlocks and is sufficient for games with trusted organizers. However, for permissionless, trustless game creation, a hard guarantee is essential. We recommend:
+
+\begin{enumerate}[nosep]
+\item \textbf{Scorecard ratification timeout} as the primary safety mechanism. Covers all five deadlock scenarios. Implementation cost: one \texttt{uint256}, one timestamp comparison. Recommended default: 90~days.
+\item \textbf{Minimum participation threshold} as an optional complement. Provides early termination for non-viable games. Implementation cost: one \texttt{uint256}, one balance check.
+\item Both mechanisms should be \textbf{optional} (default: 0 = disabled) to preserve backward compatibility.
+\item The game should \textbf{remain fully playable without either mechanism}---they are safety nets, not requirements.
+\end{enumerate}
+
+The combination of delegate (fast-path social resolution) + timeout (hard backstop) + threshold (early exit) provides defense in depth where each mechanism covers the failure modes of the others.
+
+\subsection{Cheap Cross-Tier Attestation Capture}
+
+\textbf{Severity: Critical.}
+
+As identified in the corrected attack cost analysis (Equation~\ref{eq:cheapattack}), the per-tier attestation power cap creates an unintended vulnerability in games with uneven participation. The mechanism assigns equal maximum attestation power ($V_{\text{max}} = 10^9$) to every tier \emph{regardless of minted supply}. A tier with 1~token has the same governance weight as a tier with 10,000 tokens.
+
+\textbf{The attack.} An adversary identifies $\lceil N/2 \rceil$ tiers with zero or minimal mints. They purchase 1 token in each, becoming the sole holder and receiving full $V_{\text{max}}$ per tier. Their total attestation power: $A_{\text{attacker}} = \lceil N/2 \rceil \cdot V_{\text{max}} \geq Q$. They meet quorum unilaterally and ratify a scorecard directing $W_{\text{total}}$ to their tokens.
+
+\textbf{Numerical example.} A 32-tier game at 0.01~ETH. Popular tiers accumulate 1,000 tokens each; 16 tiers receive no organic mints. The attacker buys 1 token in each empty tier for 0.16~ETH total and ratifies a scorecard directing ${\sim}144$~ETH to one of their tiers. \textbf{Return on investment: ${\sim}900\times$.}
+
+\textbf{Root cause.} The quorum function counts \emph{any tier with nonzero supply} as eligible, conflating ``meaningful community participation'' with ``a tier a single actor created a position in.''
+
+\textbf{Recommended fix.} Introduce a minimum supply threshold for quorum eligibility:
+\begin{equation}
+Q = \frac{1}{2} \sum_{i=1}^{N} \mathbf{1}\!\left[n_i \geq n_{\text{min}}\right] \cdot V_{\text{max}}
+\end{equation}
+where $n_{\text{min}} \geq 2$. Alternatively, weight each tier's attestation power by a concave function of supply, such as $\min(V_{\text{max}}, \sqrt{n_i} \cdot V_{\text{max}} / \sqrt{n_{\text{ref}}})$.
+
+\subsection{Prize Pool Under-Allocation}
+
+\textbf{Severity: Significant.}
+
+The weight validation in \texttt{setTierCashOutWeightsTo} uses a strict greater-than check: \texttt{if (\_cumulativeCashOutWeight > TOTAL\_CASHOUT\_WEIGHT) revert}. A scorecard with weights summing to \emph{less than} $W_{\text{total}}$ passes validation. The residual $B_{\text{prize}} \cdot (1 - \sum_i w_i / W_{\text{total}})$ remains permanently trapped in the treasury, breaking the conservation guarantee of Theorem~6.1 (which assumes $\sum_i w_i = W_{\text{total}}$).
+
+\textbf{Recommended fix.} Change to exact equality: \texttt{if (\_cumulativeCashOutWeight != TOTAL\_CASHOUT\_WEIGHT) revert}.
+
+\subsection{Attestation Timing Misconfiguration}
+
+\textbf{Severity: Significant.}
+
+Both \texttt{attestationsBegin} and \texttt{gracePeriodEnds} are computed relative to \texttt{block.timestamp} at submission time---not relative to each other. If $\tau_{\text{grace}} < \tau_{\text{attest\_start}}$, the grace period expires \emph{before attestations begin}, creating a zero-length effective attestation window. Additionally, \texttt{initializeGame} performs no validation on the relationship between these parameters.
+
+\textbf{Recommended fix.} Compute \texttt{gracePeriodEnds} relative to \texttt{attestationsBegin}: $t_{\text{grace\_end}} = t_{\text{attest\_begin}} + \tau_{\text{grace}}$, or validate in \texttt{initializeGame} that $\tau_{\text{grace}} \geq \tau_{\text{attest\_start}}$.
+
+\subsection{Pre-Scoring Scorecard Submission}
+
+\textbf{Severity: Moderate.}
+
+The \texttt{submitScorecardFor} function contains no game-phase check. Scorecards can be submitted and accumulate attestations during the MINT phase---before the underlying event has occurred. While \texttt{setTierCashOutWeightsTo} enforces SCORING for weight application, pre-accumulated attestations let a coordinated group achieve SUCCEEDED state before scoring opens, then ratify instantly.
+
+\textbf{Recommended fix.} Add a phase check requiring SCORING phase for scorecard submission.
+
+\subsection{Fee Extraction Fragility}
+
+\textbf{Severity: Moderate.}
+
+In \texttt{fulfillCommitmentsOf}, the function calls \texttt{sendPayoutsOf} with \texttt{minTokensPaidOut} set to the full treasury balance. The split structure returns ${\sim}90\%$ back via \texttt{addToBalanceOf}. If the terminal interprets \texttt{minTokensPaidOut} as the minimum that permanently leaves the project, this transaction reverts---permanently blocking fee extraction and game completion.
+
+\textbf{Recommended fix.} Set \texttt{minTokensPaidOut} to~0 or to the expected fee amount.
+
+%==========================================================================
+\section{Conclusions and Practical Implications}
+%==========================================================================
+
+This paper has formalized the cryptoeconomic mechanisms of Defifa: a prediction-game protocol that transforms NFT minting into a parimutuel wagering mechanism with governance-ratified outcomes.
+
+\textbf{Prize Distribution Mechanics.} Defifa implements a path-independent, weight-proportional prize distribution through Equation~\ref{eq:cashout}. Using $(B_{\text{prize}} + A_{\text{redeemed}})$ as the reference pot ensures every token holder receives the same payout regardless of redemption order. Theorem~6.1 proves total payouts exactly exhaust the prize pool (provided $\sum_i w_i = W_{\text{total}}$; see Section~9.3).
+
+\textbf{Governance Security.} The attestation model (Section~3) achieves a balance between decentralization and efficiency. The per-tier cap on attestation power ($V_{\text{max}} = 10^9$) prevents any single tier from dominating governance, while the 50\% quorum across minted tiers ensures broad participation. However, Section~9 identifies a critical governance vulnerability: cheap cross-tier attestation capture (9.2), where an attacker buying 1~token in each of $N/2$ unpopular tiers can unilaterally meet quorum. The corrected attack cost (Eq.~\ref{eq:cheapattack}) shows that governance security depends not just on tier count and prices, but critically on participation uniformity across tiers. The deep study in Section~9.1 identifies five distinct deadlock scenarios and evaluates two candidate safety mechanisms (participation thresholds and ratification timeouts), concluding that both are valuable optional additions but that the existing system remains fully playable without them when games have active organizers and trusted delegates.
+
+\textbf{Market Efficiency.} The equilibrium analysis demonstrates convergence to the classical parimutuel result: pot fractions equal consensus probabilities. The three-round information structure (mint $\to$ refund $\to$ secondary) provides richer information aggregation than single-shot mechanisms.
+
+\textbf{Protocol Sustainability.} The fee-token flywheel creates positive network effects where more games increase protocol token value, which reduces effective fee rates, which attracts more players.
+
+\textbf{Practical Recommendations.}
+\begin{enumerate}[nosep]
+    \item \textbf{Tier count}: 4--32 tiers for governance security and outcome expressiveness.
+    \item \textbf{Pricing}: Uniform pricing between 0.01--1 ETH for clean parimutuel dynamics.
+    \item \textbf{Refund phase}: 1--7 days for meaningful optionality.
+    \item \textbf{Attestation}: Trusted default delegate; 24-hour start delay; 3-day grace period. Ensure $\tau_{\text{grace}} \geq \tau_{\text{attest\_start}}$ (Section~9.4).
+    \item \textbf{Fees}: Default 10\% split is competitive; organizer splits should not exceed 5\%.
+    \item \textbf{Participation}: Ensure all tiers attract meaningful participation to resist cheap governance capture (Section~9.2). Consider minimum-supply quorum thresholds.
+    \item \textbf{Deadlock protection}: For permissionless games, set a scorecard ratification timeout (90--180~days recommended) and optionally a minimum participation threshold. For trusted-organizer games, the \texttt{defaultAttestationDelegate} is sufficient (Section~9.1).
+\end{enumerate}
+
+\textbf{Synthesis.} Defifa implements a rigorous approach to prediction gaming through the composition of three well-understood mechanisms: parimutuel pooling for price formation, attestation governance for outcome resolution, and Juicebox V5 for treasury management. The mathematical analysis confirms that the system conserves value and converges to informationally efficient equilibria. The protocol token layer adds a novel incentive dimension that aligns participant, organizer, and protocol interests around game volume growth.
+
+The open problems identified in Section~9---particularly the cheap cross-tier attestation capture (9.2) and prize pool under-allocation (9.3)---represent the most important areas for protocol hardening before production deployment at scale. The recommended mitigations (minimum-supply quorum thresholds, exact weight validation) are backwards-compatible and address the identified vulnerabilities without altering the core mechanism design. The deep study of governance deadlock (9.1) confirms that the existing architecture is sound---the \texttt{defaultAttestationDelegate} resolves the majority of practical deadlocks---but that optional safety mechanisms (ratification timeout, participation threshold) provide valuable defense in depth for permissionless deployment without adding mandatory complexity.
+
+The elegance of Defifa resides in its architectural composability: prediction games with arbitrary outcomes, arbitrary tier structures, and arbitrary payout distributions emerge from the same set of parameters, executed deterministically by immutable smart contracts with a single, time-bounded governance input. The game remains fully playable and efficient without additional states---the proposed safety mechanisms are optional parameters that expand the design space for risk-averse game creators while preserving the protocol's minimalist architecture for those who prefer it.
+
+\end{document}