Before sequencing
These checks run before the order receives a sequence number. The mark price (the risk price used for margin and liquidation) is the reference input for the notional, price-deviation, and margin checks in this stage.| Check | Rule | Rejection or error |
|---|---|---|
| Market support | The symbol must refer to a listed market. | UnsupportedMarket |
| Strategy presence | The trader must have at least one strategy, and the named strategy must exist. | NoStrategies, StrategyNotFound |
| Collateral floor | The strategy must hold at least 0.000001 USDC of collateral before it can place an order. | NotEnoughCollateral |
| Order type and price coherence | Market orders must use price 0; limit orders must use a positive price. | OrderTypeIncompatibleWithPrice, OrderPriceNeg |
| Tick-size validity | A priced order must use an exact multiple of that market’s tick size. Market-specific tick sizes are listed on Product and Trading Specifications. | PriceNotMultipleOfTickSize |
| Minimum-size validity | The amount must be positive and an exact multiple of that market’s minimum order size. Market-specific minimum sizes are listed on Product and Trading Specifications. | OrderAmountZeroNeg, OrderAmountNotMultipleOfMinOrderSize |
| Maximum order notional | amount × mark_price must stay within that market’s maximum order notional. Market-specific limits are listed on Product and Trading Specifications. | MaxOrderNotionalBreached |
| Open-order cap | One strategy can hold at most 20 open orders in one market. | TooManyOrders |
| Priced-order deviation check | A priced order must stay within that market’s max_taker_price_deviation from mark price. Market orders skip this admission check because they do not carry an explicit price. Market-specific deviation limits are listed on Product and Trading Specifications. | MaxTakerPriceDeviationBreached |
| Mark-price availability | A current mark price must exist for the symbol. | MarketPriceNotAvailable (503 ServiceUnavailable) |
| Initial margin admission check | If the order could open or increase exposure, the post-trade open margin fraction must remain at least as large as the post-trade initial margin fraction. | OMFLessThanIMF |
OMF >= IMF rule is evaluated on the post-trade strategy state, including resting orders that could increase exposure. The formulas and worked cases are on Margin Requirements.
During matching
Once an order has been sequenced, the matcher can still refuse paths that would violate execution safety rules.| Guard | What it does | What happens |
|---|---|---|
| Same-strategy self-match prevention | If the incoming order reaches resting liquidity from the same strategy, matching stops at that point. | Remaining size is rejected as SelfMatch on ORDER_UPDATE. Earlier fills, if any, still stand. |
| Mark-relative taker price band | If the incoming order has no tighter limit than the book, matching will not cross beyond the market’s max_taker_price_deviation from mark price. This is the effective price band for market orders. | The out-of-band remainder is rejected as MaxTakerPriceDeviation. Any in-band fills before the guard still stand. |
| Taker solvency guard | The matcher limits or rejects the incoming order if the next fill would push the taker through a solvency boundary. | The unfillable remainder is rejected as SolvencyGuard. If no fill was possible, the order is rejected in full; if earlier fills happened, the remainder is partially rejected. |
| Maker solvency guard | The matcher removes or reduces resting maker liquidity that cannot remain solvent through the trade path. | The maker order is canceled from the book. This appears as a cancellation outcome, not as a new taker-side safety failure. |
| No-liquidity rejection | A market order that finds no eligible liquidity, or exhausts eligible liquidity before it is complete, does not rest on the book. | The remaining amount is rejected as NoLiquidity. |
| Post-only guard | A post-only order cannot take liquidity immediately. | The order is rejected as PostOnlyViolation. |
Price bands
The matching price band is a hard stop tied to mark price, and it still applies after the request has passed sequencing.| Incoming order shape | Effective limit |
|---|---|
| Limit buy | The lower of the order’s own limit price and the mark-relative upper band |
| Limit sell | The higher of the order’s own limit price and the mark-relative lower band |
| Market buy | The mark-relative upper band |
| Market sell | The mark-relative lower band |
max_taker_price_deviation values live on Price Feeds and Mark Price Inputs and Product and Trading Specifications.
After liquidation starts
These controls apply after a strategy already has open exposure. They take over once the strategy’s ongoing solvency falls below the maintenance threshold.| Stage | Rule |
|---|---|
| Trigger | A strategy becomes liquidatable when its margin fraction falls below its maintenance margin ratio. |
| First response | The strategy is frozen and all of its resting orders are canceled before liquidation begins. |
| Liquidation sale | Each liquidated position is matched against opposing book liquidity, subject to the same minimum-order-size granularity and mark-relative taker price band used elsewhere in the engine. |
| Bankruptcy reference | Liquidation economics are measured against the position’s bankruptcy price (the price at which the strategy’s remaining collateral would be fully consumed). |
| Insurance-fund accounting | Positive liquidation spread credits the insurance fund; negative liquidation spread debits it. |
| ADL fallback | If the book runs out, the next liquidation fill rounds below minimum size, the remaining book is outside the allowed price band, or the insurance fund cannot absorb further negative spread, the unresolved remainder moves to ADL. |
| ADL counterparty order | Opposing positions are ranked by unrealized PnL at the bankruptcy price, highest first, with a deterministic strategy-key tie-break. |
| ADL execution price | ADL closes the remainder at the liquidated position’s bankruptcy price. |
| Final strategy state | When liquidation finishes, the liquidated strategy’s positions are closed and its available USDC collateral is zeroed. |
Typical outcomes
These cases show how the safeguards compose in practice.| Case | Outcome |
|---|---|
A limit order uses a valid price and size, but posting the full size would leave post-trade OMF < IMF. | The request is rejected before sequencing with OMFLessThanIMF. |
| A market buy reaches the best ask, but the next available ask is outside the product’s mark-relative band. | Any in-band fills stand. The out-of-band remainder is rejected as MaxTakerPriceDeviation. |
| An incoming order fills one opposing order, then the next order in queue belongs to the same strategy. | The earlier fill stands. The remaining amount is rejected as SelfMatch. |
| A taker order can fill some size safely, but the next slice would violate the taker’s solvency guard. | The safe fill stands. The remaining amount is rejected as SolvencyGuard. |
| A liquidated strategy can sell part of its position into the book, but the rest would require out-of-band prices or more insurance-fund loss than the engine allows. | The liquidation sale stops, and ADL closes the remainder at bankruptcy price. |
What Appears Publicly
Different safeguards appear in different public interfaces.| Stage | Where it appears | What to read |
|---|---|---|
| Admission failure before sequencing | HTTP response from POST /v2/request | error_reason and, for 422 SafetyFailure, safety_failure |
| Matching-time order rejection | ORDER_UPDATE | orderRejection |
| Matching-time cancel or modify rejection | ORDER_UPDATE | cancelRejection |
| Liquidation fills | ORDER_UPDATE and STRATEGY_UPDATE | reason = Liquidation on both feeds |
| ADL effects | STRATEGY_UPDATE | reason = ADL |
| Withdrawal-side protections | STRATEGY_UPDATE or TRADER_UPDATE | Withdrawal rejection fields on the account-event feeds |
MarketPriceNotAvailable is the one pre-sequencing safety failure that currently returns 503 ServiceUnavailable instead of 422 SafetyFailure.
Taken together, these safeguards can stop or alter an order in three places: before sequencing, during matching, and during stressed-path resolution once an open strategy is no longer safe to keep open.