Really appreciate the work that went into this draft, especially the sharded-containment reasoning and the call to not mint or sell RUNE. Two suggestions. Consider removing the attacker section. Since the bounty has no enforcement mechanism behind it, it may be cleaner to keep it out of a binding ADR and handle recovery off-protocol through forensics and law enforcement. It might also be worth adding a permanent allocation of system income toward a standing external audit retainer, dedicated adversarial review of the TSS layer, and a funded ex-ante bug bounty with a release gate tied to it. The closing notes already point at cadence outrunning review as the root cause, so it would be great to see that reflected in the binding sections. As written, the plan rebuilds one vault’s liquidity but does not yet fund anything against recurrence. Worth fixing the cause alongside the balance sheet.