Pre-trade validation
| Validation | Contract |
|---|---|
| Product validity | Symbol must be supported |
| Open-order cap | Max open orders enforced per strategy per product (20 default builds, 10 with alpha1) |
| Tick-size and minimum-size checks | Price/amount multiple checks enforced |
| Order type validity | Limit/market compatibility checks |
| Notional cap | Max notional constraint enforced before sequencing |
| Price-deviation checks | Explicitly priced orders are checked during sequencing; market orders skip the sequencer deviation check and are bounded later during matching by product max_taker_price_deviation |
| Collateral sufficiency | Required before sequencing |
| Margin invariant | Post-execution OMF >= IMF must hold |
Use this page when
| If you need… | Use this page because… |
|---|---|
| the public safety-control map | it gathers the main validation, execution, liquidation, and guarantee layers in one factual reference |
| to distinguish what rejects a request from what unwinds unsafe live state | it separates pre-trade, matching, liquidation, and ADL contracts explicitly |
| the factual baseline behind trader, governance, and troubleshooting safety claims | this is the core reference anchor for those routes |
Matching behavior
| Behavior | Contract |
|---|---|
| Priority model | Price-time priority (FIFO at each price level) |
| Book sorting | Bids descending, asks ascending |
| Fill amount | min(maker_amount, taker_amount) |
| Fill price | Maker price |
| Partial fills | Supported; residual handling depends on order type |
Execution safeties
| Safety | Contract |
|---|---|
| Price banding | When no explicit taker limit exists, matching derives a mark-price-relative band from max_taker_price_deviation; explicit limit orders stop first at their taker price |
| Self-trade prevention | Same-trader crossing is prevented; remaining inbound size is canceled |
| Sequencing safeguards | Validation before sequence assignment |
| Insolvency handling | Insolvent maker orders are removed; insolvent taker residuals are canceled |
| Residual cancel at guard edge | Any unmatched remainder beyond the effective taker-deviation guard is canceled rather than matched outside the safety band |
Stressed-path execution notes
| Case | Public reading |
|---|---|
| taker solvency clamp | a taker can be partially clamped by solvency guards before the remaining size is processed |
| insolvent maker remainder | maker liquidity can be canceled out of the book when it cannot remain solvent through the trade path |
| liquidation taker reuse | liquidation-specific matching paths can preserve remaining maker liquidity differently from ordinary taker flows |
| liquidation queue priority | liquidation orders are processed ahead of ordinary matching flow once an account enters liquidation handling |
Liquidation and ADL
| Stage | Contract |
|---|---|
| Trigger | Margin fraction below MMR_FRACTION / max_leverage (default 0.15 / 3 = 5%) |
| Initial action | Pending orders canceled and account enters liquidation queue |
| Normal path | Match liquidation flow against available book liquidity inside price limits |
| Bankruptcy reference | Bankruptcy price is used to compute liquidation spread |
| Insurance-fund interaction | Positive spread credits the fund; negative spread debits the fund |
| ADL path | Used when liquidity, price-band, insurance-fund constraints, or min-order-size rounding prevent normal liquidation completion |
| ADL execution price | ADL trades execute at the liquidated user’s bankruptcy price |
| Insurance-fund shortfall trigger | If projected liquidation loss would exceed the remaining insurance-fund capacity, the unresolved shortfall moves into the ADL path |
| ADL counterparty selection | Opposing positions are ranked by unrealized profit and closed starting from the most profitable |
System guarantees
| Guarantee | Contract |
|---|---|
| Deterministic execution | Same ordered inputs yield consistent outcomes across operators |
| Front-running prevention | Orders stay encrypted until sequencing inside the TEE boundary |
| State commitment | State transitions are committed with cryptographic proofs and checkpointing |
What this page does not replace
| Need | Use instead |
|---|---|
| exact maintenance-threshold formulas and margin factors | Margin Requirements |
| mark-price construction and price-input sources | Price Feeds and Mark Price Inputs |
| exact error classes and recovery posture | Error Reference |
| step-by-step operational response | How to Handle Liquidations and Margin Calls or How to Handle API Errors and Recovery |