What are some common pitfalls when deploying a new subnet?

When you deploy a new subnet, the most reliable pitfalls come from misconfigurations in the core pieces that define its security, governance, and inter-subnet interactions. The best choice points to several concrete risk areas: the VM setup inside the subnet, validator eligibility (who is allowed to participate and how they’re vetted), governance processes (how upgrades and policy changes are decided), security gaps within the VM itself, and how cross-subnet calls are configured. If the VM is misconfigured, you can end up with incorrect execution or broken isolation. If validator eligibility is off, the subnet may lack enough or the right validators to secure it. Governance errors can prevent essential upgrades or apply the wrong rules, undermining control and evolution. Security gaps in the VM open the door to exploits, while misconfigured cross-subnet calls can break communication with other subnets or create vulnerability in data flows. Other options describe issues that aren’t as central to the typical deployment risk—like assuming cross-subnet messaging can be endlessly tuned without first fixing the basics, or treating the presence of validators as optional—which are not representative of the common pitfalls you’ll encounter.