You get a 0–100 composite risk rating for every vault (0 = safe, 100 = critical). The rating is built from approximately 20 sub-ratings, each weighted by importance. Additionally, additive penalties and hard state floors can raise the rating for binary danger conditions. Higher always means riskier.Every number in the rating can be traced back to a specific signal. The API exposes the full sub-rating breakdown so you can tell a user “this vault rates 78/100 because redemptions are currently closed and the admin key is an EOA with no timelock” — not just a number.
null / constrained / delayed / illiquid / locked / blocked — current exit condition (null when no risk applies)
liquidity_tier
open / mild_stress / constrained / illiquid / locked — named label for the liquidity sub-rating (measures pool-level liquidity depth, while withdrawal_risk reflects the user’s actual ability to exit)
governance_score
Separate sub-rating for governance quality (centralization + upgrade + code + Webacy code)
pct_tvl_withdrawable
What percentage of the vault’s TVL can actually be withdrawn right now
solvency_risk
Weighted sub-rating for “vault is losing money” signals
liquidity_risk
Weighted sub-rating for “users can’t get out” signals
External label from Trading Strategy’s vault framework, Negligible → Blacklisted. The single largest weight because it’s an independent third-party signal.
Upgrade Risk
10%
Is the contract a proxy? Can it be upgraded? A vault that can be upgraded without a timelock is a rug vector. Timelocks reduce this rating (7-day timelock = gold standard).
Code Risk
10%
Is the source code verified on-chain? How many audits does it have? Unverified = +65 sub-rating because you can’t audit what you can’t read.
Who controls the vault? EOA owner (single key) = bad. Multisig = better. A 1-of-3 multisig is still weak — we rate both the threshold (how many keys needed) and the ratio (how easy quorum is to reach). Also: does a single EOA hold the strategy manager role?
Strategy Risk
5%
Does the vault use external strategies or leverage? More strategies = more attack surface.
Asset Risk
5%
What’s the underlying stablecoin? USDC/USDT/DAI = low. Algorithmic or niche stablecoins (USR, AUSD) = high.
Are deposits or redemptions currently paused/closed? Redemption closed = can’t exit = +60 sub-rating. One of the most impactful signals.
Utilization Rate
10%
For lending vaults: what percentage of the pool is currently borrowed? Above 95% = users can’t withdraw. The curve is nonlinear — 98% rates 88/100, 100% rates 97/100.
Oracle quality contributes 3% to the composite. The sub-rating uses a weakest-link model — the worst oracle type found across the vault’s underlying markets sets the floor.
Oracle Type
Base Rating
Why
Chainlink / Chronicle / Pyth / Redstone
8
Battle-tested, multi-source, heartbeat monitoring
wstETH / Pendle PT wrapped oracles
18
Derived from rebase math — manipulation surface if underlying is thin
MorphoOracle / UrdOracle (single-source)
28
Single price source, no cross-reference
Unknown / unverified
40
Can’t assess what isn’t disclosed
Any collateral token with less than $5M daily trading volume raises the oracle sub-rating floor to 55 (thin_collateral_market flag). Below that volume threshold, a well-capitalised attacker can move the price enough to overborrow against inflated collateral — the pattern behind the Mango Markets and Cream Finance exploits.
These ensure a catastrophic condition can never be masked by a low smooth rating. The composite cannot go below these values when the condition is active.
Condition
Floor
Redemptions closed
75
Redemptions closed + utilization >95%
80
Active depeg (share price below 0.99)
70
Oracle risk >60 + liquidation proximity >40
70
Exchange rate spike >2% (donation attack pattern)
70
Dormant vault
65
Exchange rate crash >1% (exploit in progress / collateral collapse)
These are calculated and exposed in the API payload but don’t add to the weighted composite — they feed into additive penalties or are surfaced directly for consumers.
Signal
What It Is
Borrower Concentration
Top borrower’s share of total borrow across vault’s Morpho markets. If one whale controls 80% of borrowing, the vault’s liquidity is hostage to them.
Depositor Concentration
Top depositor’s share of vault shares. A single whale exiting triggers a utilization spike that traps everyone else.
Ratio of emissions-based APY to total APY. >70% = yield collapses when rewards end, causing TVL flight and utilization spike.
Exchange Rate Velocity
Rate of change in vault share price since last checkpoint. Spike >2% = donation attack pattern (Venus wUSDM). Crash >1% = exploit in progress or collateral collapse.
ERC-4626 Oracle Risk
Whether the vault’s convertToAssets function is being used as a live price oracle in a Morpho lending market. Direct asset donations inflate this rate without minting shares — enabling overborrowing against inflated collateral.
Oracle Gap
Worst ratio between on-chain oracle price and real market price found across collateral tokens. Large gap = oracle is stale or manipulable.
Exit Liquidity Ratio
What fraction of TVL is withdrawable right now vs total deposited.
Morpho Liquidity
Absolute USD liquidity available in the underlying Morpho markets.
Market Concentration
What percentage of TVL is in the single largest lending market.
Bad Debt
Realized losses in the underlying Morpho markets that won’t be recovered.
Momentum
1-month vs 3-month CAGR divergence — is yield declining recently?
Flow Risk
Net capital flows — large outflows signal institutional confidence loss.
