Vault Risk Methodology
How we score vault risk and decide what’s safe to list
Risk Tiers
Each vault receives a risk score from 0–100 (higher = riskier), which maps to a tier:
Risk Rating
The headline signal on every vault is a letter grade from A+ to F. It’s mapped from the composite risk score (0–100, where 0 is safest and 100 is riskiest) — the lower the score, the better the grade:
The grade comes straight from the risk score, so solid engineering can never mask an active problem — a vault that’s depegging or has a blocking redemption state carries a high risk score and grades accordingly. Bands are tighter at the safe end, where small score differences matter most.
What We Measure
The risk score is a weighted blend across several dimensions. No single dimension can dominate — a high score reflects multiple dimensions pointing the same way. We weigh:
Smart-contract and protocol track record, including any history of incidents.
Quality of the underlying collateral and how stably the vault’s share price holds its peg.
Who controls the vault — admin keys, multisig vs. single-owner, and upgrade authority.
Whether holders can actually redeem — available liquidity, utilization, and any redemption gates.
Contract verification, security-audit coverage, and automated code-risk analysis.
Returns, drawdowns, capital flows, and signs of dormancy or decline.
Risk Breakdown Categories
Each vault's overall score is backed by per-category sub-scores (0–100, higher = riskier) — the same breakdown shown in the “Risk Breakdown” panel on every vault detail page and returned by the vaults API. A category only appears on a vault when its signal is present:
Risk that the underlying asset loses its peg. Higher means the asset has already drifted from its reference price or shows signs of instability.
Rate of recent withdrawals from the vault. Higher means a large share of deposits has exited in the observation window.
Worst peak-to-trough loss in vault share price over the lookback. Higher means larger realised losses for depositors.
Static analysis of the vault contract source. Higher means more dangerous patterns were flagged (unchecked calls, unrestricted admin surface, etc.).
Risk derived from the deployer address — prior deployments, funding source, and historical incidents.
On-chain behaviour of the contract — mutability, admin actions, ownership, and abnormal state changes.
Share of vault assets recursively lent and borrowed to amplify yield. Higher means more leverage and liquidation sensitivity.
Share of vault capital currently deployed vs idle. Very high utilisation amplifies withdrawal-queue risk during drawdowns.
Risk from the price oracle(s) the vault depends on — staleness, single-source exposure, and manipulation surface.
Intrinsic risk of the underlying collateral — LST/LRT exposure, depeg history, and concentration in volatile tokens.
How much of the vault is controlled by a single admin, multisig, or EOA without timelock guards.
Risk from the host protocol — governance, prior incidents, audit coverage, and operational maturity.
Upgradeability surface of the contract. Higher means the admin can materially change vault behaviour without user consent.
Short-term directional move in vault share price. Higher means a sharp adverse move in the recent window.
On-chain liquidity available to exit the vault. Higher means redemptions may have market-impact cost.
Listing Verdict
The verdict combines the risk score with hard gates: any blocking flag (or a closed / locked redemption state) forces “Do not list” regardless of score.
Withdrawal Risk Levels
Redemptions are fully closed — no exit possible.
Paused, or a lockup period is in effect — funds can’t be withdrawn until it clears.
Nominally open, but there isn’t enough liquidity to redeem at current size.
Withdrawals work but face friction — high utilization, queues, or an enforced delay before redemption completes.
Key Risk Flags
Contract source code is not verified on the block explorer.
Withdrawals are currently disabled.
No meaningful activity for an extended period — likely abandoned.
Vault owned by a single externally-owned account (no multisig / timelock).
Contract can be upgraded by an admin.
No known security audits for this vault.
High recursive-lending exposure, which amplifies losses under stress.
Underlying asset or share price is showing depeg risk.
Vault has negative lifetime returns.
Very small total value locked.
Recently deployed, with limited track record.
Data Sources
Strategy classification, APY, returns, and volatility.
Current share prices and protocol total value locked.
Available redemption liquidity and market utilization rates.
Source-code verification and on-chain contract configuration.
Automated code analysis, contract-level risk, and deployer reputation.
Want this data via API?
Every score, grade and signal on this page is available through the Webacy API — plug it straight into your own product.