Overview The Vault Risk endpoints provide risk scores and due diligence data for ERC-4626 vaults across 6 EVM chains. Scores are computed by a multi-factor pipeline that evaluates vault structure, governance, liquidity, code quality, asset risk, performance, and protocol risk — producing 7 risk categories with 41 possible risk tags.
Each response includes a standard risk field in the same format used by all other Webacy risk endpoints (Threat Risks, Token Analysis, Depeg Monitor), so you can consume vault risk data using the same schema.
Endpoints
List Vaults GET /vaults — Paginated list of all rated ERC-4626 vaults with risk scores, filtering, sorting, and ecosystem aggregates
Vault Detail GET /vaults/{address}?chain={chain} — Full risk decomposition with lending market data, vault composition, and code analysis findings.
Key Concepts Risk Score (0-100) You get a composite risk score for each vault, based on weighted signals across 7 categories:
Category Description Vault Structure Architecture, upgradeability, and strategy complexity Governance & Access Control Ownership model, admin controls, timelock configuration Liquidity & Withdrawal Withdrawal capacity, lockups, utilization, and bad debt Code Quality Contract verification, audits, and exploit history Asset & Market Underlying asset quality, depeg risk, and oracle reliability Performance Returns, TVL trends, maturity, and operational activity Protocol Risk Underlying protocol framework and curation status
Risk Tiers Tier Score Interpretation critical75-100 Severe risk, immediate attention required high50-74 Elevated risk, close monitoring needed medium25-49 Moderate risk, review recommended low0-24 Normal conditions, low risk unknownN/A Vault has not been scored
Listing Verdicts You get a listing verdict for each vault to help decide whether to surface it to users:
Verdict Condition do_not_listHas blocking risk tags or score >= 75 review_requiredScore >= 55 cautionScore >= 30 or unscored safe_to_listScore < 30
Standard Risk Response The risk field on each vault follows the same structure used by all Webacy risk endpoints:
{ "risk" : { "score" : 100 , "count" : 4 , "medium" : 2 , "high" : 2 , "overallRisk" : 100 , "issues" : [ { "score" : 100 , "tags" : [ { "type" : "vault_performance_risk" , "key" : "vault-dormant" , "name" : "Dormant Vault" , "description" : "Vault has fewer than 10 on-chain events, indicating negligible activity." , "severity" : 10 , "context" : { "detected_at" : "2026-03-31T16:43:01.093Z" } } ], "categories" : { "vault_performance_risk" : { "key" : "vault_performance_risk" , "name" : "Performance" , "description" : "Risk factors related to vault returns, TVL trends, maturity, and operational activity." , "tags" : { "vault-dormant" : true } } } } ] } }
Supported Chains eth, arb, base, opt, pol, bscQuery Parameters The list endpoint supports both offset-based and cursor-based pagination:
Mode Parameters Description Offset page (default: 1), pageSize (default: 50, max: 500)Traditional page-based pagination Cursor cursor, limit (default: 100, max: 500)Opaque cursor for efficient large-set traversal
Filters Parameter Type Description chainstring Filter by chain (eth, arb, base, opt, pol, bsc) tierstring Filter by risk tier (low, medium, high, critical, unknown) protocolstring Filter by protocol (morpho, aave, compound, euler, spark, fluid, beefy, yearn) contractTypestring Filter by type (erc4626_vault, strategy_vault, lending_wrapper, bridge_vault) underlyingstring Filter by underlying asset symbol (e.g., USDC) underlyingRiskstring Underlying risk tier (battle_tested, medium_risk, high_risk, crypto, unknown) minTvlnumber Minimum TVL in USD minScorenumber Minimum risk score (0-100) maxScorenumber Maximum risk score (0-100) attentionNeededboolean Filter to vaults needing attention riskFlagsstring Comma-separated risk tag keys to filter by riskFlagsModestring How to combine risk flags: any (OR) or all (AND) qstring Search by vault name, symbol, or address
Sorting Sort Key Description score_desc / score_ascRisk score (highest/lowest first) tvl_desc / tvl_ascTVL (largest/smallest first) apy_descAPY (highest first) looping_descLooping rate (highest first) name_ascVault name (alphabetical)
Vault Detail The detail endpoint (GET /vaults/{address}?chain={chain}) returns everything from the list endpoint plus:
Looping markets — Recursive lending positions with rates, collateral, and utilizationVault composition — Underlying asset allocation breakdownLending market data — Protocol-specific metadata (curator, rewards, market allocations) with support for multiple lending marketsWebacy findings — Smart contract code analysis resultsLST collateral markets — Liquid staking token redemption data
Vault Structure Tag Name Severity Description vault-upgradeableUpgradeable Contract 6 Proxy contract can be upgraded by admin vault-subvaultSubvault 3 Vault-of-vault nested structure vault-emergency-shutdownEmergency Shutdown 10 Vault in emergency shutdown mode
Governance & Access Control Tag Name Severity Description vault-eoa-ownerEOA Owner 6 Owned by EOA (not multisig/timelock) vault-pause-capablePause Capable 4 Has pause functionality vault-pending-admin-changePending Admin Change 6 Governance admin change pending vault-no-timelockNo Timelock 6 No timelock delay on admin actions vault-low-timelockLow Timelock 4 Timelock shorter than recommended
Liquidity & Withdrawal Tag Name Severity Description vault-redemption-closedRedemption Closed 10 Users cannot withdraw vault-high-loopingHigh Looping Exposure 7 Significant recursive lending exposure vault-lockup-7d7-Day Lockup 5 Lockup exceeding 7 days vault-deposit-closedDeposit Closed 5 No longer accepting deposits vault-withdrawal-delayWithdrawal Delay 4 Processing delay on withdrawals vault-high-utilisationMaxed Utilization 6 Above 95% utilization vault-low-utilisationIdle Utilization 3 Below 10% utilization vault-bad-debtBad Debt 8 Outstanding bad debt exceeding $1,000 vault-morpho-low-liquidityVery Low Liquidity 7 Morpho market liquidity very low
Code Quality Tag Name Severity Description vault-unverified-contractUnverified Contract 10 Source code not verified on block explorer vault-no-auditsNo Audits 6 No known security audits vault-exploit-historyExploit History 8 Protocol has known exploit or hack vault-not-battle-testedNot Battle Tested 4 Less than 6 months on mainnet
Asset & Market Tag Name Severity Description vault-share-price-depegShare Price Depeg 8 Share price deviated from expected peg vault-oracle-warningOracle Warning 8 Oracle reliability concerns vault-lst-redemption-lagLST Redemption Lag 5 LST collateral with redemption delays vault-synth-assetSynthetic Asset 5 Holds synthetic or wrapped assets vault-supply-spikeSupply Spike 8 Minted supply in 24h exceeds 40% of total vault-underlying-depeggingUnderlying Depegging 7 Underlying asset experiencing depeg vault-underlying-depeg-criticalUnderlying Depeg Critical 9 Critical depeg severity on underlying
Tag Name Severity Description vault-dormantDormant Vault 10 Fewer than 10 on-chain events vault-negative-returnNegative Return 5 Negative lifetime return vault-low-tvlLow TVL 4 Below minimum TVL threshold vault-inactiveInactive Vault 4 10-50 on-chain events vault-newNew Vault 3 Recently deployed, insufficient history vault-momentum-decliningMomentum Declining 4 1-month CAGR below 3-month CAGR vault-capital-outflowCapital Outflow 4 Net capital outflow vault-high-feesHigh Fees 4 Above-average fees vault-beefy-eolBeefy End of Life 8 No longer actively maintained by Beefy vault-strategy-lossStrategy Loss 7 Realized loss event vault-retiredRetired Vault 8 No longer generating yield
Protocol Risk Tag Name Severity Description vault-morpho-not-whitelistedNot Whitelisted 5 Not on Morpho curated whitelist vault-yearn-high-riskYearn High Risk 7 Elevated risk per Yearn framework
Common Use Cases Use Case Endpoint Parameters Dashboard overview GET /vaultssort=score_desc&pageSize=50Filter by chain GET /vaultschain=eth&tier=low&sort=tvl_descFind USDC vaults GET /vaultsunderlying=USDC&sort=apy_descHigh-TVL vaults only GET /vaultsminTvl=1000000&sort=tvl_descVaults needing attention GET /vaultsattentionNeeded=true&sort=score_descSearch by name GET /vaultsq=MorphoMorpho vaults with looping GET /vaultsprotocol=morpho&riskFlags=vault-high-loopingSingle vault detail GET /vaults/{address}?chain={chain}address = 0x1234..., chain = eth
Example Workflow Prerequisites: You need an API key (passed via the x-api-key header), the base URL https://api.webacy.com, and for detail requests, the vault’s contract address (0x...) and chain identifier (eth, arb, base, opt, pol, or bsc).
Screen a Vault Before Listing # 1. Search for the vault curl -X GET "https://api.webacy.com/vaults?q=USDC-WLFI&chain=eth" \ -H "x-api-key: YOUR_API_KEY" # 2. Get full risk detail curl -X GET "https://api.webacy.com/vaults/0x0deFfd509197aAD5207d2A55862835b467E8128F?chain=eth" \ -H "x-api-key: YOUR_API_KEY"
Monitor High-Risk Vaults # Get all critical-tier vaults needing attention curl -X GET "https://api.webacy.com/vaults?tier=critical&attentionNeeded=true&sort=tvl_desc" \ -H "x-api-key: YOUR_API_KEY"
Depeg Monitor Real-time depeg risk monitoring for stablecoins and pegged assets
Risk Tags Reference Complete list of all risk tags returned by Webacy risk endpoints
