> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Vault Rating Methodology

> Understand how Webacy computes vault risk ratings — the sub-ratings, weights, penalties, floor rules, and red-flag overrides behind every letter grade.

## Overview

You get a **0–100 composite risk rating** for every vault (0 = safe, 100 = critical). The rating is built from approximately 20 sub-ratings, each weighted by importance. Additionally, additive penalties and hard state floors can raise the rating for binary danger conditions. **Higher always means riskier.**

Every number in the rating can be traced back to a specific signal. The API exposes the full sub-rating breakdown so you can tell a user *"this vault rates 78/100 because redemptions are currently closed and the admin key is an EOA with no timelock"* — not just a number.

<Tip>
  For endpoint usage, query parameters, and response format, see the [Vault Risk API Reference](/api-reference/vaults).
</Tip>

***

## Final Outputs

| Output                       | What It Means                                                                                                                                                                                                       |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Composite Rating** (0–100) | Overall risk — weighted sum of all sub-ratings + penalties + floors                                                                                                                                                 |
| **Tier**                     | `low` / `medium` / `high` / `critical` — bucketed label for the composite                                                                                                                                           |
| **listing\_verdict**         | `safe_to_list` / `caution` / `review_required` / `do_not_list` — actionable recommendation                                                                                                                          |
| **withdrawal\_risk**         | `null` / `constrained` / `delayed` / `illiquid` / `locked` / `blocked` — current exit condition (`null` when no risk applies)                                                                                       |
| **liquidity\_tier**          | `open` / `mild_stress` / `constrained` / `illiquid` / `locked` — named label for the liquidity sub-rating (measures pool-level liquidity depth, while `withdrawal_risk` reflects the user's actual ability to exit) |
| **governance\_score**        | Separate sub-rating for governance quality (centralization + upgrade + code + Webacy code)                                                                                                                          |
| **pct\_tvl\_withdrawable**   | What percentage of the vault's TVL can actually be withdrawn right now                                                                                                                                              |
| **solvency\_risk**           | Weighted sub-rating for "vault is losing money" signals                                                                                                                                                             |
| **liquidity\_risk**          | Weighted sub-rating for "users can't get out" signals                                                                                                                                                               |

***

## Sub-Ratings

Each sub-rating is 0–100. The **weight** shows how much it contributes to the final composite.

### Contract & Code Quality

| Signal           | Weight | What It Measures                                                                                                                                                              |
| ---------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Protocol Risk    | 15%    | Webacy's vault protocol-risk classification, Negligible → Blacklisted. The single largest weight because it captures protocol-level risk independent of the vault's own code. |
| Upgrade Risk     | 10%    | Is the contract a proxy? Can it be upgraded? A vault that can be upgraded without a timelock is a rug vector. Timelocks reduce this rating (7-day timelock = gold standard).  |
| Code Risk        | 10%    | Is the source code verified on-chain? How many audits does it have? Unverified = +65 sub-rating because you can't audit what you can't read.                                  |
| Webacy Code Risk | 2%     | Webacy's own vulnerability scan findings — reentrancy, unchecked calls, malicious external calls.                                                                             |

### Governance & Control

| Signal              | Weight | What It Measures                                                                                                                                                                                                                                                  |
| ------------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Centralization Risk | 12%    | Who controls the vault? EOA owner (single key) = bad. Multisig = better. A 1-of-3 multisig is still weak — we rate both the threshold (how many keys needed) and the ratio (how easy quorum is to reach). Also: does a single EOA hold the strategy manager role? |
| Strategy Risk       | 5%     | Does the vault use external strategies or leverage? More strategies = more attack surface.                                                                                                                                                                        |
| Asset Risk          | 5%     | What's the underlying stablecoin? USDC/USDT/DAI = low. Algorithmic or niche stablecoins (USR, AUSD) = high.                                                                                                                                                       |

### Liquidity & Exit

| Signal           | Weight | What It Measures                                                                                                                                                       |
| ---------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Closed Liquidity | 12%    | Are deposits or redemptions currently paused/closed? Redemption closed = can't exit = +60 sub-rating. One of the most impactful signals.                               |
| Utilization Rate | 10%    | For lending vaults: what percentage of the pool is currently borrowed? Above 95% = users can't withdraw. The curve is nonlinear — 98% rates 88/100, 100% rates 97/100. |
| Looping Risk     | 4%     | Recursive lending (borrowing to re-deposit). Amplifies liquidation cascades. 80%+ looping = 70+ sub-rating.                                                            |
| Depeg Risk       | 5%     | Is the vault's share price below \$1? For stablecoins, any deviation is a red flag. Near-zero = vault collapsed.                                                       |

### Performance & Market Behavior

| Signal      | Weight | What It Measures                                                                                     |
| ----------- | ------ | ---------------------------------------------------------------------------------------------------- |
| TVL Outflow | 2%     | Has the vault lost significant TVL recently? 50%+ drop = 100 sub-rating. Signals loss of confidence. |
| Size Risk   | 2%     | Small TVL vaults (under \$50k) are riskier, less battle-tested, easier to manipulate.                |
| Maturity    | 3%     | How old is the vault? Brand new (under 5 weeks) = +40 sub-rating. Time in production reduces risk.   |

### Oracle Type Quality

Oracle quality contributes **3%** to the composite. The sub-rating uses a **weakest-link model** — the worst oracle type found across the vault's underlying markets sets the floor.

| Oracle Type                              | Base Rating | Why                                                                   |
| ---------------------------------------- | ----------- | --------------------------------------------------------------------- |
| Major decentralized oracle networks      | 8           | Battle-tested, multi-source, heartbeat monitoring                     |
| wstETH / Pendle PT wrapped oracles       | 18          | Derived from rebase math — manipulation surface if underlying is thin |
| MorphoOracle / UrdOracle (single-source) | 28          | Single price source, no cross-reference                               |
| Unknown / unverified                     | 40          | Can't assess what isn't disclosed                                     |

<Warning>
  Any collateral token with **less than \$5M daily trading volume** raises the oracle sub-rating floor to **55** (`thin_collateral_market` flag). Below that volume threshold, a well-capitalised attacker can move the price enough to overborrow against inflated collateral — the pattern behind the Mango Markets and Cream Finance exploits.
</Warning>

***

## Additive Penalties

These fire for specific dangerous combinations or events and **add directly on top** of the weighted composite. Multiple conditions stack independently.

### Interaction Penalties

Compound risk conditions where two signals together are worse than either alone.

| Condition                                                                      | Penalty |
| ------------------------------------------------------------------------------ | ------- |
| High utilization (>95%) + single concentrated borrower                         | +10     |
| High utilization (>95%) + single concentrated depositor (holds ≥50% of shares) | +10     |
| High utilization + major TVL outflow happening simultaneously                  | +10     |
| Upgradeable contract + weak multisig (threshold ≤ 2)                           | +8      |
| Pause function present + EOA control + no meaningful timelock                  | +8      |

### Governance Behavior Penalties

On-chain governance activity that signals elevated operational risk.

| Condition                                                       | Penalty       |
| --------------------------------------------------------------- | ------------- |
| Recent contract upgrade in last 30 days                         | +12           |
| Recent contract upgrade in last 30 days + zero audits on record | +32 (stacked) |
| Repeated pausing (3+ times in 90 days)                          | +10           |
| 1–2 pause events in 90 days                                     | +5            |
| Ownership transfer in last 90 days                              | +8            |

### State & Structural Penalties

Structural conditions that indicate elevated risk regardless of other signals.

| Condition                                                  | Penalty |
| ---------------------------------------------------------- | ------- |
| Dormant vault (very low activity, not new/bot-run)         | +25     |
| Market concentration >80% in single market                 | +10     |
| Bad debt in underlying lending markets                     | +15     |
| Tight liquidation buffer (under 5%)                        | +10     |
| Exit liquidity under 5% of TVL                             | +10     |
| Webacy contract risk flagged                               | +15     |
| Webacy deployer risk flagged                               | +10     |
| Oracle gap >3x (on-chain price vs market price)            | +15     |
| Collateral depegged >20%                                   | +20     |
| ERC-4626 vault used as live price oracle in lending market | +15     |

### Yield & Liquidity Trap Penalties

Conditions related to unsustainable yield or trapped capital.

| Condition                                                                          | Penalty |
| ---------------------------------------------------------------------------------- | ------- |
| Reward-dependent yield >90% of APY from emissions                                  | +12     |
| Reward-dependent yield >70% of APY from emissions                                  | +8      |
| Reward-dependent yield >50% of APY from emissions                                  | +4      |
| Yield trap: vault locked/illiquid + reward-dependent APY >70%                      | +15     |
| Shared collateral exposure: flagged collateral token shared across multiple vaults | +10     |

***

## Hard State Floors

These ensure a catastrophic condition can **never be masked** by a low smooth rating. The composite cannot go below these values when the condition is active.

| Condition                                                           | Floor                |
| ------------------------------------------------------------------- | -------------------- |
| Redemptions closed                                                  | 75                   |
| Redemptions closed + utilization >95%                               | 80                   |
| Active depeg (share price below 0.99)                               | 70                   |
| Oracle risk >60 + liquidation proximity >40                         | 70                   |
| Exchange rate spike >2% (donation attack pattern)                   | 70                   |
| Dormant vault                                                       | 65                   |
| Exchange rate crash >1% (exploit in progress / collateral collapse) | 65                   |
| Yield trap active                                                   | 65                   |
| Exit illiquid (under 2% withdrawable)                               | 60                   |
| `listing_verdict` = `do_not_list`                                   | 75 (tier = critical) |
| `listing_verdict` = `review_required`                               | 50 (tier = high)     |

***

## Computed-but-Zeroed Signals

These are calculated and exposed in the API payload but **don't add to the weighted composite** — they feed into additive penalties or are surfaced directly for consumers.

| Signal                  | What It Is                                                                                                                                                                                                                     |
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Borrower Concentration  | Top borrower's share of total borrow across the vault's underlying lending markets. If one whale controls 80% of borrowing, the vault's liquidity is hostage to them.                                                          |
| Depositor Concentration | Top depositor's share of vault shares. A single whale exiting triggers a utilization spike that traps everyone else.                                                                                                           |
| Governance Behavior     | Recent on-chain governance events: contract upgrades (30d), pause events (90d), ownership transfers (90d). Structure-based rating alone misses behavioral patterns.                                                            |
| Yield Sustainability    | Ratio of emissions-based APY to total APY. >70% = yield collapses when rewards end, causing TVL flight and utilization spike.                                                                                                  |
| Exchange Rate Velocity  | Rate of change in vault share price since last checkpoint. Spike >2% = donation attack pattern (Venus wUSDM). Crash >1% = exploit in progress or collateral collapse.                                                          |
| ERC-4626 Oracle Risk    | Whether the vault's `convertToAssets` function is being used as a live price oracle in a lending market. Direct asset donations inflate this rate without minting shares — enabling overborrowing against inflated collateral. |
| Oracle Gap              | Worst ratio between on-chain oracle price and real market price found across collateral tokens. Large gap = oracle is stale or manipulable.                                                                                    |
| Exit Liquidity Ratio    | What fraction of TVL is withdrawable right now vs total deposited.                                                                                                                                                             |
| Market Liquidity        | Absolute USD liquidity available in the underlying lending markets.                                                                                                                                                            |
| Market Concentration    | What percentage of TVL is in the single largest lending market.                                                                                                                                                                |
| Bad Debt                | Realized losses in the underlying lending markets that won't be recovered.                                                                                                                                                     |
| Momentum                | 1-month vs 3-month CAGR divergence — is yield declining recently?                                                                                                                                                              |
| Flow Risk               | Net capital flows — large outflows signal institutional confidence loss.                                                                                                                                                       |
| Fee Drain               | Management + performance fees. >2% management fee = meaningful yield erosion.                                                                                                                                                  |
| Volatility              | Share price volatility over 3 months.                                                                                                                                                                                          |
| Drawdown                | Worst historical drawdown from peak.                                                                                                                                                                                           |
| Return Loss             | Lifetime or annualized return negative = vault is losing user capital.                                                                                                                                                         |

***

## Risk Flags

Flags are surfaced in the API alongside the rating. Each maps to one or more of the conditions above.

### Blocking Flags

These force a `do_not_list` verdict:

* `unverified`
* `redemption_closed`
* `dormant`
* `emergency_shutdown`

### Non-Blocking Flags

These are informational and do not force a verdict on their own:

`depeg` · `high_looping_exposure` · `no_audits` · `eoa_owner` · `pause_capable` · `upgradeable` · `negative_return` · `lockup_7d` · `withdrawal_delay` · `low_tvl` · `new_vault` · `deposit_closed` · `inactive` · `subvault` · `thin_collateral_market` · `concentrated_borrower` · `concentrated_depositor` · `recent_upgrade` · `unaudited_upgrade` · `repeated_pausing` · `ownership_transfer` · `exchange_rate_spike` · `exchange_rate_crash` · `erc4626_donation_risk` · `reward_dependent_yield` · `yield_trap` · `emergency_deposit_cap` · `shared_collateral_exposure`

***

## Related Resources

<CardGroup cols={2}>
  <Card title="Vault Risk API" icon="vault" href="/api-reference/vaults">
    Endpoints, query parameters, response format, and risk tags
  </Card>

  <Card title="Depeg Monitor" icon="chart-line" href="/api-reference/depeg-monitor">
    Real-time depeg risk monitoring for stablecoins and pegged assets
  </Card>
</CardGroup>
