Risks

Technical risks

1. Vulnerabilities in Smart Contracts

   • Risk: Code errors (reentrancy, overflow, incorrect escrow logic, or NFT burning) may result in loss of user funds.

   • Preventive measures:

     1. Independent audit. Before each major release (Escrow, Staking, DAO contract), we engage a third-party audit firm with experience in blockchain systems (OpenZeppelin, CertiK, Trail of Bits).

     2. Proven core. We use standard and tested libraries (OpenZeppelin), and we minimize the amount of "our" low-level code.

     3. Bug Bounty program. We organize rewards for finding vulnerabilities before public launch; regularly launch paid competitions among the "echo" communities (white-hat hackers).

2. Blockchain network failures or node overload

   • Risk: Transaction delays, node failures, or full mempools increase gas costs or make transactions impossible.

   • Preventive measures:

     1. Multichain architecture. Launch of the main functionality on the BNB Chain network (low fees, high throughput) with the ability to quickly switch to alternative networks (Arbitrum, Solana) in case of problems.

     2. Own nodes and backup providers. We maintain a cluster of our own RPC nodes and sign a contract with two independent providers (Infura/QuickNode or similar) for automatic failover.

     3. Monitoring and alerts. We monitor the node status, transaction confirmation time 24/7, and automatically switch to a working connection in case of failures.

3. Regression tests and updates

   • Risk: new versions of smart contracts or backend may “break” already working functionality.

   • Preventive measures:

     1. Automated regression tests. Each pull request to the repository initiates a full test suite (unit tests, integration tests with a local chain).

     2. Version control and staged deployment. New contracts and microservices are deployed first to the testnet, then to a limited environment (canary release), and only after testing — to production.

---

Financial risks

1. BAFEX rate volatility

   • Risk: A sharp drop in the token price reduces confidence in the platform, and users may refuse to stake and pay in BAFEX.

   • Preventive measures:

     1. Balanced tokenomics. Clearly limited initial emission (10 billion) plus annual cap on additional emission (≤ 2%) for staking rewards.

     2. Buyback & Burn. Part of the platform's commissions go towards buying BAFEX tokens from the market and burning them, which reduces circulation and smooths out price fluctuations.

     3. Reserve fund in stablecoins. To ensure against sharp drawdowns, we keep part of the assets in USDT/USDC so that we can maintain liquidity and catch the price.

2. Lack of liquidity

   • Risk: the inability to quickly sell or buy prominent BAFEX positions on DEX/CEX, leading to price slippage.

   • Preventive measures:

     1. Liquidity Pool: We are creating large first pools on PancakeSwap/Uniswap with 15% of tokens reserved for this purpose.

     2. Market Makers. We enter into contracts with professional market makers who provide 24/7 market depth and liquidity.

     3. Institutional parity. We invite institutional partners (funds, venture companies) to participate in trading and staking to dilute market flows.

3. Unfair behavior of large holders (whales)

   • Risk: Large holders suddenly dump their token holdings, causing the price to collapse.

   • Preventive measures:

     1. Vesting and Cliffs. For the team, advisors, and early investors, we introduce a 6-12 month cliff, then a gradual unlocking over 24-36 months. This reduces the likelihood of a sharp collapse.

     2. DAO threshold: To initiate drastic changes (new token issue, staking adjustments), at least 10% of all tokens must vote; this makes it difficult for one large holder to “capture” control.

     3. Diversification of holders. When conducting IDO/ICO, we strive to attract as many independent participants as possible, reducing the concentration of tokens in the hands of a small number of addresses.

4. Diversification of funds

   • Risk: all project assets are concentrated in one category (e.g., only BAFEX or only stablecoins) - vulnerability to category risks.

   • Preventive measures:

     1. Multicurrency reserves. The reserve fund is planned to be held in three asset classes: BAFEX (30%), USDT/USDC (50%), and ETH/BNB (20%) for partial diversification.

     2. Regular review. We review the reserve portfolio quarterly, adjusting shares depending on the market situation and volatility analysis.

---

Regulatory risks

1. Potential legislative changes

   • Risk: Governments may suddenly tighten regulations for cryptocurrencies or marketplaces (taxes, bans, additional licenses).

   • Preventive measures:

     1. Legal flexibility. Opening a company in Dubai's free zones (DMCC, Dubai Silicon Oasis) provides flexibility in quickly adapting to new regulations.

     2. Regular monitoring of legislation. Weekly check of regulatory news through third-party legal consultants (Al Tamimi & Company, Clyde & Co, etc.).

     3. Risk insurance. Partial insurance of smart-contract errors and legal liability through specialized insurance offices (e.g., Lloyd’s Syndicate).

2. Ban on cryptocurrency in certain jurisdictions

   • Risk: Users from countries where the crypto market is restricted or banned (Iran, North Korea, some regions of Africa) may face blocked access.

   • Preventive measures:

     1. Geo-blocking. As required by law, we will restrict registration and trading for IP addresses from the OFAC/UN "black list".

     2. Informing users. When registering or attempting to access, the system will display a notification that BAFEX cannot be used in a region where cryptocurrency is prohibited.

     3. Legal protection. In the user agreement (Terms of Use), we stipulate: "BAFEX is not responsible for blocking by the state. The user undertakes to comply with local laws."

3. Licensing requirements and VARA compliance

   • Risk: The absence or expiration of a VASP license will lead to the suspension of operations and fines (up to 10% of annual turnover).

   • Preventive measures:

     1. Submitting an application to VARA. Immediately after registration, we submit an application for VASP status, starting the procedure of collecting documents (financial reports, company structure, KYC/AML procedures).

     2. Transition to DMCC. In parallel, we register a subsidiary legal entity in the DMCC free zone with a Crypto License, which will allow more flexible work with virtual assets until the main license is obtained.

     3. 24/7 legal support. Contract with local lawyers (to be announced, current option - Al Tamimi & Company) for quick response to changes, consultations, and appeals to regulators.

---

Legal Risks

1. Regulatory restrictions in different regions

   • Despite Dubai's loyalty, a number of countries prohibit cryptocurrency transactions (for example, Türkiye, Russia, and India may introduce sudden restrictions). BAFEX is not responsible for the violation of local laws by the end user.

   • When entering the international market, BAFEX may face the need to register or obtain additional licenses in the EU (MiCA - Markets in Crypto-Assets Regulation), the UK (FCA), the US (FinCEN, SEC), and other jurisdictions.

2. Potential risks of blocking/restrictions

   • VARA Compliance: Failure to renew a license on time or violation of VARA Regulations may result in suspension of operations and fines (up to 10% of total turnover).

   • Banking restrictions: UAE banks and global payment providers may refuse to open an account or provide services if they deem the business model too risky.

   • Fintech regulators: UAE to tighten controls on virtual assets from 2025; BAFEX must adapt to new regulations in a timely manner (e.g., changes to VARA Core Principles, liquid reserve requirements).

3. Excerpts from current legislation

   • VARA Virtual Assets and Related Activities Regulations 2023: describes the list of permitted/prohibited activities, reporting and audit requirements (updates are published on the official VARA website) vara.ae.

   • UAE Federal Decree No. 111 (2024): introduces new regulations for crypto businesses in DMCC, requiring companies to submit an annual economic report (Economic Substance Regulations) and maintain qualified staff.

   • UAE Personal Data Protection Law (No. 45 of 2021): sets out rules for the processing and transfer of users' personal data, with hefty fines for leaks and violations.

Global risks

• Risk: Implementation of cryptocurrency payments into more mainstream marketplaces.

• Preventive measures:

  1. Flexible commissions and bonuses. Reduce the commission for sellers to 1%, distribute cashback up to 10% and encourage activity with BAFEX tokens.

  2. Localization. We open the door for millions of sellers who find it challenging to enter large platforms due to bureaucracy, high fees, and country blocks. BAFEX reduces these barriers.