1. Overview
  2. Autheo Validator Node Purchase & License Agreement (v1.0)
  3. EXHIBIT E — Risk Disclosures

EXHIBIT E — Risk Disclosures

Version 1.0 — Effective October 17, 2025

Scope

This Exhibit summarizes material risks associated with purchasing a validator license and operating or delegating a validator on the Autheo network. It is not exhaustive. By proceeding, you acknowledge and accept these risks and those inherent to decentralized systems.

Protocol and Software Risks

1) Defects and exploits. Validator, client, and dependency code may contain undiscovered bugs or vulnerabilities that could result in downtime, slashing, or loss of funds.

2) Upgrades and regressions. Mandatory or emergency upgrades can introduce regressions or change validator duties and hardware requirements.

3) Dependency stack. Consensus clients, databases, libraries, operating systems, and drivers are third-party components that can fail or conflict.

Network and Operations Risks

1) Liveness issues. Congestion, network partitions, DDoS, or peer misbehavior can impair performance or prevent participation.

2) Infrastructure failures. Power, ISP, cloud, or hardware failures can cause missed duties or data loss.

3) Time sync and clock drift. Poor timekeeping can degrade performance and increase slash risk.

4) Force majeure. Natural disasters, regional outages, and widespread platform incidents may disrupt service.

Key Management and Security Risks

1) Key compromise. Theft, leakage, or misuse of validator keys can cause double-signing, slashing, or permanent loss.

2) Operational error. Misconfigurations (e.g., running duplicate validators, unsafe failover) can trigger penalties.

3) Backup and recovery. Corrupt or incomplete backups, or flawed recovery procedures, can prolong downtime or lead to inconsistent state.

Slashing, Penalties, and Economic Risks

1) Protocol penalties. Equivocation, double-signing, and other consensus faults may result in slashing, jailing, or reward forfeiture.

2) Performance impact. Downtime, missed attestations/blocks, and version skew reduce rewards for affected periods.

3) Variable outcomes. Emissions and fees are determined by protocol logic and may change via governance. No APR/APY, price, or liquidity is promised.

4) Market volatility. Token markets are volatile; prices can move rapidly and unpredictably.

Governance and Policy Risks

1) Parameter changes. Governance may adjust emissions, fees, security thresholds, upgrade cadence, or other parameters on a forward-looking basis.

2) Emergency actions. Autheo or governance may take emergency actions (e.g., hotfixes, temporary halts, accelerated upgrades) to preserve network security, which can affect validator duties and economics.

Regulatory, Sanctions, and Tax Risks

1) Legal uncertainty. Laws and regulations applicable to validators, tokens, staking, data, and privacy may change and could affect your eligibility or obligations.

2) Sanctions and KYC. Transfers and distributions may be paused, withheld, or denied if required to comply with sanctions, identity verification, or other legal obligations.

3) Tax treatment. You are solely responsible for tax reporting and payments; tax outcomes vary by jurisdiction and may change.

Third-Party and Supply-Chain Risks

1) Providers and vendors. ISPs, cloud platforms, HSMs, remote signers, and monitoring services may fail, degrade, or change terms.

2) Open source. Third-party open-source software is provided under its own licenses and without warranties; maintainers may discontinue support.

Transaction Finality and Irreversibility

1) Permanent effects. On-chain transactions are generally irreversible. Errors in addresses, fees, or contract interactions can result in permanent loss.

2) Forks. Chain reorganizations or contentious forks may alter historical records or validator sets, requiring reconfiguration and operational decisions.

Privacy and Data Risks

1) Metadata exposure. Network and operational telemetry can reveal infrastructure patterns or locations.

2) Data handling. Personal data submitted for compliance is handled per the Autheo Privacy Notice; any breach at a third-party provider may expose such data despite reasonable safeguards.

No Fiduciary Duties; Limited Remedies

1) No advisory role. Autheo does not act as your advisor or fiduciary; you must conduct independent due diligence.

2) Limited remedies. To the maximum extent permitted by law, your remedies are limited as described in the Agreement; Autheo is not liable for indirect or consequential damages arising from the above risks.

Operator Responsibilities

1) Continuous diligence. You are responsible for secure operation, timely patching, monitoring, and incident response consistent with Exhibit B.

2) Incident reporting. You must promptly report suspected key compromise, double-sign events, or major misconfigurations and follow mitigation steps.

3) Compliance. You must satisfy ongoing eligibility requirements, including KYC/OFAC screening where applicable.

Assumption of Risk and Acknowledgment

By purchasing, holding, transferring, operating, or delegating a validator license, you represent that you understand and accept the foregoing risks; that you have the technical ability or qualified assistance to operate securely; and that you are not relying on any promise of profit, price appreciation, or specific financial outcome.

© 2025 AUTHEO Legal