@ballkidz/defifa 0.0.12 → 0.0.14

package/CRYPTO_ECON.md

@@ -1,7 +1,7 @@
 # Cryptoeconomics of Defifa
 
 **Claude Opus 4.6 (Anthropic) in coordination with Jango from the Defifa Team.**
-*This analysis was generated by Claude Opus 4.6 based on its study of the Defifa V5 codebase and the [Revnet Whitepaper](https://cryptoeconlab.com/paper/pub-0?paper=https%253A%252F%252Fstorage.googleapis.com%252Fcel-public-resources%252FRevnet-Whitepaper.pdf) by CryptoEconLab.*
+*This analysis was generated by Claude Opus 4.6 based on its study of the Defifa V6 codebase and the [Revnet Whitepaper](https://cryptoeconlab.com/paper/pub-0?paper=https%253A%252F%252Fstorage.googleapis.com%252Fcel-public-resources%252FRevnet-Whitepaper.pdf) by CryptoEconLab.*
 
 *March 2026*
 
@@ -9,7 +9,9 @@
 
 ## Abstract
 
-Defifa is a prediction-game protocol built on Juicebox V5 that transforms NFT minting into a parimutuel wagering mechanism with governance-ratified outcomes. Players purchase ERC-721 game pieces representing competing tiers (teams, candidates, outcomes), forming a shared treasury. After the event concludes, a decentralized attestation process ratifies a scorecard that assigns weights to each tier, redistributing the treasury proportionally. This paper formalizes the cryptoeconomic mechanics of Defifa games: the prize distribution formula, the attestation governance model, the fee extraction pipeline, the protocol-token incentive layer, and the rational actor strategies that emerge. We derive solvency guarantees, characterize equilibrium behavior under various participation profiles, analyze the game-theoretic properties of the scorecard ratification process, and identify the parameter regimes that maximize game integrity and participant welfare.
+Defifa is a prediction-game protocol built on Juicebox V6 that transforms NFT minting into a parimutuel wagering mechanism with governance-ratified outcomes. Players purchase ERC-721 game pieces representing competing tiers (teams, candidates, outcomes), forming a shared treasury. After the event concludes, a decentralized attestation process ratifies a scorecard that assigns weights to each tier, redistributing the treasury proportionally. This paper formalizes the cryptoeconomic mechanics of Defifa games: the prize distribution formula, the attestation governance model, the fee extraction pipeline, the protocol-token incentive layer, and the rational actor strategies that emerge. We derive solvency guarantees, characterize equilibrium behavior under various participation profiles, analyze the game-theoretic properties of the scorecard ratification process, and identify the parameter regimes that maximize game integrity and participant welfare.
+
+Throughout, we illustrate the mechanics with a running example: a **FIFA World Cup game with 32 tiers** — one per national team — priced at 0.01 ETH each.
 
 ---
 
@@ -52,13 +54,12 @@ Defifa is a prediction-game protocol built on Juicebox V5 that transforms NFT mi
    1. [Tier Count and Price Calibration](#81-tier-count-and-price-calibration)
    2. [Timing Parameters](#82-timing-parameters)
    3. [Fee Calibration and Protocol Sustainability](#83-fee-calibration-and-protocol-sustainability)
-9. [Open Problems and Mechanism Design Recommendations](#9-open-problems-and-mechanism-design-recommendations)
-   1. [Governance Deadlock and Fund Recovery: A Deep Study](#91-governance-deadlock-and-fund-recovery-a-deep-study)
-   2. [Cheap Cross-Tier Attestation Capture](#92-cheap-cross-tier-attestation-capture)
-   3. [Prize Pool Under-Allocation](#93-prize-pool-under-allocation)
-   4. [Attestation Timing Misconfiguration](#94-attestation-timing-misconfiguration)
-   5. [Pre-Scoring Scorecard Submission](#95-pre-scoring-scorecard-submission)
-   6. [Fee Extraction Fragility](#96-fee-extraction-fragility)
+9. [Safety Mechanisms](#9-safety-mechanisms)
+   1. [The No-Contest System](#91-the-no-contest-system)
+   2. [Governance Attack Economics](#92-governance-attack-economics)
+   3. [Resilient Game Design](#93-resilient-game-design)
+   4. [Governance Hardening](#94-governance-hardening)
+   5. [Governance Deadlock Analysis](#95-governance-deadlock-analysis)
 10. [Conclusions and Practical Implications](#10-conclusions-and-practical-implications)
 
 ---
@@ -67,9 +68,11 @@ Defifa is a prediction-game protocol built on Juicebox V5 that transforms NFT mi
 
 ### 1.1 What is Defifa?
 
-Defifa is a prediction-game protocol that transforms the act of purchasing an NFT into a wager on the outcome of a real-world event. It is deployed using the Juicebox V5 protocol and governed by a combination of immutable smart-contract rules and a minimal, time-bounded governance process for outcome resolution.
+Defifa is a prediction-game protocol that transforms the act of purchasing an NFT into a wager on the outcome of a real-world event. It is deployed using the Juicebox V6 protocol and governed by a combination of immutable smart-contract rules and a minimal, time-bounded governance process for outcome resolution.
+
+A Defifa game is a *tokenized parimutuel pool*: money goes in via NFT purchases, forming a shared pot; after the event concludes, a governance process assigns weights to each tier (team, outcome, candidate), and the pot is distributed proportionally. The game pieces are ERC-721 tokens organized into tiers, where each tier represents a distinct prediction. The purchase price is uniform across all tiers — enforced at the protocol level — and the payout is determined by post-event scorecard ratification.
 
-A Defifa game is a *tokenized parimutuel pool*: money goes in via NFT purchases, forming a shared pot; after the event concludes, a governance process assigns weights to each tier (team, outcome, candidate), and the pot is distributed proportionally. The game pieces are ERC-721 tokens organized into tiers, where each tier represents a distinct prediction. The purchase price of a tier token is fixed at game creation, and the payout is determined by post-event scorecard ratification.
+**Running example: World Cup 2026.** Imagine a Defifa game for the FIFA World Cup with 32 tiers — one for each national team — priced at 0.01 ETH each. Argentina is Tier 1, France is Tier 2, Brazil is Tier 3, ..., and Saudi Arabia is Tier 32. Anyone can mint NFTs for the team they believe will win (or perform well), and after the tournament, a scorecard assigns weights reflecting the actual results.
 
 Defifa games are:
 
@@ -80,41 +83,55 @@ Defifa games are:
 
 ### 1.2 How a Defifa Game Works (at a glance)
 
-1. **Mint (pot formation).** During the mint phase, anyone can purchase NFTs representing tiers. Each NFT has a fixed price denominated in the game's base asset (e.g., ETH). All payments flow into a shared treasury — the *pot*. Players may delegate their attestation power to a chosen delegate at mint time.
+1. **Mint (pot formation).** During the mint phase, anyone can purchase NFTs representing tiers at the game's uniform price. All payments flow into a shared treasury — the *pot*. Players may delegate their attestation power to a chosen delegate at mint time.
 
 2. **Refund (optional exit window).** If configured, a refund phase follows minting. During this period, players may burn their NFTs to reclaim the original mint price, allowing a risk-free exit for those who change their minds. No new mints are accepted.
 
-3. **Score (outcome resolution).** Once the real-world event concludes, anyone may propose a *scorecard* — a vector of weights summing to $W_{\text{total}} = 10^{18}$ — assigning each tier its share of the pot. NFT holders attest to the scorecard they believe reflects the correct outcome. Once a scorecard achieves quorum, it can be ratified.
+3. **Score (outcome resolution).** Once the real-world event concludes, anyone may propose a *scorecard* — a vector of weights summing to $W_{\text{total}} = 10^{18}$ — assigning each tier its share of the pot. NFT holders attest to the scorecard they believe reflects the correct outcome. Once a scorecard achieves quorum, it can be ratified. Scorecard submission is restricted to the SCORING phase — no pre-scoring submissions are allowed.
+
+4. **Complete (prize distribution).** After ratification, protocol fees are extracted, and the remaining pot is available for claims. Each NFT holder burns their token to receive their proportional share, plus any accrued protocol tokens ($\text{DEFIFA}$ and $\text{NANA}$).
 
-4. **Complete (prize distribution).** After ratification, protocol fees are extracted, and the remaining pot is available for claims. Each NFT holder burns their token to receive their proportional share, plus any accrued protocol tokens ($\text{DEFIFA}$ and $\text{BASE\_PROTOCOL}$).
+5. **No contest (safety fallback).** If the game fails to attract sufficient participation or the scorecard is not ratified within the configured timeout, the game enters a NO_CONTEST state where all players can reclaim their original mint prices.
+
+**World Cup example.** The World Cup game mints for 30 days before the tournament. Fans buy Argentina NFTs, France NFTs, etc. After the final, someone submits a scorecard: the champion's tier gets 40% of the weight, the runner-up gets 20%, semifinalists get 10% each, and quarterfinalists share the remaining 20%. Holders attest, the scorecard is ratified, fees are extracted, and holders of the champion's NFTs receive their proportional share of a now-concentrated prize pool.
 
 ### 1.3 The Design Parameters
 
 A Defifa game is fully specified at deployment by a parameter tuple:
 
-$$\mathcal{G} = \left( \{T_i\}_{i=1}^{N}, \; t_{\text{mint}}, \; t_{\text{refund}}, \; t_{\text{start}}, \; \phi_{\text{defifa}}, \; \phi_{\text{base}}, \; \mathcal{S}, \; \tau_{\text{attest}}, \; \tau_{\text{grace}} \right) \tag{1}$$
+$$\mathcal{G} = \left( \{T_i\}_{i=1}^{N}, \; p, \; t_{\text{mint}}, \; t_{\text{refund}}, \; t_{\text{start}}, \; \phi_{\text{defifa}}, \; \phi_{\text{base}}, \; \mathcal{S}, \; \tau_{\text{attest}}, \; \tau_{\text{grace}}, \; m_{\text{min}}, \; \tau_{\text{timeout}} \right) \tag{1}$$
 
 Where:
 
-1. **Tier configuration** $\{T_i\}_{i=1}^{N}$: For each of the $N$ tiers, a fixed price $p_i$, an optional reserved rate $\rho_i$, and a reserved-token beneficiary address. The initial supply per tier is set to $999{,}999{,}999$ (effectively unlimited).
+1. **Tier configuration** $\{T_i\}_{i=1}^{N}$: For each of the $N$ tiers (maximum 128), an optional reserved rate $\rho_i$, a reserved-token beneficiary address, a name, and an optional IPFS URI. The initial supply per tier is set to $999{,}999{,}999$ (effectively unlimited).
+
+2. **Uniform tier price** ($p$): A single fixed price applied to all tiers, denominated in the game's base asset (e.g., ETH). Uniform pricing is enforced at the protocol level via the `tierPrice` parameter in `DefifaLaunchProjectData`, ensuring that price-based voting power is equal across tiers.
+
+3. **Mint period duration** ($t_{\text{mint}}$): How long the minting window stays open, in seconds.
 
-2. **Mint period duration** ($t_{\text{mint}}$): How long the minting window stays open, in seconds.
+4. **Refund period duration** ($t_{\text{refund}}$): How long the refund window stays open after minting closes. May be zero (no refund phase).
 
-3. **Refund period duration** ($t_{\text{refund}}$): How long the refund window stays open after minting closes. May be zero (no refund phase).
+5. **Game start time** ($t_{\text{start}}$): When the scoring phase begins — typically aligned with the real-world event's conclusion.
 
-4. **Game start time** ($t_{\text{start}}$): When the scoring phase begins — typically aligned with the real-world event's conclusion.
+6. **Defifa fee divisor** ($\phi_{\text{defifa}}$): The fraction $1/\phi_{\text{defifa}}$ of the pot sent to the Defifa protocol project. Default: $\phi_{\text{defifa}} = 20$ (5%).
 
-5. **Defifa fee divisor** ($\phi_{\text{defifa}}$): The fraction $1/\phi_{\text{defifa}}$ of the pot sent to the Defifa protocol project. Default: $\phi_{\text{defifa}} = 20$ (5%).
+7. **Base protocol fee divisor** ($\phi_{\text{base}}$): The fraction $1/\phi_{\text{base}}$ of the pot sent to the base protocol project (Juicebox / NANA). Default: $\phi_{\text{base}} = 40$ (2.5%).
 
-6. **Base protocol fee divisor** ($\phi_{\text{base}}$): The fraction $1/\phi_{\text{base}}$ of the pot sent to the base protocol project. Default: $\phi_{\text{base}} = 20$ (5%).
+8. **Splits** ($\mathcal{S}$): Additional payout splits configured at deployment (e.g., for game organizers, charities).
 
-7. **Splits** ($\mathcal{S}$): Additional payout splits configured at deployment (e.g., for game organizers, charities).
+9. **Attestation start time** ($\tau_{\text{attest}}$): The earliest time at which attestation voting opens on submitted scorecards.
 
-8. **Attestation start time** ($\tau_{\text{attest}}$): Delay before attestation voting opens on a submitted scorecard.
+10. **Attestation grace period** ($\tau_{\text{grace}}$): Minimum duration attestations must remain open after $\tau_{\text{attest}}$, even if quorum is already met. Protocol-enforced minimum: 1 day.
 
-9. **Attestation grace period** ($\tau_{\text{grace}}$): Duration of the attestation voting window.
+11. **Minimum participation** ($m_{\text{min}}$): The minimum treasury balance required for the game to proceed to scoring. If the balance is below this threshold when SCORING would begin, the game enters NO_CONTEST. Set to 0 to disable.
 
-Once set, the tuple $\mathcal{G}$ is immutable. Phase transitions occur automatically by timestamp, with the scoring phase having infinite duration (duration = 0) until the scorecard is ratified.
+12. **Scorecard timeout** ($\tau_{\text{timeout}}$): The maximum time (in seconds) after the scoring phase begins for a scorecard to be ratified. If exceeded without ratification, the game enters NO_CONTEST. Set to 0 to disable.
+
+Once set, the tuple $\mathcal{G}$ is immutable. Phase transitions occur automatically by timestamp, with the scoring phase having infinite duration (duration = 0) until the scorecard is ratified or the timeout elapses.
+
+**World Cup example parameters:**
+
+$$\mathcal{G}_{\text{WC}} = \left( \{T_i\}_{i=1}^{32}, \; 0.01\text{ ETH}, \; 30\text{ days}, \; 7\text{ days}, \; \text{July 19 2026}, \; 20, \; 40, \; \emptyset, \; \text{start}, \; 3\text{ days}, \; 1\text{ ETH}, \; 90\text{ days} \right)$$
 
 ---
 
@@ -129,7 +146,7 @@ The economic behavior of a Defifa game is determined jointly by:
 
 **Game parameters.** For reference, the parameter tuple is:
 
-$$\mathcal{G} = \left( \{T_i\}_{i=1}^{N}, \; t_{\text{mint}}, \; t_{\text{refund}}, \; t_{\text{start}}, \; \phi_{\text{defifa}}, \; \phi_{\text{base}}, \; \mathcal{S}, \; \tau_{\text{attest}}, \; \tau_{\text{grace}} \right)$$
+$$\mathcal{G} = \left( \{T_i\}_{i=1}^{N}, \; p, \; t_{\text{mint}}, \; t_{\text{refund}}, \; t_{\text{start}}, \; \phi_{\text{defifa}}, \; \phi_{\text{base}}, \; \mathcal{S}, \; \tau_{\text{attest}}, \; \tau_{\text{grace}}, \; m_{\text{min}}, \; \tau_{\text{timeout}} \right)$$
 
 **State variables.** The core dynamic variables are listed in Table 1.
 
@@ -138,22 +155,24 @@ $$\mathcal{G} = \left( \{T_i\}_{i=1}^{N}, \; t_{\text{mint}}, \; t_{\text{refund
 | $B(t)$ | Pot (treasury balance) at time $t$ |
 | $n_i(t)$ | Number of NFTs minted in tier $i$ at time $t$ |
 | $N_{\text{total}}(t)$ | Total NFTs outstanding across all tiers: $\sum_i n_i(t)$ |
-| $M(t)$ | Total mint cost accumulated: $\sum_i n_i(t) \cdot p_i$ |
+| $M(t)$ | Total mint cost accumulated: $\sum_i n_i(t) \cdot p$ |
 | $w_i$ | Scorecard weight assigned to tier $i$ (set at ratification, $\sum_i w_i = W_{\text{total}}$) |
 | $d_i(t)$ | Number of NFTs redeemed (burned for prize) from tier $i$ after ratification |
 | $B_{\text{prize}}$ | Net prize pool after fee extraction |
 
 *Table 1: Core state variables of a Defifa game.*
 
+Note that because all tiers share a uniform price $p$, the total mint cost simplifies to $M(t) = N_{\text{total}}(t) \cdot p$ and the pot composition is $B(t) = M(t)$. This uniformity is a deliberate design choice that ensures fair parimutuel dynamics — the pot fraction in each tier reflects only the *count* of mints, not differential pricing.
+
 At any time $t$, the state of the game is fully determined by the pair $\left(\mathcal{G}, \; \{B(t), n_i(t), w_i, d_i(t)\}\right)$, where $\mathcal{G}$ is the fixed game configuration and the second component evolves endogenously as players interact with the game. The next subsections formalize how each mechanism updates these variables.
 
 ### 2.2 Minting — Pot Formation
 
-During the mint phase $[t_{\text{mint\_start}}, \; t_{\text{mint\_start}} + t_{\text{mint}})$, any participant may purchase NFTs from any tier $i$ at the fixed price $p_i$ per token (denominated in the game's base asset).
+During the mint phase $[t_{\text{mint\_start}}, \; t_{\text{mint\_start}} + t_{\text{mint}})$, any participant may purchase NFTs from any tier $i$ at the uniform price $p$ per token (denominated in the game's base asset).
 
 **Minted quantity.** For a payment amount $x$ of base asset directed at tier $i$:
 
-$$q_i = \left\lfloor \frac{x}{p_i} \right\rfloor \tag{2}$$
+$$q_i = \left\lfloor \frac{x}{p} \right\rfloor \tag{2}$$
 
 The discrete nature of NFTs means that fractional tokens are not issued; any remainder is refunded.
 
@@ -161,20 +180,36 @@ The discrete nature of NFTs means that fractional tokens are not issued; any rem
 
 **State updates.** At the instant of a mint event where player $j$ purchases $q$ tokens of tier $i$:
 
-$$B(t^+) = B(t^-) + q \cdot p_i \tag{3}$$
+$$B(t^+) = B(t^-) + q \cdot p \tag{3}$$
 
 $$n_i(t^+) = n_i(t^-) + q \tag{4}$$
 
-$$M(t^+) = M(t^-) + q \cdot p_i \tag{5}$$
+$$M(t^+) = M(t^-) + q \cdot p \tag{5}$$
 
-These update rules define a monotonically increasing pot $B(t)$ during the mint phase, with the pot serving as a *fully-backed prize pool* — every unit of base asset entering the treasury corresponds to exactly $1/p_i$ NFTs issued to the payer.
+These update rules define a monotonically increasing pot $B(t)$ during the mint phase, with the pot serving as a *fully-backed prize pool* — every unit of base asset entering the treasury corresponds to exactly $1/p$ NFTs issued to the payer.
 
 **Pot composition.** At the end of the mint phase, the pot is:
 
-$$B_{\text{mint}} = \sum_{i=1}^{N} n_i \cdot p_i \tag{6}$$
+$$B_{\text{mint}} = \sum_{i=1}^{N} n_i \cdot p = N_{\text{total}} \cdot p \tag{6}$$
 
 This is the total capital at risk in the game, and represents the complete prize pool before fee extraction.
 
+**World Cup example.** Suppose the World Cup game attracts the following minting activity (after 30 days):
+
+| Tier | Team | Mints ($n_i$) | Pot share |
+|------|------|------:|-------:|
+| 1 | Argentina | 2,000 | 13.3% |
+| 2 | France | 1,800 | 12.0% |
+| 3 | Brazil | 1,500 | 10.0% |
+| 4 | England | 1,200 | 8.0% |
+| 5 | Germany | 1,100 | 7.3% |
+| ... | ... | ... | ... |
+| 31 | New Zealand | 20 | 0.13% |
+| 32 | Saudi Arabia | 10 | 0.07% |
+| **Total** | | **15,000** | **100%** |
+
+Total pot: $15{,}000 \times 0.01 = 150$ ETH. The pot fractions reveal the crowd's consensus probabilities — Argentina at 13.3% and Saudi Arabia at 0.07% mirror real-world expectations.
+
 ### 2.3 Refund — Optionality Window
 
 If $t_{\text{refund}} > 0$, a refund phase follows minting. During $[t_{\text{mint\_end}}, \; t_{\text{mint\_end}} + t_{\text{refund}})$:
@@ -182,21 +217,23 @@ If $t_{\text{refund}} > 0$, a refund phase follows minting. During $[t_{\text{mi
 - No new mints are accepted ($\texttt{pausePay} = \text{true}$).
 - Any NFT holder may burn their token to reclaim its mint price.
 
-**Refund mechanics.** A player burning $q$ tokens of tier $i$ receives exactly $q \cdot p_i$ base asset from the treasury:
+**Refund mechanics.** A player burning $q$ tokens of tier $i$ receives exactly $q \cdot p$ base asset from the treasury:
 
-$$R_{\text{refund}} = q \cdot p_i \tag{7}$$
+$$R_{\text{refund}} = q \cdot p \tag{7}$$
 
 **State updates.** After a refund:
 
-$$B(t^+) = B(t^-) - q \cdot p_i \tag{8}$$
+$$B(t^+) = B(t^-) - q \cdot p \tag{8}$$
 
 $$n_i(t^+) = n_i(t^-) - q \tag{9}$$
 
-$$M(t^+) = M(t^-) - q \cdot p_i \tag{10}$$
+$$M(t^+) = M(t^-) - q \cdot p \tag{10}$$
 
 The refund phase creates a *free option* for participants: they can observe late-breaking information (injury reports, market movements, team changes) and exit at zero cost. This option has value and we analyze its implications in Section 5.2.
 
-**Key property.** The refund is dollar-for-dollar: every token refunded removes exactly its mint price from the pot, preserving the per-NFT backing ratio $B(t) / N_{\text{total}}(t)$ for uniform-priced games.
+**Key property.** The refund is dollar-for-dollar: every token refunded removes exactly its mint price from the pot. Because all tiers share the uniform price $p$, the per-NFT backing ratio $B(t) / N_{\text{total}}(t) = p$ is always preserved.
+
+**World Cup example.** Two days before the tournament, a star player for Brazil suffers an injury. 300 Brazil holders refund their NFTs, reducing Brazil's count from 1,500 to 1,200 and the pot from 150 ETH to 147 ETH. The refund activity itself signals the belief shift — other participants observe the on-chain refund volume and update their expectations accordingly.
 
 ### 2.4 Prize Distribution — The Scorecard Formula
 
@@ -206,7 +243,7 @@ After the real-world event concludes and a scorecard is ratified, the game enter
 
 $$\sum_{i=1}^{N} w_i = W_{\text{total}} = 10^{18} \tag{11}$$
 
-Each $w_i \in [0, W_{\text{total}}]$ represents the fraction of the prize pool allocated to tier $i$'s holders.
+Each $w_i \in [0, W_{\text{total}}]$ represents the fraction of the prize pool allocated to tier $i$'s holders. The exact-sum constraint is enforced on-chain — the `validateAndBuildWeights` function in `DefifaHookLib` reverts if the cumulative weight does not equal `TOTAL_CASHOUT_WEIGHT` exactly. This guarantees that 100% of the prize pool is allocated with zero residual.
 
 **Per-token weight.** The weight assigned to a single NFT in tier $i$ is:
 
@@ -214,9 +251,9 @@ $$w_i^{\text{token}} = \frac{w_i}{\hat{n}_i} \tag{12}$$
 
 where $\hat{n}_i$ is the *effective* number of tokens eligible for redemption in tier $i$ at the time the scorecard is ratified:
 
-$$\hat{n}_i = n_i^{\text{minted}} - n_i^{\text{remaining}} - (n_i^{\text{burned}} - d_i) \tag{13}$$
+$$\hat{n}_i = n_i^{\text{minted}} - n_i^{\text{remaining}} - (n_i^{\text{burned}} - d_i) + n_i^{\text{pendingReserves}} \tag{13}$$
 
-Here $n_i^{\text{minted}}$ is the initial supply, $n_i^{\text{remaining}}$ is the unminted supply, $n_i^{\text{burned}}$ is the total burned count, and $d_i$ is the number of tokens redeemed *in the complete phase specifically*. This formula ensures that as tokens are redeemed in the complete phase, the denominator adjusts to maintain fair distribution for remaining holders.
+Here $n_i^{\text{minted}}$ is the initial supply, $n_i^{\text{remaining}}$ is the unminted supply, $n_i^{\text{burned}}$ is the total burned count, $d_i$ is the number of tokens redeemed *in the complete phase specifically*, and $n_i^{\text{pendingReserves}}$ is the number of unminted reserved tokens for the tier. Including pending reserves in the denominator prevents paid holders from front-running reserve mints to extract disproportionate value.
 
 **Cash-out value.** When a player burns a set of token IDs $\{k_1, k_2, \ldots, k_m\}$, the total claim is computed as:
 
@@ -232,37 +269,67 @@ The term $(B_{\text{prize}} + A_{\text{redeemed}})$ reconstructs the *original*
 **Special cases:**
 
 - **Winner-take-all:** $w_j = W_{\text{total}}$ for a single tier $j$, all others zero.
-- **Proportional split:** $w_i = W_{\text{total}} \cdot n_i / N_{\text{total}}$ weights by participation count.
-- **No contest (by convention):** All $w_i$ set proportionally to return mint prices, effectively implementing a full refund through the standard scorecard mechanism.
+- **Proportional split:** $w_i = W_{\text{total}} \cdot n_i / N_{\text{total}}$ weights by participation count (effectively a full refund for all).
+- **Graded outcome:** Different tiers receive weight proportional to their real-world performance (e.g., tournament placement).
+
+**World Cup example.** Argentina wins the final, France finishes runner-up, Germany and Brazil reach the semifinals. A scorecard is submitted:
+
+| Tier | Team | Weight $w_i$ | Share |
+|------|------|------:|-------:|
+| 1 | Argentina | $4 \times 10^{17}$ | 40% |
+| 2 | France | $2 \times 10^{17}$ | 20% |
+| 3 | Brazil | $1 \times 10^{17}$ | 10% |
+| 5 | Germany | $1 \times 10^{17}$ | 10% |
+| 4, 6–8 | QF losers (4 teams) | $5 \times 10^{16}$ each | 5% each |
+| 9–32 | Others | 0 | 0% |
+| **Total** | | $10^{18}$ | **100%** |
+
+Post-fee pot (at 7.5% default fees): $B_{\text{prize}} = 147 \times 0.925 = 135.975$ ETH.
+
+An Argentina holder with 1 NFT receives: $\frac{4 \times 10^{17} / 2{,}000}{10^{18}} \times 135.975 \approx 0.0272$ ETH — a 2.72x return on their 0.01 ETH mint. A Saudi Arabia holder receives nothing from the prize pool (weight = 0) but still receives protocol tokens when burning.
 
 ### 2.5 Fee Extraction Pipeline
 
-Before prize distribution begins, the Deployer contract extracts protocol fees by calling `fulfillCommitmentsOf`. This triggers a `sendPayoutsOf` call on the terminal, distributing the pot according to the scoring-phase splits.
+Before prize distribution begins, the Deployer contract extracts protocol fees by calling `fulfillCommitmentsOf`. This function computes the fee amount and sends only the fee portion as payouts via `sendPayoutsOf`, while the remaining balance stays in the treasury as surplus for player cash-outs.
 
-**Split structure.** The splits configured at game launch allocate the pot as follows:
+**Fee computation.** At game creation, the deployer computes and stores the total absolute split percent (the sum of all fee and custom split percentages out of `SPLITS_TOTAL_PERCENT`). At commitment fulfillment, the fee amount is:
 
-1. **Base protocol fee:** $\frac{1}{\phi_{\text{base}}}$ of the pot to the base protocol project (default: 5%)
-2. **Defifa fee:** $\frac{1}{\phi_{\text{defifa}}}$ of the pot to the Defifa project (default: 5%)
+$$F_{\text{total}} = B_{\text{pot}} \cdot \frac{\text{totalAbsolutePercent}}{\text{SPLITS\_TOTAL\_PERCENT}} \tag{15}$$
+
+**Split structure.** The splits configured at game launch allocate fees as follows:
+
+1. **Defifa fee:** $\frac{1}{\phi_{\text{defifa}}}$ of the pot to the Defifa project (default: $\phi_{\text{defifa}} = 20$, i.e., 5%)
+2. **Base protocol fee:** $\frac{1}{\phi_{\text{base}}}$ of the pot to the base protocol (NANA) project (default: $\phi_{\text{base}} = 40$, i.e., 2.5%)
 3. **Custom splits** ($\mathcal{S}$): Any additional game-creator-defined splits
-4. **Remainder:** Returned to the game's treasury via `addToBalanceOf`
+4. **Remainder:** Stays in the game's treasury as surplus for player cash-outs
 
-**Fee formulas.** Let $B_{\text{pot}}$ be the treasury balance at commitment fulfillment. The fee amounts are:
+**Fee formulas.** Let $B_{\text{pot}}$ be the treasury balance at commitment fulfillment. The individual fee amounts are:
 
-$$F_{\text{base}} = \frac{B_{\text{pot}}}{\phi_{\text{base}}} \tag{15}$$
+$$F_{\text{defifa}} = \frac{B_{\text{pot}}}{\phi_{\text{defifa}}} = \frac{B_{\text{pot}}}{20} = 0.05 \cdot B_{\text{pot}} \tag{16}$$
 
-$$F_{\text{defifa}} = \frac{B_{\text{pot}}}{\phi_{\text{defifa}}} \tag{16}$$
+$$F_{\text{base}} = \frac{B_{\text{pot}}}{\phi_{\text{base}}} = \frac{B_{\text{pot}}}{40} = 0.025 \cdot B_{\text{pot}} \tag{17}$$
 
-$$F_{\text{custom}} = \sum_{s \in \mathcal{S}} \frac{B_{\text{pot}} \cdot \text{percent}_s}{\text{SPLITS\_TOTAL\_PERCENT}} \tag{17}$$
+$$F_{\text{custom}} = \sum_{s \in \mathcal{S}} \frac{B_{\text{pot}} \cdot \text{percent}_s}{\text{SPLITS\_TOTAL\_PERCENT}} \tag{18}$$
 
 The prize pool available for player claims is:
 
-$$B_{\text{prize}} = B_{\text{pot}} - F_{\text{base}} - F_{\text{defifa}} - F_{\text{custom}} \tag{18}$$
+$$B_{\text{prize}} = B_{\text{pot}} - F_{\text{defifa}} - F_{\text{base}} - F_{\text{custom}} \tag{19}$$
+
+With default parameters ($\phi_{\text{defifa}} = 20$, $\phi_{\text{base}} = 40$, no custom splits), the total fee rate is **7.5%** and the prize pool is:
 
-With default parameters ($\phi_{\text{base}} = \phi_{\text{defifa}} = 20$, no custom splits), the prize pool is:
+$$B_{\text{prize}} = B_{\text{pot}} \cdot \left(1 - \frac{1}{20} - \frac{1}{40}\right) = B_{\text{pot}} \cdot \left(1 - 0.05 - 0.025\right) = 0.925 \cdot B_{\text{pot}} \tag{20}$$
 
-$$B_{\text{prize}} = B_{\text{pot}} \cdot \left(1 - \frac{1}{20} - \frac{1}{20}\right) = 0.9 \cdot B_{\text{pot}} \tag{19}$$
+**Resilient fee handling.** The `sendPayoutsOf` call is wrapped in a try-catch. If the payout fails for any reason (e.g., a split target is a reverting contract), the `CommitmentPayoutFailed` event is emitted, the fulfilled commitments value is set to a sentinel (1), and the final ruleset is still queued. Players can cash out immediately — the fee amount stays in the pot, slightly benefiting cash-out recipients. This ensures the game always reaches completion regardless of fee-collection failures.
 
-**Fee recycling.** The fees paid to the Defifa and base protocol projects are processed as standard Juicebox payments, which mint project tokens (e.g., $\text{DEFIFA}$, $\text{BASE\_PROTOCOL}$) to the beneficiary — in this case, the game's hook contract. These tokens are later distributed to players upon claim (Section 2.6).
+**Fee recycling.** The fees paid to the Defifa and base protocol projects are processed as standard Juicebox payments, which mint project tokens (e.g., $\text{DEFIFA}$, $\text{NANA}$) to the beneficiary — in this case, the game's hook contract. These tokens are later distributed to players upon claim (Section 2.6).
+
+**World Cup example.** With a 147 ETH pot and default fees:
+- Defifa fee: $147 / 20 = 7.35$ ETH (5%)
+- Base protocol fee: $147 / 40 = 3.675$ ETH (2.5%)
+- Total fees: $11.025$ ETH (7.5%)
+- Prize pool: $147 - 11.025 = 135.975$ ETH (92.5%)
+
+The 7.35 ETH paid to the Defifa project mints $\text{DEFIFA}$ tokens to the game hook. The 3.675 ETH paid to the base protocol mints $\text{NANA}$ tokens. Both accrue to players.
 
 ### 2.6 Protocol Token Allocation
 
@@ -270,22 +337,26 @@ When fees are paid to the Defifa and base protocol projects, those projects mint
 
 **Token allocation per player.** For a player burning tokens with cumulative mint cost $c$:
 
-$$X_{\text{defifa}} = \frac{c}{M} \cdot D_{\text{total}} \tag{20}$$
+$$X_{\text{defifa}} = \frac{c}{M} \cdot D_{\text{total}} \tag{21}$$
 
-$$X_{\text{base}} = \frac{c}{M} \cdot P_{\text{total}} \tag{21}$$
+$$X_{\text{nana}} = \frac{c}{M} \cdot P_{\text{total}} \tag{22}$$
 
 where:
 - $M = $ total mint cost of all tokens ever minted in the game ($\texttt{\_totalMintCost}$),
 - $D_{\text{total}} = $ total $\text{DEFIFA}$ tokens held by the hook contract,
-- $P_{\text{total}} = $ total $\text{BASE\_PROTOCOL}$ tokens held by the hook contract.
+- $P_{\text{total}} = $ total $\text{NANA}$ tokens held by the hook contract.
+
+The computation uses `mulDiv` for precision: `mulDiv(tokenBalance, cumulativeMintPrice, totalMintCost)`.
 
 **Key property.** Protocol token distribution is proportional to *original mint cost*, not to scorecard weight. This means that even holders of losing tiers (weight = 0) receive protocol tokens when burning their NFTs, creating a partial consolation mechanism that rewards participation regardless of outcome.
 
 **Incentive alignment.** This design ensures that:
-- *Larger bets* (higher mint cost) receive proportionally more protocol tokens,
 - *All participants* have an incentive to burn their NFTs even in losing tiers (to claim protocol tokens),
+- Since all tiers share the same price $p$, each NFT generates the same protocol-token claim regardless of tier,
 - The protocol *captures value* from every game through its fee-token flywheel.
 
+**World Cup example.** A Saudi Arabia holder (Tier 32) with 1 NFT paid 0.01 ETH. The total mint cost is 150 ETH (15,000 mints at 0.01 ETH). Their share of protocol tokens is $0.01 / 150 = 0.0067\%$. If the hook holds 1,000 $\text{DEFIFA}$ tokens, this holder receives $0.067$ $\text{DEFIFA}$. Small, but non-zero — a reason to burn even a losing ticket.
+
 ---
 
 ## 3 Attestation Governance and Scorecard Ratification
@@ -296,41 +367,45 @@ The attestation mechanism uses a *per-tier proportional representation* model ra
 
 **Attestation units.** Each tier $i$ carries a maximum attestation power of:
 
-$$V_{\text{max}} = 10^9 \quad \text{(MAX\_ATTESTATION\_POWER\_TIER)} \tag{22}$$
+$$V_{\text{max}} = 10^9 \quad \text{(MAX\_ATTESTATION\_POWER\_TIER)} \tag{23}$$
 
 This maximum is shared among all holders of tier $i$. A holder's attestation weight for tier $i$ is:
 
-$$v_i^{\text{holder}} = V_{\text{max}} \cdot \frac{n_i^{\text{holder}}}{n_i^{\text{total}}} \tag{23}$$
+$$v_i^{\text{holder}} = V_{\text{max}} \cdot \frac{n_i^{\text{holder}}}{n_i^{\text{total}}} \tag{24}$$
 
 where $n_i^{\text{holder}}$ is the number of tier-$i$ tokens delegated to (or held by) the attestor, and $n_i^{\text{total}}$ is the total minted supply of tier $i$ at the attestation snapshot timestamp.
 
 **Total attestation weight.** A holder's total attestation power across all tiers is:
 
-$$v^{\text{holder}} = \sum_{i : n_i^{\text{holder}} > 0} V_{\text{max}} \cdot \frac{n_i^{\text{holder}}}{n_i^{\text{total}}} \tag{24}$$
+$$v^{\text{holder}} = \sum_{i : n_i^{\text{holder}} > 0} V_{\text{max}} \cdot \frac{n_i^{\text{holder}}}{n_i^{\text{total}}} \tag{25}$$
 
-**Checkpoint-based snapshots.** Attestation power is measured at a fixed timestamp (the scorecard's `attestationsBegin` time), using historical checkpoints. This prevents vote-buying attacks where an actor acquires tokens immediately before voting.
+**Checkpoint-based snapshots.** Attestation power is measured at the scorecard's `attestationsBegin - 1` timestamp (one second before the attestation window opens). This prevents same-block transfer manipulation: acquiring tokens at or after `attestationsBegin` provides zero additional voting power. Additionally, pending reserve counts are snapshotted per tier at submission time (`_pendingReservesSnapshotOf`), so minting reserves after submission cannot inflate attestation power by removing the pending-reserve dilution. All attestors' weights are measured at the same point in time with a fixed pending reserve baseline, ensuring fairness.
 
 **Delegation.** During the mint phase only, holders may delegate their attestation units to a chosen delegate address per tier. Delegation is:
 - Per-tier (a holder can delegate different tiers to different delegates),
-- Snapshot-locked (only the delegation state at `attestationsBegin` counts),
-- Mint-phase-only (no delegation changes after minting closes).
+- Snapshot-locked (only the delegation state at `attestationsBegin - 1` counts),
+- Mint-phase-only (no delegation changes after minting closes — the `_update` function enforces `DELEGATE_CHANGES_UNAVAILABLE_IN_THIS_PHASE`).
+
+**World Cup example.** Argentina (Tier 1) has 2,000 NFTs. A fan holding 100 Argentina NFTs has attestation power: $10^9 \times 100/2{,}000 = 50{,}000{,}000$ from Tier 1. If they also hold 50 France NFTs (out of 1,800): $10^9 \times 50/1{,}800 \approx 27{,}778{,}000$ from Tier 2. Total: $\sim 77.8$ million attestation units. Note that despite Argentina having more total mints, each *tier* contributes equally to governance weight — the per-tier cap ensures that Argentina's 2,000 holders collectively have the same maximum power ($10^9$) as Saudi Arabia's 10 holders.
 
 ### 3.2 Quorum and Ratification Conditions
 
 **Quorum calculation.** The quorum required for scorecard ratification is:
 
-$$Q = \frac{N_{\text{minted\_tiers}}}{2} \cdot V_{\text{max}} \tag{25}$$
+$$Q = \frac{N_{\text{minted\_tiers}}}{2} \cdot V_{\text{max}} \tag{26}$$
 
 where $N_{\text{minted\_tiers}}$ is the number of tiers that have at least one minted token. This means a scorecard must achieve attestation weight equivalent to *half of all minted tiers voting unanimously* to pass.
 
-**Example.** For a game with 4 tiers (all minted), the quorum is:
+Quorum is computed from the live supply (`currentSupplyOfTier`) rather than a snapshot. This means the quorum threshold can shift if tokens are burned after attestation — but since attestation weights are snapshotted, this only makes ratification easier (lower threshold), not harder.
+
+**World Cup example.** All 32 tiers have minted tokens, so:
 
-$$Q = \frac{4}{2} \cdot 10^9 = 2 \times 10^9$$
+$$Q = \frac{32}{2} \cdot 10^9 = 16 \times 10^9$$
 
-This requires the equivalent of 2 full tiers' worth of unanimous attestation — for instance, all holders of 2 tiers attesting, or 50% of holders across all 4 tiers.
+This requires the equivalent of 16 full tiers' worth of unanimous attestation. If the default delegate holds delegated power from a majority of minters across 16+ tiers, they can single-handedly meet quorum — which is exactly the intended fast path for games with trusted organizers.
 
 **Ratification conditions.** A scorecard can be ratified when all three conditions are met:
-1. The scorecard's grace period has expired ($\texttt{gracePeriodEnds} < \texttt{block.timestamp}$),
+1. The scorecard's grace period has expired ($\texttt{gracePeriodEnds} \leq \texttt{block.timestamp}$),
 2. The attestation count meets or exceeds quorum ($\texttt{attestations.count} \geq Q$),
 3. No other scorecard has been ratified for this game.
 
@@ -341,12 +416,14 @@ Each submitted scorecard passes through five states:
 | State | Condition |
 |-------|-----------|
 | **PENDING** | $\texttt{attestationsBegin} > \texttt{block.timestamp}$ |
-| **ACTIVE** | $\texttt{attestationsBegin} \leq \texttt{now} \leq \texttt{gracePeriodEnds}$ |
+| **ACTIVE** | $\texttt{attestationsBegin} \leq \texttt{now}$ and ($\texttt{gracePeriodEnds} > \texttt{now}$ or quorum not met) |
 | **SUCCEEDED** | Grace period expired AND attestations $\geq$ quorum |
 | **DEFEATED** | A different scorecard was ratified |
 | **RATIFIED** | This scorecard was ratified |
 
-Multiple scorecards may coexist in ACTIVE or SUCCEEDED state simultaneously, but only one can ever be ratified. This creates a competitive dynamic where multiple proposed outcomes compete for attestation support.
+Multiple scorecards may coexist in ACTIVE or SUCCEEDED state simultaneously, but only one can ever be ratified. Scorecards that fail to reach quorum remain ACTIVE indefinitely — there is no expiry on individual scorecards. The game's `scorecardTimeout` provides the ultimate backstop (see Section 9.1).
+
+The grace period is computed relative to `attestationsBegin`, not submission time: $t_{\text{grace\_end}} = t_{\text{attest\_begin}} + \tau_{\text{grace}}$. This prevents the grace period from expiring before attestations even start when a scorecard is submitted early in the scoring phase.
 
 ### 3.4 Resistance to Strategic Manipulation
 
@@ -354,29 +431,27 @@ The attestation model incorporates several defenses against strategic manipulati
 
 **Defense 1: Per-tier cap.** No single tier's holders can contribute more than $V_{\text{max}}$ attestation units, regardless of how many tokens they hold. A whale who buys the entire supply of one tier has exactly $V_{\text{max}}$ power — the same as if any single holder held the tier.
 
-**Defense 2: Checkpoint snapshots.** Attestation power is computed at a fixed historical timestamp. Acquiring tokens after the snapshot provides zero additional voting power for that scorecard.
+**Defense 2: Checkpoint snapshots.** Attestation power is computed at a fixed historical timestamp (`attestationsBegin - 1`). Acquiring tokens after the snapshot provides zero additional voting power for that scorecard. Pending reserve counts are snapshotted at submission time, preventing reserve minting from inflating attestation power.
 
 **Defense 3: Mint-phase-only delegation.** Delegation is locked after the mint phase, preventing last-minute delegation changes during the scoring phase.
 
 **Defense 4: 50% quorum across tiers.** Requiring half of all minted tiers' worth of attestation power means that no coalition controlling fewer than half the minted tiers can unilaterally ratify a fraudulent scorecard — even with 100% participation within their controlled tiers.
 
+**Defense 5: Scoring-phase-only submission.** Scorecard submission is restricted to the SCORING phase. This prevents pre-accumulation of attestations during minting, which could otherwise allow a coordinated group to achieve SUCCEEDED status before the real-world event even occurs.
+
 **Remaining attack surface.** A coalition controlling sufficient attestation power across $\lceil N_{\text{minted}}/2 \rceil$ tiers can ratify an arbitrary scorecard. The critical insight is that attestation power within a tier is *proportional to token holdings*, not absolute. An attacker holding 100% of a tier's supply — even just 1 token — receives the full $V_{\text{max}} = 10^9$ attestation power for that tier.
 
 **Worst-case attack cost (heavily minted tiers).** When all tiers are well-populated, the attacker must acquire majority holdings in at least $\lceil N/2 \rceil$ tiers:
 
-$$C_{\text{attack}}^{\text{worst}} \geq \sum_{i \in \text{majority set}} \left\lceil \frac{n_i + 1}{2} \right\rceil \cdot p_i \tag{26}$$
+$$C_{\text{attack}}^{\text{worst}} \geq \sum_{i \in \text{majority set}} \left\lceil \frac{n_i + 1}{2} \right\rceil \cdot p \tag{27}$$
 
 **Best-case attack cost (sparse tiers).** When some tiers have zero or minimal mints, the attacker can buy 1 token in each unminted tier, becoming the sole holder and receiving full attestation power:
 
-$$C_{\text{attack}}^{\text{best}} = \sum_{i \in \text{cheapest } \lceil N/2 \rceil \text{ unminted tiers}} p_i \tag{26a}$$
-
-This is potentially orders of magnitude cheaper than Eq. 26. In a game with 32 tiers at 0.01 ETH where 16 tiers have zero mints, the attacker spends just $16 \times 0.01 = 0.16$ ETH to meet quorum single-handedly — regardless of pot size. They could then ratify a scorecard directing the entire prize pool to their tokens. **This is the most significant governance vulnerability identified in this analysis** and is discussed further in Section 9.2.
+$$C_{\text{attack}}^{\text{best}} = \sum_{i \in \text{cheapest } \lceil N/2 \rceil \text{ unminted tiers}} p = \lceil N/2 \rceil \cdot p \tag{27a}$$
 
-For the attack to be profitable, the attacker must redirect more than $C_{\text{attack}}$ in prize value to their controlled tiers:
+This is potentially orders of magnitude cheaper than Eq. 27. We analyze this vulnerability in depth in Section 9.2.
 
-$$B_{\text{prize}} > C_{\text{attack}} \cdot \frac{W_{\text{total}}}{\sum_{i \in \text{majority set}} w_i^{\text{proposed}}} \tag{27}$$
-
-For the sparse-tier attack, this condition is almost always satisfied when the pot is nontrivial, making the attack economically rational. Games with broad, uniform participation across all tiers are resistant; games with uneven participation are vulnerable.
+**World Cup example.** In our 32-team game, all tiers are minted (even Saudi Arabia has 10 tokens). To control 16 tiers by buying majority positions: even the cheapest approach requires $16 \times \lceil 11/2 \rceil \times 0.01 = 0.96$ ETH to control the 16 least-popular tiers. The return (135.975 ETH) vastly exceeds the cost. However, the `minParticipation` threshold and the social pressure of a well-publicized game make this attack visible and reputationally costly. See Section 9.2 for mitigations.
 
 ---
 
@@ -398,14 +473,16 @@ $$\mathbb{E}[V_i] = \pi_i \cdot \frac{B_{\text{prize}}}{n_i} + X_i^{\text{protoc
 
 A rational risk-neutral player mints tier $i$ when:
 
-$$\mathbb{E}[V_i] > p_i \tag{30}$$
+$$\mathbb{E}[V_i] > p \tag{30}$$
 
 Substituting:
 
-$$\pi_i > \frac{p_i - X_i^{\text{protocol}}}{B_{\text{prize}} / n_i} \tag{31}$$
+$$\pi_i > \frac{p - X_i^{\text{protocol}}}{B_{\text{prize}} / n_i} \tag{31}$$
 
 This threshold probability decreases as the pot grows (more participants in other tiers create larger prizes for a given probability) and increases as more tokens of tier $i$ are minted (diluting the per-token payout within the tier).
 
+**World Cup example.** Argentina has 2,000 mints and a 147 ETH pot (135.975 ETH post-fee). If the scorecard assigns 40% to the winner, an Argentina holder's expected value is $\pi_A \times 0.4 \times 135.975 / 2{,}000$. For this to exceed 0.01 ETH: $\pi_A > 0.01 / (0.4 \times 135.975 / 2{,}000) = 0.01 / 0.02720 \approx 36.8\%$. If you believe Argentina has a $>37\%$ chance of winning, minting is positive expected value.
+
 ### 4.2 Post-Scorecard Valuation
 
 After the scorecard is ratified and fees are extracted, each NFT has a deterministic value:
@@ -414,7 +491,7 @@ After the scorecard is ratified and fees are extracted, each NFT has a determini
 
 $$V_i^{\text{token}} = \frac{w_i}{\hat{n}_i \cdot W_{\text{total}}} \cdot (B_{\text{prize}} + A_{\text{redeemed}}) + V_i^{\text{protocol}} \tag{32}$$
 
-where $V_i^{\text{protocol}} = \frac{p_i}{M} \cdot (D_{\text{total}} \cdot P_D + P_{\text{total}} \cdot P_P)$ is the protocol-token value, with $P_D$ and $P_P$ being the market prices of $\text{DEFIFA}$ and $\text{BASE\_PROTOCOL}$ tokens respectively.
+where $V_i^{\text{protocol}} = \frac{p}{M} \cdot (D_{\text{total}} \cdot P_D + P_{\text{total}} \cdot P_P)$ is the protocol-token value, with $P_D$ and $P_P$ being the market prices of $\text{DEFIFA}$ and $\text{NANA}$ tokens respectively.
 
 **Winning tier (full weight).** In a winner-take-all game with $w_j = W_{\text{total}}$:
 
@@ -446,7 +523,7 @@ This means post-ratification secondary markets should converge immediately to re
 
 ### 5.1 Mint-Phase Strategy: Entry Timing
 
-**Early minting advantage.** In a fixed-price game, there is no direct price advantage to minting early vs. late within the mint phase (prices are fixed). However, early minters benefit from:
+**Early minting advantage.** In a uniform-price game, there is no direct price advantage to minting early vs. late within the mint phase. However, early minters benefit from:
 
 1. **Information asymmetry**: later minters may have better information about the likely outcome, concentrating on winning tiers and diluting per-token payouts within those tiers.
 
@@ -458,17 +535,19 @@ This means post-ratification secondary markets should converge immediately to re
 
 2. **Implied probability extraction**: the distribution of mints across tiers reveals collective sentiment, analogous to odds in a betting market.
 
-**Equilibrium.** In a Nash equilibrium of the minting game with risk-neutral players, each player mints the tier maximizing their expected payoff. Denoting by $\pi_i$ the true probability of tier $i$ winning and by $f_i = n_i \cdot p_i / B$ the fraction of the pot allocated to tier $i$:
+**Equilibrium.** In a Nash equilibrium of the minting game with risk-neutral players, each player mints the tier maximizing their expected payoff. Denoting by $\pi_i$ the true probability of tier $i$ winning and by $f_i = n_i / N_{\text{total}}$ the fraction of NFTs allocated to tier $i$ (which equals the pot fraction since all prices are uniform):
 
 $$\mathbb{E}[\text{return}_i] = \frac{\pi_i}{f_i} \cdot (1 - \phi) - 1 \tag{35}$$
 
-where $\phi = 1/\phi_{\text{defifa}} + 1/\phi_{\text{base}} + \phi_{\text{custom}}$ is the total fee rate.
+where $\phi = 1/\phi_{\text{defifa}} + 1/\phi_{\text{base}} + \phi_{\text{custom}}$ is the total fee rate (default: 7.5%).
 
 In equilibrium, expected returns equalize across tiers: $\mathbb{E}[\text{return}_i] = \mathbb{E}[\text{return}_j]$ for all $i, j$ with non-zero minting, which implies:
 
 $$\frac{\pi_i}{f_i} = \frac{\pi_j}{f_j} \quad \Rightarrow \quad f_i = \frac{\pi_i}{\sum_k \pi_k} = \pi_i \tag{36}$$
 
-**Result.** In equilibrium, the fraction of the pot in each tier equals the market's consensus probability of that tier winning. This is the classical parimutuel result: the pot allocation *reveals* the collective probability assessment.
+**Result.** In equilibrium, the fraction of NFTs in each tier equals the market's consensus probability of that tier winning. This is the classical parimutuel result: the mint distribution *reveals* the collective probability assessment.
+
+**World Cup example.** Argentina's 2,000 mints out of 15,000 total = 13.3% share. In equilibrium, this implies the crowd assigns Argentina a 13.3% probability of winning — approximately matching real-world bookmaker odds. The on-chain mint distribution functions as a decentralized prediction market.
 
 ### 5.2 Refund-Phase Strategy: Option Exercise
 
@@ -476,9 +555,9 @@ The refund phase creates a *free put option* on each minted NFT, struck at the m
 
 **Option value.** Let $V_i(t_{\text{refund\_end}})$ be the expected value of a tier-$i$ token at the end of the refund phase. The refund option has value:
 
-$$O_i = \max\left(p_i - V_i(t_{\text{refund\_end}}), \; 0\right) \tag{37}$$
+$$O_i = \max\left(p - V_i(t_{\text{refund\_end}}), \; 0\right) \tag{37}$$
 
-A rational player exercises (refunds) when $V_i(t_{\text{refund\_end}}) < p_i$, which occurs when new information shifts the expected outcome against their chosen tier.
+A rational player exercises (refunds) when $V_i(t_{\text{refund\_end}}) < p$, which occurs when new information shifts the expected outcome against their chosen tier.
 
 **Strategic implications.** The refund phase serves three purposes:
 
@@ -488,15 +567,15 @@ A rational player exercises (refunds) when $V_i(t_{\text{refund\_end}}) < p_i$,
 
 3. **Adverse selection mitigation**: the refund phase partially solves the "winner's curse" problem, where early minters in popular tiers may overpay relative to their per-token payout.
 
-**Pot contraction.** Refunds shrink the pot proportionally. If a fraction $\alpha$ of tier-$i$ tokens are refunded, the pot decreases by $\alpha \cdot n_i \cdot p_i$ and tier $i$'s outstanding supply decreases by $\alpha \cdot n_i$. The per-token expected value for remaining tier-$i$ holders *increases* (fewer tokens sharing the same weight), partially offsetting the information content of the refund signal.
+**Pot contraction.** Refunds shrink the pot proportionally. If a fraction $\alpha$ of tier-$i$ tokens are refunded, the pot decreases by $\alpha \cdot n_i \cdot p$ and tier $i$'s outstanding supply decreases by $\alpha \cdot n_i$. The per-token expected value for remaining tier-$i$ holders *increases* (fewer tokens sharing the same weight), partially offsetting the information content of the refund signal.
 
 ### 5.3 Scoring-Phase Strategy: Attestation Delegation
 
-During the scoring phase, the key strategic variable is delegation. Rational players delegate their attestation power to the address most likely to submit and attest to the correct scorecard.
+During the scoring phase, the key strategic variable is attestation. Rational players attest to the scorecard that maximizes their expected payout.
 
 **Default delegation.** Games may specify a `defaultAttestationDelegate` — a trusted address (e.g., the game organizer) whose scorecard proposals are flagged. Players delegating to this address at mint time reduce coordination costs.
 
-**Strategic delegation.** A player holding tokens in tier $i$ has an incentive to delegate to addresses that will attest to scorecards assigning high weight to tier $i$. However, the quorum requirement (50% of minted tiers) means that no single tier's strategy can unilaterally determine the outcome. Scorecards that deviate from the true outcome face the collective opposition of all other tiers' holders.
+**Strategic delegation.** A player holding tokens in tier $i$ has an incentive to attest to scorecards assigning high weight to tier $i$. However, the quorum requirement (50% of minted tiers) means that no single tier's strategy can unilaterally determine the outcome. Scorecards that deviate from the true outcome face the collective opposition of all other tiers' holders.
 
 **Equilibrium.** In the unique subgame-perfect equilibrium of the attestation game (assuming common knowledge of the event outcome):
 
@@ -509,11 +588,11 @@ After ratification, holding an NFT rather than burning it has the following payo
 
 **Burn immediately.** Receive $V_i^{\text{token}} = w_i^{\text{token}} / W_{\text{total}} \cdot (B_{\text{prize}} + A_{\text{redeemed}}) + V_i^{\text{protocol}}$.
 
-**Hold.** The NFT retains the same deterministic value $V_i^{\text{token}}$ indefinitely (the contract imposes no time decay on claims). The only reason to delay is if the player expects the protocol tokens ($\text{DEFIFA}$, $\text{BASE\_PROTOCOL}$) to appreciate in value before claiming.
+**Hold.** The NFT retains the same deterministic value $V_i^{\text{token}}$ indefinitely (the contract imposes no time decay on claims). The only reason to delay is if the player expects the protocol tokens ($\text{DEFIFA}$, $\text{NANA}$) to appreciate in value before claiming.
 
 **Dominant strategy.** For risk-neutral players with positive time preference, burning immediately weakly dominates holding. The claim value does not depreciate (the path-independent formula ensures later claimants receive the same amount), but the time value of money favors immediate realization. Holding is justified only by expected protocol-token appreciation exceeding the discount rate:
 
-$$\frac{dP_D}{dt} \cdot \frac{p_i}{M} \cdot D_{\text{total}} > r \cdot V_i^{\text{token}} \tag{38}$$
+$$\frac{dP_D}{dt} \cdot \frac{p}{M} \cdot D_{\text{total}} > r \cdot V_i^{\text{token}} \tag{38}$$
 
 where $r$ is the player's discount rate.
 
@@ -535,7 +614,7 @@ Since $n_i^{\text{eligible}} = \hat{n}_i$ at the start (before any complete-phas
 
 $$\sum_{i=1}^{N} \frac{w_i}{W_{\text{total}}} \cdot B_{\text{prize}} = \frac{B_{\text{prize}}}{W_{\text{total}}} \sum_{i=1}^{N} w_i = B_{\text{prize}} \quad \square$$
 
-This guarantees that the treasury is exactly drained after all eligible tokens are redeemed — there is no residual and no shortfall.
+This guarantee is strengthened by the exact-sum validation on-chain: `validateAndBuildWeights` in `DefifaHookLib` reverts if $\sum_i w_i \neq W_{\text{total}}$. Under-allocated scorecards are rejected, ensuring that 100% of the prize pool is always distributed with zero residual.
 
 ### 6.2 Solvency Under Sequential Cash-Outs
 
@@ -543,7 +622,7 @@ This guarantees that the treasury is exactly drained after all eligible tokens a
 
 *Proof.* The per-token claim formula (Eq. 14) uses $(B_{\text{prize}} + A_{\text{redeemed}})$ as the reference pot, which is constant regardless of how many tokens have been redeemed. The denominator $\hat{n}_i$ adjusts via the $d_i$ (tokens redeemed from tier $i$) counter, but the per-token weight formula $w_i / \hat{n}_i$ uses the *original* eligible count (at scorecard ratification), not the current count. The Solidity implementation achieves this by tracking `tokensRedeemedFrom[tierId]` and subtracting from the denominator:
 
-$$\hat{n}_i = n_i^{\text{minted}} - n_i^{\text{remaining}} - (n_i^{\text{burned}} - d_i) \tag{39}$$
+$$\hat{n}_i = n_i^{\text{minted}} - n_i^{\text{remaining}} - (n_i^{\text{burned}} - d_i) + n_i^{\text{pendingReserves}} \tag{39}$$
 
 As each token is redeemed, both $n_i^{\text{burned}}$ and $d_i$ increment by 1, leaving $\hat{n}_i$ invariant. Therefore, each token receives the same payout regardless of when it is redeemed. $\square$
 
@@ -553,11 +632,11 @@ The total value available to players (prize + protocol tokens) is:
 
 $$V_{\text{total}} = B_{\text{prize}} + V_{\text{protocol}} = B_{\text{pot}} \cdot (1 - \phi) + V_{\text{protocol}} \tag{40}$$
 
-where $V_{\text{protocol}}$ is the market value of protocol tokens allocated to the game. With default fees ($\phi = 10\%$):
+where $V_{\text{protocol}}$ is the market value of protocol tokens allocated to the game. With default fees ($\phi = 7.5\%$):
 
-$$V_{\text{total}} = 0.9 \cdot B_{\text{pot}} + V_{\text{protocol}} \tag{41}$$
+$$V_{\text{total}} = 0.925 \cdot B_{\text{pot}} + V_{\text{protocol}} \tag{41}$$
 
-Whether the net present value exceeds the mint cost depends on whether $V_{\text{protocol}} > 0.1 \cdot B_{\text{pot}}$ — i.e., whether protocol token value compensates for the fee extraction. This creates a circular dependency: protocol token value derives from the aggregate fees across all games, which depends on game volume, which depends on expected player returns, which depends on protocol token value. We analyze this flywheel in Section 7.3.
+Whether the net present value exceeds the mint cost depends on whether $V_{\text{protocol}} > 0.075 \cdot B_{\text{pot}}$ — i.e., whether protocol token value compensates for the fee extraction. This creates a circular dependency: protocol token value derives from the aggregate fees across all games, which depends on game volume, which depends on expected player returns, which depends on protocol token value. We analyze this flywheel in Section 7.3.
 
 ---
 
@@ -576,23 +655,30 @@ Defifa implements a *generalized parimutuel mechanism* with several distinctive
 | Secondary market | Typically none | Full ERC-721 transferability |
 | Refund option | Typically none | Configurable refund phase |
 | Token rewards | None | Protocol token distribution |
+| Safety fallback | None | NO_CONTEST with full refunds |
 
 **Parimutuel equivalence.** Under the following conditions, a Defifa game is equivalent to a classical parimutuel pool:
-- All tiers have the same price ($p_i = p$ for all $i$),
+- All tiers have the same price (enforced by protocol — always true),
 - The scorecard is binary (one winning tier gets $W_{\text{total}}$, all others get 0),
 - No refund phase.
 
 In this case, the odds implied by the pot distribution match classical parimutuel odds:
 
-$$\text{odds}_i = \frac{B_{\text{prize}}}{n_i \cdot p} = \frac{(1 - \phi) \cdot \sum_k n_k}{n_i} \tag{42}$$
+$$\text{odds}_i = \frac{B_{\text{prize}}}{n_i \cdot p} = \frac{(1 - \phi) \cdot N_{\text{total}}}{n_i} \tag{42}$$
+
+**World Cup example (winner-take-all variant).** If the scorecard awards 100% to Argentina ($n_1 = 2{,}000$) out of 15,000 total mints:
+
+$$\text{odds}_{\text{Argentina}} = \frac{0.925 \times 15{,}000}{2{,}000} = 6.94\text{x}$$
+
+An Argentina holder's 0.01 ETH bet pays $0.069$ ETH — a $6.94\times$ return. These are precisely classical parimutuel odds with a 7.5% takeout rate.
 
 ### 7.2 Information Aggregation
 
 The minting and refund dynamics of Defifa create a multi-round price-discovery mechanism:
 
-**Round 1 (Mint phase).** Players reveal information through tier selection. Under the equilibrium result from Section 5.1, the pot distribution converges to the collective probability distribution.
+**Round 1 (Mint phase).** Players reveal information through tier selection. Under the equilibrium result from Section 5.1, the mint distribution converges to the collective probability distribution.
 
-**Round 2 (Refund phase).** Players who received new information can exit, and the refund pattern reveals belief updates. The post-refund pot distribution reflects updated probability assessments.
+**Round 2 (Refund phase).** Players who received new information can exit, and the refund pattern reveals belief updates. The post-refund mint distribution reflects updated probability assessments.
 
 **Round 3 (Secondary market).** If NFTs trade on secondary markets during the scoring phase, prices reflect the most current probability assessments, including information arriving after minting closes.
 
@@ -608,7 +694,7 @@ Defifa generates a *protocol-level flywheel* through its fee-token mechanism:
 4. **Protocol token value** reflects aggregate fee revenue across all games,
 5. **Higher token value** → higher expected returns for players → more game participation → more fees.
 
-**Flywheel dynamics.** Let $G$ be the number of active games, $\bar{B}$ the average pot size, and $\phi$ the fee rate. The aggregate fee revenue is:
+**Flywheel dynamics.** Let $G$ be the number of active games, $\bar{B}$ the average pot size, and $\phi$ the fee rate (default: 7.5%). The aggregate fee revenue is:
 
 $$R = G \cdot \bar{B} \cdot \phi \tag{43}$$
 
@@ -620,11 +706,11 @@ The fraction of the pot recovered through protocol tokens is:
 
 $$\frac{V_{\text{protocol}}^{\text{game}}}{\bar{B}} = \phi^2 \cdot \mu \cdot G \tag{45}$$
 
-This shows that the protocol-token recovery rate increases linearly with the number of games $G$ and the revenue multiple $\mu$. For $\phi = 0.1$, $\mu = 10$, and $G = 100$:
+This shows that the protocol-token recovery rate increases linearly with the number of games $G$ and the revenue multiple $\mu$. For $\phi = 0.075$, $\mu = 10$, and $G = 100$:
 
-$$\frac{V_{\text{protocol}}^{\text{game}}}{\bar{B}} = 0.01 \cdot 10 \cdot 100 = 10$$
+$$\frac{V_{\text{protocol}}^{\text{game}}}{\bar{B}} = 0.005625 \cdot 10 \cdot 100 = 5.625$$
 
-In this (illustrative) regime, protocol tokens would be worth 10x the pot — making Defifa games a *net-positive expected value* activity. While this extreme scenario is unlikely at scale, it demonstrates the directional incentive: more games create more protocol token value, which attracts more players.
+In this (illustrative) regime, protocol tokens would be worth 5.6x the pot — making Defifa games a *net-positive expected value* activity. While this extreme scenario is unlikely at scale, it demonstrates the directional incentive: more games create more protocol token value, which attracts more players.
 
 ---
 
@@ -632,21 +718,21 @@ In this (illustrative) regime, protocol tokens would be worth 10x the pot — ma
 
 ### 8.1 Tier Count and Price Calibration
 
-**Tier count.** The number of tiers $N$ affects:
+**Tier count.** The number of tiers $N$ affects (maximum: 128):
 
 - **Quorum difficulty**: $Q = (N_{\text{minted}} / 2) \cdot V_{\text{max}}$. More tiers require more attestation weight, increasing governance robustness but potentially slowing ratification.
 - **Per-tier dilution**: In a winner-take-all game, the winning tier's payout is diluted only by the number of tokens in that tier, not by total tiers. However, more tiers spread the pot thinner in proportional-split scorecards.
-- **Attack cost**: More tiers increase the cost of majority control (Eq. 26).
+- **Attack cost**: More tiers increase the cost of majority control (Eq. 27), but also increase the number of potentially sparse tiers vulnerable to cheap capture (Section 9.2).
 
 **Optimal regime**: $4 \leq N \leq 32$ tiers balances governance tractability with outcome granularity. Beyond 32 tiers, quorum coordination becomes challenging; below 4, the game reduces to a coin flip with limited appeal.
 
-**Price calibration.** Tier prices affect:
+**Price calibration.** Since all tiers share a uniform price $p$ (enforced by the protocol), the price affects:
 
 - **Accessibility**: Lower prices attract more participants but increase gas costs relative to the bet size.
-- **Pot concentration**: Uniform pricing ($p_i = p$) creates a clean parimutuel pool where pot fractions equal minting fractions. Non-uniform pricing allows odds-adjustment at design time (e.g., favorites priced higher).
-- **Attack economics**: Higher prices increase the cost of acquiring majority positions for attestation manipulation.
+- **Pot size per capita**: Higher prices create bigger pots from fewer participants. A 32-team game at 0.01 ETH needs 10,000 mints for a 100 ETH pot; at 0.1 ETH, only 1,000 mints.
+- **Attack economics**: Higher prices increase the cost of acquiring positions for attestation manipulation (Section 9.2).
 
-**Recommendation**: Uniform pricing between 0.01 and 1 ETH per NFT provides a balance between accessibility, gas efficiency, and attack resistance for most games.
+**Recommendation**: Uniform pricing between 0.01 and 0.1 ETH per NFT provides a balance between accessibility, gas efficiency, and attack resistance for most games.
 
 ### 8.2 Timing Parameters
 
@@ -656,257 +742,396 @@ $$t_{\text{mint}} \approx \min(\text{time until event}, \; 30 \text{ days}) \tag
 
 **Refund duration** ($t_{\text{refund}}$): Creates optionality value. Longer refund periods increase the option value for minters but may reduce pot stability (more uncertainty about final pot size). A refund period of 1–7 days provides meaningful optionality without excessive uncertainty.
 
-**Attestation start time** ($\tau_{\text{attest}}$): Delay between scorecard submission and voting activation. Longer delays give more holders time to prepare delegations and review scorecards. Recommended: 1–24 hours.
+**Attestation start time** ($\tau_{\text{attest}}$): The earliest time at which attestation voting opens. Longer delays give more holders time to review scorecards. Recommended: set to a time shortly after the event concludes.
 
-**Attestation grace period** ($\tau_{\text{grace}}$): Duration of the voting window. Must be long enough for broad participation but short enough to deliver results promptly. Recommended: 1–7 days.
+**Attestation grace period** ($\tau_{\text{grace}}$): Minimum duration of the voting window after attestation opens. Must be long enough for broad participation but short enough to deliver results promptly. Protocol-enforced minimum: 1 day. Recommended: 3–7 days.
+
+**Scorecard timeout** ($\tau_{\text{timeout}}$): Maximum time for governance resolution. Longer timeouts reduce deadline pressure but extend the period during which funds are locked. Recommended: 90–180 days for permissionless games, 30 days for trusted-organizer games.
 
 ### 8.3 Fee Calibration and Protocol Sustainability
 
-The default fee structure (5% Defifa + 5% base protocol = 10% total) is competitive with:
+The default fee structure (5% Defifa + 2.5% base protocol = 7.5% total) is competitive with:
 
 | Platform | Takeout Rate |
 |----------|-------------|
 | Horse racing (parimutuel) | 15–25% |
 | Sports betting (vig) | 4–10% |
 | Prediction markets (fees) | 1–5% |
-| **Defifa (default)** | **10%** |
+| **Defifa (default)** | **7.5%** |
 
-The 10% rate positions Defifa between traditional parimutuel systems and modern prediction markets. The key differentiation is the *protocol token rebate*: while the 10% is extracted as fees, a portion returns to players as protocol tokens, making the effective fee rate lower than the nominal rate.
+The 7.5% rate positions Defifa between traditional parimutuel systems and modern prediction markets. The key differentiation is the *protocol token rebate*: while 7.5% is extracted as fees, a portion returns to players as protocol tokens, making the effective fee rate lower than the nominal rate.
 
 **Effective fee rate.** If protocol tokens retain $\alpha$ fraction of their fee value:
 
 $$\phi_{\text{eff}} = \phi \cdot (1 - \alpha) \tag{47}$$
 
-For $\alpha = 0.5$ (protocol tokens retain 50% of their minting value): $\phi_{\text{eff}} = 0.10 \cdot 0.5 = 5\%$, competitive with low-fee prediction markets.
+For $\alpha = 0.5$ (protocol tokens retain 50% of their minting value): $\phi_{\text{eff}} = 0.075 \cdot 0.5 = 3.75\%$, highly competitive with low-fee prediction markets.
 
 ---
 
-## 9 Open Problems and Mechanism Design Recommendations
+## 9 Safety Mechanisms
+
+### 9.1 The No-Contest System
+
+Defifa includes a comprehensive safety system — the **NO_CONTEST** mechanism — that prevents funds from being permanently locked when governance fails or the game is non-viable. NO_CONTEST is a first-class game phase (defined in the `DefifaGamePhase` enum) with three complementary triggers.
+
+#### 9.1.1 Trigger 1: Minimum Participation Threshold
+
+**Mechanism.** At game creation, the organizer sets `minParticipation` — a minimum treasury balance required for the game to proceed to scoring. The `currentGamePhaseOf()` function checks the treasury balance against this threshold before returning SCORING. If the balance is below the threshold, it returns NO_CONTEST.
+
+**What it solves.** Ghost games with negligible participation skip directly to refundability without requiring any governance action. A 32-team World Cup game with `minParticipation = 1 ETH` won't enter scoring if only 50 people mint (0.5 ETH pot).
+
+**Attack surface.** An adversary who wants to force no-contest can refund enough tokens during the refund phase to push the balance below the threshold. Mitigation: set the threshold conservatively low relative to expected participation (e.g., 10% of the maximum expected pot).
+
+**Configuration.** Set to 0 to disable. The threshold is set at launch before any minting occurs, so calibration depends on organizer judgment.
+
+#### 9.1.2 Trigger 2: Scorecard Ratification Timeout
+
+**Mechanism.** At game creation, the organizer sets `scorecardTimeout` — a duration (in seconds) after the SCORING phase begins. The `currentGamePhaseOf()` function checks `block.timestamp > scoringRulesetStart + scorecardTimeout`. If the timeout has elapsed and no scorecard has been ratified, it returns NO_CONTEST.
+
+**What it solves.** All governance deadlock scenarios:
+- No scorecard submitted
+- Scorecard submitted but quorum unreachable (fragmented attestation)
+- Default attestation delegate is inaccessible (lost keys, dead multisig)
+- Attestation power locked in dead addresses
 
-The formal analysis in Sections 2–8 reveals several structural properties of the Defifa mechanism that merit attention. This section catalogs open problems discovered through systematic code review and game-theoretic analysis, ordered by severity, and proposes concrete protocol-level mitigations.
+This is the only mechanism that provides a hard, trustless, time-bounded guarantee that funds cannot be locked permanently.
 
-### 9.1 Governance Deadlock and Fund Recovery: A Deep Study
+**Configuration.** Set to 0 to disable. Recommended: 90 days for permissionless games.
 
-**Severity: Significant (design consideration).**
+#### 9.1.3 Trigger 3: Explicit No-Contest Activation
 
-#### 9.1.1 Historical Context
+**Mechanism.** Once `currentGamePhaseOf()` returns NO_CONTEST (from either trigger above), anyone can call `triggerNoContestFor(gameId)`. This function:
 
-The original Defifa (Juicebox V3 era) included `NO_CONTEST` and `NO_CONTEST_INEVITABLE` phases. In V3, each game phase had to be manually advanced by calling `queueNextPhaseOf()`. If nobody called this function before a funding cycle "rolled over" (repeated instead of advancing to the next phase), the `_noContestInevitable()` check detected the rollover and `_queueNoContest()` reconfigured the project for permanent full-price refunds (duration = 0, cashOutTaxRate = 0, pausePay = true). The V5 port pre-queues all rulesets at launch, eliminating the rollover risk — but also eliminating the *sole trigger* for no-contest. The dead enum values and handler code were removed as part of the V5 cleanup (see AUDIT\_FINDINGS L-D5).
+1. Verifies the game is in NO_CONTEST phase
+2. Sets `noContestTriggeredFor[gameId] = true` (permanent flag)
+3. Queues a new ruleset with no payout limits, making surplus equal to balance
+4. Enables full-refund cash-outs at mint price
 
-This section formally analyzes whether a new form of no-contest should be reintroduced, what triggers and parameters would be needed, and whether the existing mechanisms are sufficient.
+The explicit trigger is necessary because the NO_CONTEST phase is initially a *computed* state (the view function returns it based on conditions), but the on-chain ruleset still has the scoring-phase configuration. The trigger queues a new ruleset that enables the actual cash-out mechanics.
 
-#### 9.1.2 Exhaustive Deadlock Scenario Analysis
+**Cash-out behavior.** During NO_CONTEST, the `computeCashOutCount` function in `DefifaHookLib` returns `cumulativeMintPrice` — the same amount the player originally paid. This is identical to the MINT/REFUND phase behavior, implementing a complete refund.
 
-We identify five distinct scenarios in which game funds could become permanently inaccessible:
+#### 9.1.4 Priority Rules
 
-**Scenario A: No scorecard submitted.** The game reaches SCORING. Nobody calls `submitScorecardFor()`. All tier cash-out weights remain zero. The `beforeCashOutRecordedWith` hook returns `cashOutCount = 0` for any cash-out attempt (since weight = 0), and `afterCashOutRecordedWith` reverts with `NOTHING_TO_CLAIM` because `reclaimedAmount.value == 0`. Funds remain in the Juicebox treasury indefinitely.
+The phase resolution follows strict priority:
 
-**Scenario B: Scorecard submitted, quorum unreachable.** A scorecard exists but attestation power is fragmented. No single scorecard accumulates 50% of eligible attestation weight. The governor's `stateOf()` returns `ACTIVE` indefinitely (it never transitions to `DEFEATED` — there is no expiry on attestation). The game remains in SCORING with no mechanism to break the stalemate.
+1. **COMPLETE takes priority over NO_CONTEST.** If a scorecard has been ratified (`cashOutWeightIsSet == true`), the game is COMPLETE regardless of timeout or participation thresholds. A ratified scorecard is final.
 
-**Scenario C: Default attestation delegate is inaccessible.** The `defaultAttestationDelegate` is set to a contract that cannot execute transactions, or to a lost EOA. Since delegation can only be changed during the MINT phase (`_update` enforces `DELEGATE_CHANGES_UNAVAILABLE_IN_THIS_PHASE` after MINT), the accumulated attestation power is irrecoverably locked. Even if other participants want to coordinate, the delegate holds the majority of attestation units with no way to reclaim them.
+2. **Explicit trigger is sticky.** Once `noContestTriggeredFor[gameId]` is set, the game stays in NO_CONTEST permanently (cannot transition to SCORING even if conditions change).
 
-**Scenario D: Attestation power in dead addresses.** If >50% of game pieces are transferred to contracts that cannot call `attestToScorecardFrom()`, the exercisable attestation power drops below quorum permanently. This is distinct from Scenario C because the delegation may be correct but the delegatees are inaccessible.
+3. **Both thresholds are checked independently.** A game can enter NO_CONTEST from either `minParticipation` (balance too low) or `scorecardTimeout` (time elapsed) — whichever condition is met first.
 
-**Scenario E: Split target reverts on ratification.** `ratifyScorecardFrom()` calls `fulfillCommitmentsOf()`, which calls `sendPayoutsOf()`. If a split target is a reverting contract, `sendPayoutsOf` is caught by the internal try-catch in `fulfillCommitmentsOf`. The `CommitmentPayoutFailed` event is emitted, `fulfilledCommitmentsOf` is set to the sentinel value 1, and the final ruleset is still queued. Players can cash out immediately — the fee amount stays in the pot, slightly benefiting cash-out recipients. This is no longer a stuck-funds scenario.
+#### 9.1.5 The Default Attestation Delegate
 
-| Scenario | Funds stuck? | Delegate resolves? | Automated resolution? |
-|:---------|:------------:|:------------------:|:---------------------:|
-| A: No scorecard | Yes | Yes, if active | No |
-| B: Quorum unreachable | Yes | Yes, if has power | No |
-| C: Dead delegate | Yes | No | No |
-| D: Dead attestation holders | Yes | No | No |
-| E: Split target reverts | No | N/A | Yes (try-catch) |
+Beyond the automated NO_CONTEST triggers, the `defaultAttestationDelegate` provides a social fast-path for governance resolution. When set, every minter who does not specify a custom delegate has their attestation units delegated to this address. If no minter re-delegates, the delegate holds 100% of attestation power across all minted tiers — easily exceeding the 50% quorum.
 
-Note: the case where *all* minters refund during REFUND is not a deadlock — the treasury balance drops to zero and there are no funds to recover.
+The delegate can submit a scorecard, attest to it, and once quorum is met, anyone can ratify. This resolves most governance deadlocks in practice. However, it depends on:
+1. The delegate being set (optional parameter; `address(0)` is valid),
+2. The delegate remaining operational (multi-sigs lose keys; DAOs cease operating),
+3. The delegate acting honestly (a delegate could submit a self-serving scorecard),
+4. Minters not re-delegating away during MINT phase.
 
-#### 9.1.3 Effectiveness of the `defaultAttestationDelegate`
+**Defense in depth.** The combination of `defaultAttestationDelegate` (fast-path social resolution) + `scorecardTimeout` (hard backstop) + `minParticipation` (early exit for ghost games) provides layered safety where each mechanism covers the failure modes of the others.
 
-The `defaultAttestationDelegate` is the protocol's primary soft mitigation against governance deadlock. When set, every minter who does not specify a custom delegate has their attestation units delegated to this address. If no minter re-delegates, the delegate holds 100% of attestation power across all minted tiers — easily exceeding the 50% quorum.
+### 9.2 Governance Attack Economics
 
-The delegate can:
-1. Submit a scorecard via `submitScorecardFor()`
-2. Attest to it via `attestToScorecardFrom()`
-3. Once quorum is met, anyone can call `ratifyScorecardFrom()` to execute
+**All governance systems are manipulatable with sufficient capital.** The relevant question is not *whether* an attack is possible, but whether the **mechanism structurally prevents profit** regardless of how much the attacker spends. Making attacks "more expensive" is insufficient — a sufficiently capitalized adversary will pay any price. The defense must be structural, not economic.
 
-This resolves Scenarios A and B in the common case. However, it provides no hard guarantee because it depends on four assumptions:
+#### The Scaling Problem (Current Design)
 
-1. **The delegate is set.** It is an optional parameter; `address(0)` is valid.
-2. **The delegate remains operational.** Multi-sigs lose keys; DAOs cease operating; EOAs get lost.
-3. **The delegate acts honestly.** A delegate could submit a self-serving scorecard and self-ratify, stealing the entire pot. Participants have no recourse except to not play games with untrusted delegates.
-4. **Minters do not re-delegate.** During the MINT phase, any minter can change their delegation, reducing the delegate's power.
+The per-tier attestation power cap assigns equal $V_{\text{max}} = 10^9$ to every tier regardless of supply. Quorum counts any tier with nonzero supply as eligible:
 
-**Conclusion:** The delegate is an excellent first line of defense but is insufficient as a sole guarantee. It is a trusted, social mechanism — not a trustless, automated one. For permissionlessly created games with untrusted or absent organizers, the delegate provides no assurance.
+$$Q = \frac{N_{\text{minted}}}{2} \cdot V_{\text{max}}$$
 
-#### 9.1.4 Candidate Mechanism A: Minimum Participation Threshold
+An adversary buys 1 token in each of $\lceil N/2 \rceil$ sparse tiers, becoming the sole holder and receiving full attestation power per tier. Their cost:
 
-**Concept.** At game initialization, the organizer sets `minParticipation` — a minimum treasury balance required for the game to proceed past REFUND to SCORING. If the balance is below this threshold when SCORING would begin, the game enters a no-contest state where cash-outs return mint prices.
+$$C_{\text{attack}} = \lceil N/2 \rceil \cdot p$$
 
-**Implementation.** One new `uint256` in the game's ops data. The `currentGamePhaseOf()` view function checks the treasury balance against the threshold before returning SCORING. Cash-out handling reuses the existing MINT/REFUND refund path (returning `_cumulativeMintPrice`). No new rulesets or state transitions are required — the no-contest state is computed purely from the view function.
+Meanwhile the pot scales with total participation: $B_{\text{pot}} = \sum_i n_i \cdot p$. The **return on investment**:
 
-**What it solves.** Ghost games with negligible participation skip directly to refundability without requiring any governance action. This is the simplest and most targeted safety net.
+$$\text{ROI} \approx \frac{2 \cdot N_{\text{total}}}{N}$$
 
-**What it does not solve.** If a game exceeds the threshold but governance subsequently deadlocks (Scenarios B–E), the threshold provides no help. It is purely a pre-scoring safety valve.
+Attack cost is $O(N)$ while the pot is $O(N_{\text{total}})$, so ROI grows linearly with participation. For our 32-team World Cup at 0.01 ETH, an attacker spends 0.16 ETH to capture a 138.75 ETH pot — an 867× return. No amount of threshold-tuning fixes this: any defense based on "make it cost more" fails against an adversary with unlimited capital.
 
-**Attack surface.** An adversary who wants to force no-contest can refund enough tokens to push the balance below the threshold. If they hold a majority position, they can unilaterally kill the game. Mitigation: set the threshold conservatively low relative to expected participation (e.g., 10% of the maximum expected pot).
+#### Benefit-Weighted Attestation: The Structural Fix
 
-**Design consideration.** The threshold is set at launch before any minting occurs, so calibration depends on organizer judgment. A threshold that is too high risks triggering no-contest in a moderately successful game; too low and it only catches completely abandoned games.
+The insight: **the beneficiaries of a scorecard should not be the ones who ratify it.** The more a tier receives from a scorecard, the less that tier's attestation power counts toward ratifying it.
 
-#### 9.1.5 Candidate Mechanism B: Scorecard Ratification Timeout
+For a scorecard $S$ with weights $\{w_1, \ldots, w_N\}$, tier $i$'s effective attestation power toward ratifying $S$:
 
-**Concept.** At game initialization, the organizer sets `scorecardTimeout` — a duration (in seconds) after the SCORING phase begins. If no scorecard is ratified within this window, the game enters a no-contest state where cash-outs return mint prices.
+$$V_i^{\text{eff}}(S) = V_{\text{max}} \cdot \left(1 - \frac{w_i}{W_{\text{total}}}\right) \tag{BWA}$$
 
-**Implementation.** One new `uint256` in the game's ops data. The `currentGamePhaseOf()` view function checks `block.timestamp > scoringRulesetStart + scorecardTimeout` before returning SCORING. If the timeout has passed and `cashOutWeightIsSet` is still false, return a no-contest state.
+This is the **perfect proportion**: a pure linear reduction where benefit and governance power are complementary. The function has a critical mathematical invariant: the total available attestation power is *constant* for every valid scorecard:
 
-**What it solves.** All five deadlock scenarios (A–E). This is the only mechanism that provides a hard, trustless, time-bounded guarantee that funds cannot be locked permanently. Regardless of delegate failures, governance fragmentation, or operational issues, every game eventually becomes refundable.
+$$\sum_{i=1}^{N} V_i^{\text{eff}}(S) = V_{\text{max}} \cdot \sum_{i=1}^{N}\left(1 - \frac{w_i}{W_{\text{total}}}\right) = V_{\text{max}} \cdot (N - 1)$$
 
-**Interaction with the governor.** Several sub-cases:
+since $\sum w_i = W_{\text{total}}$. This invariant means the mechanism doesn't favor concentrated scorecards over distributed ones in terms of *how much* attestation power exists — it only changes *who* holds it. The difficulty of ratification is identical for every valid scorecard; what differs is the coalition required.
 
-- *No scorecard submitted before timeout:* Clean. Game enters no-contest. Refunds at mint price.
-- *Scorecard partially attested, quorum not met:* Game enters no-contest. The scorecard's governor state remains ACTIVE, but `setTierCashOutWeightsTo` is unreachable (it requires SCORING phase, which no longer holds). The scorecard effectively expires.
-- *Scorecard reaches SUCCEEDED but not yet ratified:* This is the critical edge case. A community-approved scorecard exists but nobody called `ratifyScorecardFrom()` in time. The timeout converts it to no-contest, invalidating a valid governance outcome. **Mitigation:** either (a) set timeouts generously (90–180 days), or (b) add a "ratification grace period" — a short window after the main timeout during which a SUCCEEDED scorecard can still be ratified.
-- *Competing scorecards, none reaching quorum:* Governance couldn't resolve. No-contest is the correct outcome.
+**Why linear is optimal.** Stronger-than-linear functions (e.g., quadratic $(1-x)^2$) reduce total available power for distributed scorecards relative to concentrated ones — the opposite of what's desired. Weaker-than-linear functions leave too much power with beneficiaries. The linear form uniquely preserves the $(N-1) \cdot V_{\text{max}}$ invariant while providing maximal separation between beneficiaries and non-beneficiaries.
 
-**Attack surface.** Minimal. An adversary cannot accelerate the timeout. The only strategic concern is that a timeout creates a deadline effect: participants near the timeout boundary may rush governance, reducing deliberation quality. Long timeouts (90+ days) mitigate this.
+#### Why This Kills the Attack
 
-**Design consideration.** A protocol-level minimum timeout (e.g., 30 days) could prevent game creators from setting absurdly short values that effectively make games unresolvable. A default value of 0 (disabled) preserves backward compatibility.
+**Fraudulent scorecard** (100% to attacker's monopoly tier):
 
-#### 9.1.6 Do We Need a NO_CONTEST State?
+| Tier | Scorecard weight | Effective attestation |
+|:-----|:----------------|:---------------------|
+| Attacker's tier | 100% | $V_{\text{max}} \times 0 = 0$ |
+| Each of 31 other tiers | 0% | $V_{\text{max}} \times 1.0$ |
 
-The fundamental question is whether the `NO_CONTEST` enum value and its associated handler code should be reintroduced, or whether the existing phase system is sufficient.
+The attacker has **zero** attestation power for their own scorecard. No amount of capital changes this — buying more tokens in a tier that gets 100% weight still yields 0 effective power. The fraudulent scorecard accumulates 0 attestation and dies.
 
-**Arguments for reintroduction:**
-- Provides a clean, named state that UIs and indexers can unambiguously identify
-- The existing handler code (`beforeCashOutRecordedWith` returning `_cumulativeMintPrice`) is the correct behavior for no-contest refunds
-- The `DefifaTokenUriResolver` can display clear messaging to NFT holders
+**Truthful scorecard** (Argentina wins 40%, runner-up 20%, etc.):
 
-**Arguments against reintroduction:**
-- Both candidate mechanisms can be implemented as *computed states* in the `currentGamePhaseOf()` view function, requiring no on-chain state transition
-- The no-contest behavior (mint-price refund) is identical to the REFUND phase behavior, so no new handler logic is needed — the existing MINT/REFUND cash-out path already returns `_cumulativeMintPrice`
-- Adding another enum value increases the state space that every consumer (UIs, indexers, other contracts) must handle
-- The V3 NO\_CONTEST required a destructive reconfiguration (`_queueNoContest`). The V5 approach is purely a view-level computation — no treasury reconfiguration is needed because the SCORING ruleset already has `cashOutTaxRate = 0` and `pausePay = true`, which are the correct parameters for refunds
+| Tier | Weight | Effective power |
+|:-----|:-------|:---------------|
+| Argentina | 40% | $0.6 \times V_{\text{max}}$ |
+| Runner-up | 20% | $0.8 \times V_{\text{max}}$ |
+| Semi-finalists (×2) | 10% each | $0.9 \times V_{\text{max}}$ each |
+| Other 28 tiers | ≈0% | $\approx V_{\text{max}}$ each |
+| **Total available** | | **$31 \times V_{\text{max}}$** |
+| **Quorum** | | **$16 \times V_{\text{max}}$** |
 
-**Recommendation.** The no-contest behavior should be reintroduced as a *computed phase* — not a stored state. The `currentGamePhaseOf()` view function should return a no-contest indicator when the threshold or timeout conditions are met, and the cash-out handler should treat this identically to the REFUND phase. This preserves the simplicity of the V5 architecture (no on-chain state transitions beyond the pre-queued rulesets) while providing the safety guarantees that the original V3 design intended.
+The truthful scorecard has nearly 2× the attestation power needed. It passes easily — the delegate marshals power from non-winning tiers (which have full attestation strength), and even the winning tiers retain 60–90% of their power.
 
-#### 9.1.7 Assessment and Recommendation
+#### Scaling Against Unlimited Capital
 
-The `defaultAttestationDelegate` provides a strong first line of defense and will resolve the vast majority of governance deadlocks in practice. For games with trusted organizers and active communities, it is likely sufficient.
+The attacker's fallback: buy into *non-winning* tiers to accumulate attestation power, then push a fraudulent scorecard. Let's trace this:
 
-However, the protocol aspires to permissionless, trustless game creation. For this use case, a hard guarantee is essential. We recommend:
+**Attacker buys 1 token in 16 sparse tiers, submits 100%-to-their-tier scorecard:**
 
-1. **Scorecard ratification timeout** (Mechanism B) as the primary safety mechanism. It is the only approach that covers all five deadlock scenarios with a single, trustless, time-bounded guarantee. Implementation cost: one `uint256`, one timestamp comparison. The timeout should be generous (recommended default: 90 days) with an optional ratification grace period (7 days) for SUCCEEDED scorecards.
+- Winning tier (100% weight): $0 \times V_{\text{max}} = 0$
+- 15 other sparse tiers (0% weight): $15 \times V_{\text{max}}$
+- 16 honest tiers (tiny share): $\approx 0.03 \times V_{\text{max}}$
+- **Total: 15.03 × $V_{\text{max}}$ < 16 × $V_{\text{max}}$ = quorum.** Fails.
 
-2. **Minimum participation threshold** (Mechanism A) as an optional, complementary safety net. It provides early termination for obviously non-viable games, improving UX by avoiding a long SCORING → timeout wait for games that never attracted meaningful participation. Implementation cost: one `uint256`, one balance check.
+One tier short, because the winning tier contributes zero.
 
-3. Both mechanisms should be **optional** (default: disabled, value = 0) to preserve backward compatibility and support use cases where the organizer explicitly desires open-ended scoring.
+**Attacker buys massively into honest tiers to compensate (500 tokens each, 80 ETH):**
 
-4. The game should **remain fully playable without either mechanism** — they are safety nets, not requirements. A game with no threshold and no timeout functions exactly as today, relying on the delegate and community coordination. The mechanisms add optionality for risk-averse game designers, not complexity for all games.
+- Winning tier: still 0
+- 15 sparse tiers: $15 \times V_{\text{max}}$
+- 16 honest tiers (50% share): $8 \times V_{\text{max}}$
+- **Total: 23 × $V_{\text{max}}$ > quorum.** Passes.
 
-The combination of `defaultAttestationDelegate` (fast-path social resolution) + `scorecardTimeout` (hard backstop) + `minParticipation` (early exit for ghost games) provides defense in depth where each mechanism covers the failure modes of the others.
+But the attacker invested **80 ETH** to attack an 80 ETH pot. Their tokens went *into* the pot (doubling it to 160 ETH). Net extraction = honest holders' original 80 ETH. Compare to the current design: 0.16 ETH to steal 138.75 ETH. **The mechanism forced attack cost to scale linearly with the pot.**
 
-### 9.2 Cheap Cross-Tier Attestation Capture
+The self-balancing property: to gain attestation power (from non-winning tiers), the attacker must buy tokens that don't benefit from their fraudulent scorecard. That capital goes into the treasury and benefits honest holders. The more the attacker invests in governance power, the more they enrich the pot they're trying to steal.
 
-**Severity: Critical.**
+#### Dead Token Economics: The Attack Tax
 
-As identified in the corrected attack cost analysis (Section 3.4, Eq. 26a), the per-tier attestation power cap creates an unintended vulnerability in games with uneven participation. The mechanism assigns equal maximum attestation power ($V_{\text{max}} = 10^9$) to every tier *regardless of its minted supply*. A tier with 1 token has the same governance weight as a tier with 10,000 tokens.
+The key insight making governance manipulation structurally unprofitable: **tokens purchased for governance power in non-winning tiers are dead money under a fraudulent scorecard.**
 
-**The attack.** An adversary identifies $\lceil N/2 \rceil$ tiers with zero or minimal mints (typically obscure/unlikely outcomes). They purchase 1 token in each, becoming the sole holder and receiving full $V_{\text{max}}$ attestation power per tier. Their total attestation power:
+Under BWA, an attacker needs tokens in non-winning tiers (where they have full governance power) to ratify a scorecard that benefits their winning tiers (where they have zero power). But under the fraudulent scorecard, those non-winning tiers receive 0% of the pot. The attacker's non-winning tokens are a sunk cost — capital destroyed in the act of governance manipulation.
 
-$$A_{\text{attacker}} = \lceil N/2 \rceil \cdot V_{\text{max}} \geq Q = \frac{N_{\text{minted}}}{2} \cdot V_{\text{max}}$$
+Combined with the 7.5% fee extraction (5% Defifa + 2.5% base protocol), this creates a formal profitability condition.
 
-The attacker meets quorum unilaterally. They then submit a scorecard assigning $W_{\text{total}}$ to one of their tiers and ratify it.
+**Theorem (Attack Profitability Threshold).** In a Defifa game with $N$ tiers, fee rate $\phi = 7.5\%$, and BWA, an attacker controlling fraction $\alpha_w$ of winning-tier tokens and fraction $\alpha_v$ of non-winning (voting) tier tokens profits if and only if:
 
-**Numerical example.** A 32-tier sports game at 0.01 ETH per token. Popular tiers (say 16 NFL teams) accumulate 1,000 tokens each. The remaining 16 tiers receive no organic mints. The attacker buys 1 token in each of the 16 empty tiers for 0.16 ETH total. They can now ratify a scorecard directing the entire prize pool ($\sim$144 ETH after fees) to a single tier they hold. **Return on investment: $\sim$900x.**
+$$\alpha_w > \alpha_v \cdot \frac{N-1}{(1-\phi)N - 1}$$
 
-**Root cause.** The quorum function counts *any tier with nonzero supply* as eligible, giving each equal weight. This conflates "a tier that represents meaningful community participation" with "a tier that a single actor created a position in."
+For the default fee rate ($\phi = 0.075$):
 
-**Recommended fix.** Introduce a minimum supply threshold for quorum eligibility:
+| $N$ (tiers) | Threshold $\alpha_w / \alpha_v$ | Interpretation |
+|:-----|:------|:------|
+| 2 | 1.176 | Must own 17.6% more of winning tiers |
+| 4 | 1.111 | Must own 11.1% more |
+| 8 | 1.094 | Must own 9.4% more |
+| 32 | 1.084 | Must own 8.4% more |
+| 128 | 1.082 | Converges to $1/(1-\phi) \approx 1.081$ |
 
-$$Q = \frac{1}{2} \sum_{i=1}^{N} \mathbb{1}\left[n_i \geq n_{\text{min}}\right] \cdot V_{\text{max}}$$
+*Proof.* The attacker's cost is $C = \alpha_w \cdot n_w \cdot p + \alpha_v \cdot n_v \cdot p$ where $n_w$ and $n_v$ are the total supply in winning and non-winning tiers respectively. Their revenue under a fraudulent scorecard assigning all weight to winning tiers is $R = \alpha_w \cdot (1-\phi) \cdot \text{pot}$. Non-winning tokens return \$0. The attacker's net profit $R - C > 0$ simplifies (after accounting for the attacker's own contribution to the pot) to the stated threshold. $\square$
 
-where $n_{\text{min}} \geq 2$ (or better, a configurable parameter). Alternatively, weight each tier's attestation power by a concave function of its supply, such as $\min(V_{\text{max}}, \; \sqrt{n_i} \cdot V_{\text{max}} / \sqrt{n_{\text{ref}}})$, which provides sublinear scaling that resists both single-token capture and whale dominance.
+**Corollary (Uniform Buyer Loss).** An attacker who buys uniformly across all tiers ($\alpha_w = \alpha_v$) always loses money. Their return is $(1-\phi) \cdot \alpha \cdot \text{pot}$ while their cost is $\alpha \cdot \text{pot}$, yielding a guaranteed $-7.5\%$ loss regardless of the scorecard submitted, the number of tiers, or the total pot size.
 
-### 9.3 Prize Pool Under-Allocation
+**Corollary (Dead Token Tax).** In a game with $N$ tiers where the attacker claims weight for 1 tier, $(N-1)/N$ of the attacker's governance tokens are dead — they cost money to buy but return nothing under the fraudulent scorecard. For the World Cup ($N = 32$), 96.9% of the attacker's governance investment is dead money.
 
-**Severity: Significant.**
+#### The Complete Defense Stack
 
-The weight validation in `setTierCashOutWeightsTo` (`DefifaHook.sol`) uses a strict greater-than check:
+| Layer | Mechanism | Defends against |
+|:------|:----------|:---------------|
+| **Structural** | Benefit-weighted attestation | Self-interested scorecard manipulation |
+| **Economic** | Dead token tax + fee extraction | Profitability of residual attacks |
+| **Temporal** | Post-ratification timelock (Section 9.4) | Fraud that slips through BWA |
+| **Adaptive** | Graduated quorum by concentration (Section 9.4) | Concentrated fraudulent scorecards |
+| **Corrective** | Attestation withdrawal (Section 9.4) | Social engineering / phishing |
+| **Social** | Trusted delegate | Coordination failure among honest holders |
+| **Parametric** | `minParticipation` + `scorecardTimeout` | Ghost games and governance deadlock |
+| **Design** | Uniform participation (Section 9.3) | 51% ownership concentration |
 
-```solidity
-if (_cumulativeCashOutWeight > TOTAL_CASHOUT_WEIGHT) revert INVALID_CASHOUT_WEIGHTS();
-```
+The delegate handles the common case. BWA makes self-interested scorecards structurally unratifiable. Dead token economics ensure that even attacks overcoming BWA are unprofitable. The timelock, graduated quorum, and attestation withdrawal (Section 9.4) provide defense-in-depth against residual attack vectors. Safety parameters provide the hard backstop. And resilient game design (Section 9.3) makes the 51% threshold prohibitively expensive.
 
-A scorecard with weights summing to *less than* $W_{\text{total}}$ passes this check. The total distributed to all players is then:
+**The irreducible limit.** Like all proof-of-stake systems, Defifa has a 51% security threshold: an attacker who controls >50% of every tier's tokens can ratify any scorecard. This is the fundamental limit of all token-weighted governance and cannot be eliminated by mechanism design alone. The defense is *game design* — structuring games so that organic participation makes 51% ownership prohibitively expensive.
 
-$$\text{Total payouts} = B_{\text{prize}} \cdot \frac{\sum_i w_i}{W_{\text{total}}} < B_{\text{prize}}$$
+**The bottom line:** Benefit-weighted attestation transforms Defifa governance from an economic arms race (who can spend more?) into a structural equilibrium (beneficiaries can't ratify their own winnings). The "perfect proportion" — linear reduction `power = 1 - benefit` — is the unique function that preserves constant total attestation across all valid scorecards while maximally separating beneficiary power from non-beneficiary power. Combined with dead token economics and fee extraction, self-serving governance is not just structurally difficult — it is provably unprofitable under the conditions identified in Section 9.3.
 
-The difference $B_{\text{prize}} \cdot \left(1 - \frac{\sum_i w_i}{W_{\text{total}}}\right)$ remains permanently trapped in the treasury. This breaks the conservation guarantee of Theorem 6.1, which assumes $\sum_i w_i = W_{\text{total}}$.
+### 9.3 Resilient Game Design
 
-**Strategic exploitation.** A coalition controlling quorum could propose a scorecard where their tiers receive generous weights but the total is intentionally less than $W_{\text{total}}$. The "burned" fraction harms all participants equally, but the coalition benefits disproportionately from the redistributed portion. This is preferable for them when the alternative is sharing with non-coalition tiers.
+The profitability threshold from Section 9.2 implies specific design principles that make Defifa games structurally resistant to governance attacks. This section derives the conditions under which attack profitability goes to zero and identifies the proven ideal game design.
 
-**Recommended fix.** Change the check to exact equality:
+#### The Uniform Participation Theorem
 
-```solidity
-if (_cumulativeCashOutWeight != TOTAL_CASHOUT_WEIGHT) revert INVALID_CASHOUT_WEIGHTS();
-```
+**Theorem.** In a Defifa game with BWA, if all $N$ tiers have equal supply ($n_i = n$ for all $i$), then no attacker controlling any fraction $\alpha$ of the total supply can profit from governance manipulation.
 
-This restores the conservation guarantee of Theorem 6.1 unconditionally.
+*Proof.* Under uniform supply, any buyer's ownership fraction is identical across all tiers: $\alpha_w = \alpha_v = \alpha$. The profitability condition requires $\alpha_w > \alpha_v \cdot (N-1)/((1-\phi)N - 1)$, which reduces to $1 > (N-1)/((1-\phi)N - 1)$. Since $(1-\phi)N - 1 < N - 1$ for any $\phi > 0$, the right side exceeds 1 — the condition can never be satisfied. The attacker always loses exactly the fee fraction $\phi$. $\square$
 
-### 9.4 Attestation Timing Misconfiguration
+This theorem establishes that **participation uniformity is the fundamental design variable** for game security. The closer a game's tier supplies are to uniform, the harder it is for any attacker to achieve the $\alpha_w > 1.08 \times \alpha_v$ threshold needed for profit.
 
-**Severity: Significant.**
+The intuition: under uniform supply, any tokens the attacker buys in winning tiers to increase $\alpha_w$ also increase their ownership of the total supply, which means they're paying proportionally into the pot. Their revenue scales with $\alpha_w$ but so does their cost — the fees eat the margin.
 
-In `submitScorecardFor`, both `attestationsBegin` and `gracePeriodEnds` are computed relative to `block.timestamp` at submission time — not relative to each other:
+#### Design Principles
 
-```solidity
-_scorecard.attestationsBegin = uint48(block.timestamp + _timeUntilAttestationsBegin);
-_scorecard.gracePeriodEnds = uint48(block.timestamp + attestationGracePeriodOf(_gameId));
-```
+**Principle 1: Choose events with balanced interest.** The single most important design decision is selecting an event where participants naturally spread their mints across tiers. Events with clear favorites and longshots concentrate supply, creating the imbalance attackers exploit.
 
-If `attestationGracePeriod < attestationStartTime`, the grace period expires *before attestations even begin*. The `stateOf` function then transitions from PENDING directly past the grace period check, creating a zero-length effective attestation window. Additionally, `initializeGame` performs no validation on the relationship between these parameters.
+- **Ideal**: Tournament stages (World Cup groups, March Madness brackets) where multiple teams have genuine fanbases and win probability
+- **Good**: Multi-candidate elections, multi-outcome market predictions
+- **Risky**: "Favorite vs. field" structures where one tier attracts 90%+ of supply
 
-**Impact.** A misconfigured game — whether through error or intentional parameter choice — could have its scorecard ratified with no effective attestation window, bypassing the governance protections that Sections 3.1–3.4 assume.
+**Principle 2: More tiers, but only if they attract participation.** Additional tiers dilute the attacker's governance power across more dead tokens. However, adding tiers that attract zero organic participation creates cheap governance power for attackers. The optimal tier count $N^*$ maximizes the number of tiers with meaningful supply:
 
-**Recommended fix.** Compute `gracePeriodEnds` relative to `attestationsBegin`:
+$$N^* = \max \{ N : \forall i, \; n_i \geq n_{\min} \}$$
 
-$$t_{\text{grace\_end}} = t_{\text{attest\_begin}} + \tau_{\text{grace}}$$
+where $n_{\min}$ is the supply level below which a tier becomes a governance attack vector. A tier with 1 token gives the attacker full governance power at cost $p$; a tier with 1,000 tokens requires the attacker to spend $501 \cdot p$ for majority control.
 
-Or equivalently, validate in `initializeGame` that `attestationGracePeriod >= attestationStartTime`.
+**Principle 3: Reserve tokens as supply smoothing.** Configuring a reserved rate $\rho_i$ on every tier ensures that even tiers with low organic demand have tokens held by the delegate. These reserve tokens:
+- Count toward each tier's supply, diluting any attacker's ownership fraction
+- Are held by the delegate, who uses them to attest to the truthful scorecard
+- Push $\alpha_w$ and $\alpha_v$ closer together by adding supply the attacker doesn't control
 
-### 9.5 Pre-Scoring Scorecard Submission
+A reserved rate of $\rho = 1$ (one reserve token per paid mint) effectively halves the attacker's ownership fraction in any tier they haven't bought into, doubling the cost to achieve a given $\alpha_w / \alpha_v$ ratio.
 
-**Severity: Moderate.**
+**Principle 4: Meaningful minimum participation.** Setting `minParticipation` to a threshold that ensures the pot is large enough to make attack capital requirements significant. If the pot is small, the attacker's token purchases represent a large fraction of total supply, making the $\alpha_w / \alpha_v$ ratio easier to manipulate.
 
-The `submitScorecardFor` function contains no check on the current game phase. Scorecards can be submitted and accumulate attestations during the MINT phase — before the underlying event has even occurred. While `setTierCashOutWeightsTo` does enforce the SCORING phase for weight application, the ability to pre-accumulate attestations means a well-coordinated group can achieve SUCCEEDED state before scoring opens, then ratify instantly when it does.
+**Principle 5: Scorecard timeout as a hard backstop.** Always set `scorecardTimeout` for permissionless games. This ensures that even if all governance mechanisms fail, players recover their funds within a bounded time.
 
-This front-running advantage is particularly pronounced for the `defaultAttestationDelegate`, whose submissions are flagged and likely to attract delegation during the mint phase. In the worst case, a game's outcome could be decided by governance before the real-world event even starts, if the delegate's scorecard reaches quorum during minting.
+#### Anti-Patterns
 
-**Recommended fix.** Add a phase check in `submitScorecardFor`:
+**Anti-pattern 1: Extreme favorites.** A game where Tier 1 attracts 10,000 mints and Tiers 2–32 attract 10 each. The attacker buys 11 tokens in each of 16 sparse tiers (cost: 1.76 ETH), gaining majority control of those tiers at full governance power, while the pot holds 103.1 ETH. The imbalanced supply creates the $\alpha_w \gg \alpha_v$ condition the profitability theorem warns about.
 
-```solidity
-if (gamePhaseReporter.currentGamePhaseOf(_gameId) != DefifaGamePhase.SCORING) {
-    revert NOT_ALLOWED();
-}
-```
+**Anti-pattern 2: Excess empty tiers.** Adding 128 tiers when only 8 attract organic interest. The remaining 120 tiers are free governance power — 1 token each at minimum cost gives the attacker 120 tiers of full attestation strength.
 
-### 9.6 Fee Extraction Fragility
+**Anti-pattern 3: No safety parameters.** Running a permissionless game with `scorecardTimeout = 0` and `minParticipation = 0`. If governance fails for any reason, funds are permanently locked.
 
-**Severity: Moderate.**
+#### The World Cup as Near-Ideal Design
 
-In `fulfillCommitmentsOf` (`DefifaDeployer.sol`), the function calls `sendPayoutsOf` with `minTokensPaidOut` set to the full treasury balance:
+The 32-team FIFA World Cup game exemplifies resilient design:
 
-```solidity
-_terminal.sendPayoutsOf({
-    projectId: _gameId,
-    token: _token,
-    amount: _pot,
-    currency: ...,
-    minTokensPaidOut: 0
-});
-```
+1. **Balanced interest**: All 32 teams have genuine fanbases, ensuring organic minting across all tiers. Even "longshot" teams (Saudi Arabia, Tunisia) attract nationalist buying.
 
-The split structure routes fees (~10%) to protocol projects and returns the remainder (~90%) back to the game treasury via `addToBalanceOf`. `minTokensPaidOut` is set to 0 to avoid reverts from partial payouts. Additionally, the entire `sendPayoutsOf` call is wrapped in a try-catch: if the payout fails for any reason, `CommitmentPayoutFailed` is emitted, `fulfilledCommitmentsOf` is reset to the sentinel value 1, and the final ruleset is still queued. The fee amount stays in the pot, slightly benefiting cash-out recipients.
+2. **High tier count**: $N = 32$ means the profitability threshold requires the attacker to own 8.4% more of winning tiers than voting tiers — and 96.9% of their governance tokens are dead money.
 
-**Status:** Resolved. `minTokensPaidOut` set to 0 and try-catch ensures the final ruleset is always queued.
+3. **Natural uniformity**: Group-stage structure ensures at least 4 competitive teams per group, with 8 groups providing diverse entry points. Historical data shows World Cup fan interest is among the most evenly distributed of any sporting event.
+
+4. **Cultural event alignment**: The World Cup is a high-salience event that attracts large, globally distributed participation — making the pot large and any attacker's fraction small.
+
+5. **Clear resolution**: Tournament brackets provide unambiguous outcomes, reducing scorecard disputes to a mechanical verification.
+
+**Is there a proven ideal game design?** Yes, with qualification. The Uniform Participation Theorem proves that a game with perfectly uniform tier supply is impervious to profitable governance attacks regardless of attacker capital. The "ideal" is therefore any event structure that naturally produces uniform minting — and the World Cup is the canonical real-world example. The qualification: no mechanism can prevent a 51% attacker, just as no proof-of-stake protocol can. The defense is making 51% ownership prohibitively expensive through high, uniform participation.
+
+### 9.4 Governance Hardening
+
+The defense stack in Section 9.2 — BWA, dead token economics, and resilient game design — provides strong structural guarantees. This section describes four implemented mechanisms that provide defense-in-depth against residual attack vectors. These are additive: each one independently strengthens the system, and they compose without interference.
+
+#### 9.4.1 Post-Ratification Timelock
+
+**Problem.** Without a timelock, `ratifyScorecardFrom` executes the scorecard instantly — the moment quorum is met and the grace period expires, anyone can call it and the weights are permanently locked. There is zero time for the community to react to fraud that slips through BWA.
+
+**Mechanism.** A mandatory delay $\tau_{\text{lock}}$ exists between a scorecard reaching quorum (after grace period) and its execution becoming available. During this window:
+
+1. The scorecard enters the `QUEUED` state — visible but not yet executable.
+2. Multiple scorecards can reach `QUEUED` or `SUCCEEDED` simultaneously. The first to be ratified wins; others become `DEFEATED`.
+3. After $\tau_{\text{lock}}$ expires, the scorecard transitions to `SUCCEEDED` and can be ratified.
+
+**Why competing scorecards race fairly.** Multiple scorecards can coexist in `QUEUED`/`SUCCEEDED` simultaneously. The first `ratifyScorecardFrom` call wins. Under BWA + graduated quorum, marshaling enough attestation power for a fraudulent competing scorecard is extremely expensive.
+
+**Recommended parameters.** $\tau_{\text{lock}} = 3$–$7$ days. This is the same pattern used by Compound Governor, OpenZeppelin TimelockController, and Gnosis Safe — battle-tested in governance systems managing billions in TVL.
+
+**Implementation.** A `QUEUED` state exists between `ACTIVE` and `SUCCEEDED`. The `stateOf` function returns `QUEUED` when quorum is met, grace period has passed, and $\tau_{\text{lock}}$ has not yet elapsed. `ratifyScorecardFrom` only executes when the state is `SUCCEEDED` (timelock expired). The `timelockDuration` is configurable per game (set to 0 to disable).
+
+#### 9.4.2 Graduated Quorum by Scorecard Concentration
+
+**Problem.** Base quorum is flat: $Q_{\text{base}} = N_{\text{eligible}} \times V_{\text{max}} / 2$ regardless of the scorecard's weight distribution. A scorecard assigning 100% to one tier faces the same quorum as one distributing weight across 32 tiers. Concentrated fraudulent scorecards are not penalized.
+
+**Mechanism.** Apply a concentration penalty based on the largest tier weight's squared share, scaled by the *headroom* — the gap between the maximum achievable BWA attestation and the base quorum:
+
+$$\text{headroom} = Q_{\text{base}} - V_{\text{max}} - N = \frac{(N-2) \times V_{\text{max}}}{2} - N$$
+
+$$\text{maxShare} = \frac{\max_i(w_i)}{W_{\text{total}}}$$
+
+$$Q(S) = Q_{\text{base}} + \text{headroom} \times \text{maxShare}^2$$
+
+The $-N$ term accounts for per-tier integer rounding loss in the BWA computation (`mulDiv` truncation).
+
+**Properties:**
+- **Self-capping.** The penalty can never exceed headroom, so the adjusted quorum is always reachable by non-beneficiary attestors.
+- **Nonlinear.** maxShare² is quadratic: gentle for moderate concentration (25% max → 6.25% of headroom), steep for extreme concentration (100% max → 100% of headroom).
+- **No magic constants.** The formula derives entirely from game parameters — no configurable penalty factor.
+
+| Scorecard distribution | maxShare | Penalty (fraction of headroom) |
+|:----|:----|:----|
+| Equal across 32 tiers | 3.1% | 0.1% (essentially unchanged) |
+| World Cup (40/20/10/10/...) | 40% | 16% |
+| Winner-take-all (100/0/...) | 100% | 100% (quorum = max achievable BWA) |
+
+**Effect.** Distributed scorecards reflecting real-world outcomes are barely affected. Concentrated fraudulent scorecards face quadratically increasing quorum requirements, up to the theoretical BWA maximum for winner-take-all.
+
+**Implementation.** At scorecard submission time, find the largest tier weight and compute the adjusted quorum. Store it in `quorumSnapshot` on the `DefifaScorecard` struct. The `stateOf` function uses this snapshot for the threshold check. The headroom guard (`baseQuorum >= MAX_ATTESTATION_POWER_TIER`) ensures the penalty is only applied when there are enough tiers for it to be meaningful.
+
+#### 9.4.3 Attestation Withdrawal
+
+**Problem.** Without withdrawal, attestation would be irreversible. If holders are tricked into attesting to a fraudulent scorecard (phishing, social engineering, UI spoofing), they cannot correct their mistake.
+
+**Mechanism.** Holders can revoke their attestation during the `ACTIVE` phase:
+
+1. Each attestor's BWA weight is stored: `attestedWeightOf[msg.sender]`.
+2. `revokeAttestationFrom(gameId, scorecardId)` subtracts the stored weight from the scorecard's attestation count and clears the record.
+3. Revocation is only available while the scorecard state is `ACTIVE`. Once a scorecard enters `QUEUED` (grace period ended + quorum met), revocations are disabled.
+
+**Why ACTIVE-only.** Restricting revocation to the `ACTIVE` phase prevents the griefing loop (attest/revoke cycling that could block ratification). During ACTIVE, the grace period is still running, giving honest holders time to correct mistakes. Once `QUEUED`, the community has already demonstrated consensus and the timelock provides the final safety window.
+
+**Effect.** This enables community self-correction during the debate window. If a fraudulent scorecard accumulates attestation through deception, honest holders can withdraw support before the grace period ends, causing it to drop below quorum. Combined with the timelock (Section 9.4.1), the overall correction window spans the grace period plus timelock duration.
+
+**Implementation.** The `DefifaAttestations` struct stores `mapping(address => uint256) attestedWeightOf` (zero = not attested). The `count` field is mutable in both directions. The BWA weight recorded at attestation time is deterministic (based on snapshot timestamp), so revocation recomputes the exact same weight that was added.
+
+#### 9.4.4 Scorecard-Aware Attestation Power (BWA Implementation)
+
+**Problem.** The raw `getAttestationWeight` function computes attestation power without regard to which scorecard is being attested to. For BWA to function, attestation power must be *scorecard-dependent*: each tier's contribution reduced by $(1 - w_i / W_{\text{total}})$.
+
+**Mechanism.** Modify the attestation flow to be scorecard-aware:
+
+1. When `attestToScorecardFrom` is called, retrieve the scorecard's tier weights.
+2. For each tier where the attestor has power, compute the BWA-reduced weight:
+   $$\text{power}_i^{\text{eff}} = \text{power}_i^{\text{raw}} \times \left(1 - \frac{w_i}{W_{\text{total}}}\right)$$
+3. Sum the effective power across all tiers and record this as the attestation count.
+
+**Storage approach.** The tier weights must be accessible during attestation. Two options:
+
+| Approach | Storage cost | Calldata cost | Complexity |
+|:---------|:------------|:-------------|:-----------|
+| **Store weights in scorecard** | $O(N)$ per scorecard (128 uint256s max) | None at attestation | Simple |
+| **Pass weights as calldata, verify hash** | None | $O(N)$ per attestation | Moderate |
+
+The storage approach is recommended: weights are written once at submission and read many times during attestation. The max storage is 128 uint256 slots per scorecard — approximately 400k gas at submission, amortized across all attestations.
+
+**Quorum adjustment.** Under BWA, the maximum possible attestation for any scorecard is $(N-1) \times V_{\text{max}}$ (the constant-total invariant). Base quorum is $N_{\text{eligible}} \times V_{\text{max}} / 2$, which represents 50% of raw power. The graduated quorum mechanism (Section 9.4.2) further adjusts this per-scorecard based on concentration, storing the result in `quorumSnapshot`.
+
+### 9.5 Governance Deadlock Analysis
+
+The following table summarizes all governance deadlock scenarios and their resolution mechanisms:
+
+| Scenario | Resolution |
+|:---------|:-----------|
+| No scorecard submitted | `scorecardTimeout` → NO_CONTEST → full refunds |
+| Scorecard submitted, quorum unreachable | `scorecardTimeout` → NO_CONTEST → full refunds |
+| Default delegate inaccessible | `scorecardTimeout` → NO_CONTEST → full refunds |
+| Attestation power in dead addresses | `scorecardTimeout` → NO_CONTEST → full refunds |
+| Split target reverts on ratification | try-catch in `fulfillCommitmentsOf` → fee stays in pot → game continues |
+| All minters refund | Treasury balance = 0 → nothing to recover |
+| Insufficient participation | `minParticipation` threshold → NO_CONTEST → full refunds |
+
+Every deadlock scenario that could previously lock funds permanently is now resolved by either `scorecardTimeout` (time-bounded) or `minParticipation` (condition-based), provided these optional parameters are set.
+
+A game with both safety parameters set to 0 functions exactly as a minimal governance game — relying on the delegate and community coordination. The safety mechanisms add optionality for risk-averse game designers without adding mandatory complexity.
 
 ---
 
@@ -916,40 +1141,50 @@ This paper has formalized the cryptoeconomic mechanisms of Defifa: a prediction-
 
 ### Prize Distribution Mechanics
 
-Defifa implements a *path-independent, weight-proportional* prize distribution through Equation 14. The key insight is the use of $(B_{\text{prize}} + A_{\text{redeemed}})$ as the reference pot: by reconstructing the original post-fee pot rather than using the current balance, the protocol ensures that every token holder receives the same payout regardless of redemption order. Theorem 6.1 proves that the total payout across all holders exactly exhausts the prize pool, with no residual or shortfall.
+Defifa implements a *path-independent, weight-proportional* prize distribution through Equation 14. The key insight is the use of $(B_{\text{prize}} + A_{\text{redeemed}})$ as the reference pot: by reconstructing the original post-fee pot rather than using the current balance, the protocol ensures that every token holder receives the same payout regardless of redemption order. Theorem 6.1 proves that the total payout across all holders exactly exhausts the prize pool, with no residual or shortfall. The on-chain exact-sum validation ($\sum w_i = W_{\text{total}}$) provides a hard guarantee that no prize pool value is trapped.
 
-The scorecard weight system ($\sum w_i = 10^{18}$) provides a flexible framework for expressing arbitrary outcome distributions: winner-take-all, proportional splits, partial credit, or any mixture. The per-token weight formula (Eq. 12) correctly adjusts for tier size, ensuring that a tier's total claim equals its weight fraction of the pot regardless of how many tokens were minted in that tier.
+The scorecard weight system ($\sum w_i = 10^{18}$) provides a flexible framework for expressing arbitrary outcome distributions: winner-take-all, proportional splits, partial credit, or any mixture. The per-token weight formula (Eq. 12) correctly adjusts for tier size — including pending reserved tokens in the denominator — ensuring that a tier's total claim equals its weight fraction of the pot regardless of how many tokens were minted in that tier.
 
 ### Governance Security
 
-The attestation model (Section 3) achieves a balance between decentralization and efficiency. The per-tier cap on attestation power ($V_{\text{max}} = 10^9$) prevents any single tier from dominating governance, while the 50% quorum across minted tiers ensures broad participation. The checkpoint-based snapshot prevents vote-buying, and mint-phase-only delegation prevents last-minute manipulation.
+The attestation model (Section 3) achieves a balance between decentralization and efficiency. The per-tier cap on attestation power ($V_{\text{max}} = 10^9$) prevents any single tier from dominating governance, while the 50% quorum across minted tiers ensures broad participation. The checkpoint-based snapshot (at `attestationsBegin - 1`, with pending reserves snapshotted at submission time) prevents vote-buying and reserve-minting manipulation, mint-phase-only delegation prevents last-minute manipulation, and scoring-phase-only submission prevents pre-accumulation of attestations.
+
+Section 9.2 introduces **benefit-weighted attestation** (BWA): the "perfect proportion" where a tier's governance power for a given scorecard equals $V_{\text{max}} \times (1 - w_i / W_{\text{total}})$. This structural mechanism makes self-serving scorecards unratifiable regardless of attacker capital — the beneficiaries of a scorecard cannot be the coalition that pushes it through. The dead token economics prove that even attacks overcoming BWA are unprofitable: tokens purchased for governance power in non-winning tiers return \$0 under the fraudulent scorecard, creating a guaranteed loss when combined with fee extraction. Section 9.3 formalizes the Uniform Participation Theorem, proving that games with equal tier supply are impervious to profitable governance attacks.
+
+### Safety Mechanisms
+
+The NO_CONTEST system (Section 9.1) provides comprehensive fund-recovery guarantees through three complementary mechanisms:
+- **Minimum participation threshold**: early exit for non-viable games
+- **Scorecard timeout**: hard, trustless, time-bounded backstop for all deadlock scenarios
+- **Default attestation delegate**: social fast-path for routine governance resolution
 
-However, Section 9 identifies a critical governance vulnerability: cheap cross-tier attestation capture (9.2), where an attacker buying 1 token in each of $N/2$ unpopular tiers can unilaterally meet quorum. The corrected attack cost (Eq. 26a) shows that governance security depends not just on tier count and prices, but critically on participation uniformity across tiers. The deep study in Section 9.1 identifies five distinct deadlock scenarios and evaluates two candidate safety mechanisms (participation thresholds and ratification timeouts), concluding that both are valuable optional additions but that the existing system remains fully playable without them when games have active organizers and trusted delegates.
+These mechanisms are optional (disabled by setting to 0) and the game remains fully playable without them, preserving backward compatibility and supporting use cases where open-ended scoring is desired.
 
 ### Market Efficiency
 
-The equilibrium analysis (Section 5.1) demonstrates that Defifa games converge to the classical parimutuel result: pot fractions equal consensus probabilities. The three-round information structure (mint → refund → secondary) provides richer information aggregation than single-shot mechanisms, with the refund phase serving as a particularly elegant solution to the adverse-selection problem in prediction markets.
+The equilibrium analysis (Section 5.1) demonstrates that Defifa games converge to the classical parimutuel result: mint fractions equal consensus probabilities. The uniform pricing enforced by the protocol ensures clean parimutuel dynamics — the pot fraction in each tier reflects only mint *count*, not differential pricing. The three-round information structure (mint → refund → secondary) provides richer information aggregation than single-shot mechanisms, with the refund phase serving as a particularly elegant solution to the adverse-selection problem in prediction markets.
 
 ### Protocol Sustainability
 
-The fee-token flywheel (Section 7.3) creates a positive feedback loop between game volume and protocol token value. While the flywheel dynamics are inherently circular, the directional incentive is clear: more games → more fees → higher protocol token value → lower effective fee rates → more attractive games → more participation. The critical mass required to activate this flywheel depends on aggregate fee revenue relative to protocol token market capitalization.
+The fee-token flywheel (Section 7.3) creates a positive feedback loop between game volume and protocol token value. The 7.5% default fee rate (5% Defifa + 2.5% base protocol) positions Defifa competitively with traditional parimutuel systems (15–25%) while the protocol token rebate further reduces the effective rate for participants.
 
 ### Practical Recommendations
 
 For game designers deploying Defifa games:
 
-1. **Tier count**: 4–32 tiers balances governance security with outcome expressiveness.
-2. **Pricing**: Uniform pricing between 0.01–1 ETH provides the cleanest parimutuel dynamics.
-3. **Refund phase**: 1–7 days gives meaningful optionality without excessive pot instability.
-4. **Attestation**: A trusted default delegate reduces coordination costs; 24-hour attestation start delay and 3-day grace period balance speed with security. Ensure `attestationGracePeriod >= attestationStartTime` (Section 9.4).
-5. **Fees**: The default 10% split (5% Defifa + 5% base protocol) is competitive; additional organizer splits should not exceed 5% to keep effective rates under 15%.
-6. **Participation uniformity**: Ensure all tiers attract meaningful participation to resist cheap governance capture (Section 9.2). Consider minimum-supply quorum thresholds.
-7. **Deadlock protection**: For permissionless games, set a scorecard ratification timeout (90–180 days recommended) and optionally a minimum participation threshold. For trusted-organizer games, the `defaultAttestationDelegate` is sufficient (Section 9.1).
+1. **Participation uniformity is paramount**: The Uniform Participation Theorem (Section 9.3) proves that games with equal tier supply are impervious to profitable governance attacks. Choose events where all tiers attract organic interest — this is the single most important design decision.
+2. **Tier count**: 4–32 tiers balances governance security with outcome expressiveness. Only add tiers that will attract meaningful participation; empty tiers are cheap governance power for attackers.
+3. **Reserve tokens**: Configure reserved rates on every tier to smooth supply and dilute attacker ownership in sparse tiers.
+4. **Pricing**: 0.01–0.1 ETH per NFT provides a balance between accessibility, gas efficiency, and attack resistance.
+5. **Refund phase**: 1–7 days gives meaningful optionality without excessive pot instability.
+6. **Attestation**: A trusted default delegate reduces coordination costs; 3–7 day grace period balances speed with security.
+7. **Fees**: The default 7.5% split (5% Defifa + 2.5% base protocol) is competitive; additional organizer splits should not exceed 5% to keep effective rates under 12.5%.
+8. **Safety parameters**: For permissionless games, always set `scorecardTimeout` (90–180 days) and `minParticipation`. For trusted-organizer games, the `defaultAttestationDelegate` is sufficient.
 
 ### Synthesis
 
-Defifa implements a rigorous approach to prediction gaming through the composition of three well-understood mechanisms: parimutuel pooling for price formation, attestation governance for outcome resolution, and Juicebox V5 for treasury management. The mathematical analysis confirms that the system conserves value and converges to informationally efficient equilibria. The protocol token layer adds a novel incentive dimension that aligns participant, organizer, and protocol interests around game volume growth.
+Defifa implements a rigorous approach to prediction gaming through the composition of three well-understood mechanisms: parimutuel pooling for price formation, attestation governance for outcome resolution, and Juicebox V6 for treasury management. The mathematical analysis confirms that the system conserves value and converges to informationally efficient equilibria. The protocol token layer adds a novel incentive dimension that aligns participant, organizer, and protocol interests around game volume growth.
 
-The open problems identified in Section 9 — particularly the cheap cross-tier attestation capture (9.2) and prize pool under-allocation (9.3) — represent the most important areas for protocol hardening before production deployment at scale. The recommended mitigations (minimum-supply quorum thresholds, exact weight validation) are backwards-compatible and address the identified vulnerabilities without altering the core mechanism design. The deep study of governance deadlock (9.1) confirms that the existing architecture is sound — the `defaultAttestationDelegate` resolves the majority of practical deadlocks — but that optional safety mechanisms (ratification timeout, participation threshold) provide valuable defense in depth for permissionless deployment without adding mandatory complexity.
+The elegance of Defifa resides in its architectural composability: prediction games with arbitrary outcomes, arbitrary tier structures, and arbitrary payout distributions emerge from the same set of twelve parameters (Eq. 1), executed deterministically by immutable smart contracts with a single, time-bounded governance input. From a 4-team presidential election to a 32-team World Cup, the same protocol handles it all — and the safety mechanisms ensure that every game resolves, one way or another.
 
-The elegance of Defifa resides in its architectural composability: prediction games with arbitrary outcomes, arbitrary tier structures, and arbitrary payout distributions emerge from the same set of seven parameters (Eq. 1), executed deterministically by immutable smart contracts with a single, time-bounded governance input. The game remains fully playable and efficient without additional states — the proposed safety mechanisms are optional parameters that expand the design space for risk-averse game creators while preserving the protocol's minimalist architecture for those who prefer it.
+The most significant finding is the Uniform Participation Theorem: **a game with uniform tier supply is provably impervious to profitable governance attacks regardless of attacker capital.** This transforms game design from an art into an engineering discipline — the designer's job is to choose events and tier structures that naturally produce uniform participation, and the cryptoeconomics handle the rest.