Skip to main content
Webacy generates risk intelligence using a combination of real-time on-chain analysis and supporting off-chain information. Unlike traditional ratings or data analytics that rely heavily on periodic disclosures, static reports, or self-reported information, Webacy continuously analyzes the underlying blockchain activity that reflects the actual state of a vault (its assets, counterparties, and surrounding ecosystem), an asset, a wallet, a transaction, or anything else on the blockchain. In certain cases, we may supplement this analysis with off-chain information when it provides meaningful context or additional evidence.

On-Chain Intelligence

The majority of Webacy’s risk signals originate from blockchain data. Our systems continuously analyze assets, wallets, smart contracts, transactions, vaults, pools, and protocols across supported networks. The majority of this intelligence is proprietary technology that has been built in-house. For a full breakdown of what we build and our 3rd party infrastructure, see here.

Smart Contract Intelligence

Webacy evaluates smart contracts for potential security, governance, and operational risks, all in real time. Examples include:
  • Contract architecture
  • Upgradeability patterns
  • Administrative permissions
  • Ownership structures
  • Access controls
  • Governance mechanisms
  • Historical upgrades and changes
  • Known exploit indicators
  • Dependency analysis

Asset Intelligence

We analyze the assets themselves and the ecosystems that support them. Examples include:
  • Token structure
  • Supply dynamics
  • Holder concentration
  • Liquidity conditions
  • Market depth
  • Trading behavior
  • Stablecoin integrity
  • Wrapped asset exposure
  • Bridge dependencies

Wallet & Counterparty Intelligence

Understanding who is interacting with an asset is often as important as understanding the asset itself. Webacy analyzes:
  • Wallet behavior
  • Counterparty exposure
  • Fund flow patterns
  • Entity relationships
  • Contamination propagation
  • Historical transaction activity
  • Risk associations
  • Behavioral anomalies

Transaction Intelligence

Every transaction contains information that can reveal risk before funds move. Webacy evaluates:
  • Transaction simulations
  • Approval permissions
  • Contract interactions
  • Fund destinations
  • Known risk indicators
  • Malicious execution patterns
  • Transaction-level anomalies

Market & Liquidity Intelligence

Risk often emerges from changing market conditions before it appears elsewhere. Webacy continuously monitors:
  • Liquidity depth
  • Slippage conditions
  • Trading activity
  • Volatility events
  • Oracle integrity
  • Price deviations
  • Market stress indicators

Governance & Operational Intelligence

For protocols, vaults, and managed assets, governance can significantly impact risk. Examples include:
  • Governance concentration
  • Administrative control
  • Upgrade authority
  • Emergency permissions
  • Ownership transfers
  • Operational changes
  • Protocol configuration updates

Off-Chain Intelligence

While Webacy is primarily an on-chain intelligence platform, certain off-chain information may be incorporated when it materially impacts risk. Examples include:

Security Reviews

  • Smart contract audits
  • Security assessments
  • Public vulnerability disclosures
  • Historical incident reports

Issuer & Organizational Information

Where applicable, we may consider:
  • Issuing organizations
  • Project teams
  • Governance structures
  • Public disclosures
  • Transparency reports

Reserve & Attestation Information

For stablecoins and other asset-backed products, supporting evidence may include:
  • Proof-of-reserve reports
  • Attestations
  • Custody disclosures
  • Third-party verification reports

Vault Rating Data Sources

Vault ratings combine proprietary Webacy systems with third-party blockchain infrastructure. The table below names each source and what it contributes to a vault’s composite score, withdrawal signals, and risk flags. For how these signals are weighted, see Vault Ratings and Vault Risk Intelligence.

Internal sources (Webacy proprietary)

SourceWhat it contributes
Webacy vulnerability scannerDetects reentrancy, unchecked external calls, and malicious external calls. Feeds the Webacy Code Risk sub-score and the webacy_contract_risk additive penalty.
Webacy contract & deployer riskIndependent flags on the deployed contract and its deployer. Applied as additive penalties when triggered.
Exchange-rate velocity trackingShare price is checkpointed across pipeline runs to detect donation-attack spikes and exploit-driven crashes. Feeds exchange_rate_spike / exchange_rate_crash flags and the corresponding hard floors.
Large-redemption scannerContinuous scan of on-chain Withdraw events across the verified-vault catalog. Feeds withdrawal-risk and concentration signals.
90-day score historyDaily snapshots of risk score, tier, active flags, share price, and looping exposure. Powers trend deltas and the score sparkline.
Composite scoring & classification engineWeighted sub-score aggregation, additive penalties, hard state floors, listing verdict, withdrawal state, liquidity tier, and actionability_class.
Real-time monitoringLive overlays for share price, lending-market utilization, vault score, and withdrawal-risk level, refreshed every ~5 minutes on top of nightly pipeline data.

External sources

SourceWhat it contributes
Trading StrategyProtocol risk classification (Negligible → Blacklisted) used by the Protocol Risk sub-score, plus supporting vault-architecture context.
DeFiLlamaLive share prices and audit records (last audit date, audit firms) used by the Code Risk sub-score and no_audits flag.
Morpho Blue GraphQLLive utilization rates and ERC-4626 oracle-usage detection for Morpho-family vaults.
Block explorers and indexers (Alchemy, Etherscan V2, Moralis, and per-chain fallbacks)Raw on-chain data: Withdraw events, contract metadata, proxy/upgrade status, source-code verification, timelock presence, and governance events (upgrades, pauses, ownership transfers).
On-chain oracle feedsReported oracle price per collateral token, compared against market price to derive the Oracle Gap signal and erc4626_donation_risk flag.
Platform and protocol APIsVault-specific live data pulled directly from the source platform when it is the most accurate feed for that vault.
Webacy does not resell third-party risk scores. Third-party services provide raw data and reference signals; Webacy’s proprietary systems generate the risk intelligence on top. For the broader split between in-house technology and third-party infrastructure, see What Technology Does Webacy Build In-House?.

Continuous Risk Intelligence

Webacy does not rely on static snapshots. Our systems continuously evaluate changing conditions across assets, wallets, transactions, smart contracts, stablecoins, vaults, pools, protocols, counterparties, markets, and more. This allows risk assessments to reflect current conditions rather than historical assumptions, helping institutions, platforms, and users make better decisions in real time.