[study] (1h) Never-pausable withdraw guarantee — design + dependent invariants

[ozpool]

Goal

Internalize PRISM's safety property and what it costs.

Time estimate

1h (single focused session)

Prerequisites

• [study] (2h) Vault ERC-20 share mechanics — mint/burn, composability, no-transfer-hook #104 (P5) — Vault ERC-20 share mechanics — mint/burn, composability, no-transfer-hook
• [study] (2h) Vault storage layout — Position[], TVL cap, pausable state #105 (P6) — Vault storage layout — Position[], TVL cap, pausable state

Study plan (in order)

1. [15 min] PRISM_PRD_v1.0.html §13 Risk (withdrawals never pausable)
2. [15 min] Implementation: pause flag only gates deposit, never touches withdraw
3. [15 min] Dependent invariants: withdraw always succeeds even during migration / incident
4. [15 min] Failure mode: if a bug blocks withdraw path, migration playbook kicks in (issue P16)

Total: 60 min

After studying, you can

• Explain why withdraw is special (funds-recovery right)
• List invariants this guarantee depends on
• Describe what happens if a bug blocks withdrawal
• Reason about when you might accept pausable withdraw (probably never)

Tradeoff prompt for the architectural review

Would you ever accept a pausable-withdraw design?

References

• PRISM_PRD_v1.0.html §13