On-Chain Intelligence
The majority of Webacy’s risk signals originate from blockchain data. Our systems continuously analyze assets, wallets, smart contracts, transactions, vaults, pools, and protocols across supported networks. The majority of this intelligence is proprietary technology that has been built in-house. For a full breakdown of what we build and our 3rd party infrastructure, see here.Smart Contract Intelligence
Webacy evaluates smart contracts for potential security, governance, and operational risks, all in real time. Examples include:- Contract architecture
- Upgradeability patterns
- Administrative permissions
- Ownership structures
- Access controls
- Governance mechanisms
- Historical upgrades and changes
- Known exploit indicators
- Dependency analysis
Asset Intelligence
We analyze the assets themselves and the ecosystems that support them. Examples include:- Token structure
- Supply dynamics
- Holder concentration
- Liquidity conditions
- Market depth
- Trading behavior
- Stablecoin integrity
- Wrapped asset exposure
- Bridge dependencies
Wallet & Counterparty Intelligence
Understanding who is interacting with an asset is often as important as understanding the asset itself. Webacy analyzes:- Wallet behavior
- Counterparty exposure
- Fund flow patterns
- Entity relationships
- Contamination propagation
- Historical transaction activity
- Risk associations
- Behavioral anomalies
Transaction Intelligence
Every transaction contains information that can reveal risk before funds move. Webacy evaluates:- Transaction simulations
- Approval permissions
- Contract interactions
- Fund destinations
- Known risk indicators
- Malicious execution patterns
- Transaction-level anomalies
Market & Liquidity Intelligence
Risk often emerges from changing market conditions before it appears elsewhere. Webacy continuously monitors:- Liquidity depth
- Slippage conditions
- Trading activity
- Volatility events
- Oracle integrity
- Price deviations
- Market stress indicators
Governance & Operational Intelligence
For protocols, vaults, and managed assets, governance can significantly impact risk. Examples include:- Governance concentration
- Administrative control
- Upgrade authority
- Emergency permissions
- Ownership transfers
- Operational changes
- Protocol configuration updates
Off-Chain Intelligence
While Webacy is primarily an on-chain intelligence platform, certain off-chain information may be incorporated when it materially impacts risk. Examples include:Security Reviews
- Smart contract audits
- Security assessments
- Public vulnerability disclosures
- Historical incident reports
Issuer & Organizational Information
Where applicable, we may consider:- Issuing organizations
- Project teams
- Governance structures
- Public disclosures
- Transparency reports
Reserve & Attestation Information
For stablecoins and other asset-backed products, supporting evidence may include:- Proof-of-reserve reports
- Attestations
- Custody disclosures
- Third-party verification reports
Vault Rating Data Sources
Vault ratings combine proprietary Webacy systems with third-party blockchain infrastructure. The table below names each source and what it contributes to a vault’s composite score, withdrawal signals, and risk flags. For how these signals are weighted, see Vault Ratings and Vault Risk Intelligence.Internal sources (Webacy proprietary)
| Source | What it contributes |
|---|---|
| Webacy vulnerability scanner | Detects reentrancy, unchecked external calls, and malicious external calls. Feeds the Webacy Code Risk sub-score and the webacy_contract_risk additive penalty. |
| Webacy contract & deployer risk | Independent flags on the deployed contract and its deployer. Applied as additive penalties when triggered. |
| Exchange-rate velocity tracking | Share price is checkpointed across pipeline runs to detect donation-attack spikes and exploit-driven crashes. Feeds exchange_rate_spike / exchange_rate_crash flags and the corresponding hard floors. |
| Large-redemption scanner | Continuous scan of on-chain Withdraw events across the verified-vault catalog. Feeds withdrawal-risk and concentration signals. |
| 90-day score history | Daily snapshots of risk score, tier, active flags, share price, and looping exposure. Powers trend deltas and the score sparkline. |
| Composite scoring & classification engine | Weighted sub-score aggregation, additive penalties, hard state floors, listing verdict, withdrawal state, liquidity tier, and actionability_class. |
| Real-time monitoring | Live overlays for share price, lending-market utilization, vault score, and withdrawal-risk level, refreshed every ~5 minutes on top of nightly pipeline data. |
External sources
| Source | What it contributes |
|---|---|
| Trading Strategy | Protocol risk classification (Negligible → Blacklisted) used by the Protocol Risk sub-score, plus supporting vault-architecture context. |
| DeFiLlama | Live share prices and audit records (last audit date, audit firms) used by the Code Risk sub-score and no_audits flag. |
| Morpho Blue GraphQL | Live utilization rates and ERC-4626 oracle-usage detection for Morpho-family vaults. |
| Block explorers and indexers (Alchemy, Etherscan V2, Moralis, and per-chain fallbacks) | Raw on-chain data: Withdraw events, contract metadata, proxy/upgrade status, source-code verification, timelock presence, and governance events (upgrades, pauses, ownership transfers). |
| On-chain oracle feeds | Reported oracle price per collateral token, compared against market price to derive the Oracle Gap signal and erc4626_donation_risk flag. |
| Platform and protocol APIs | Vault-specific live data pulled directly from the source platform when it is the most accurate feed for that vault. |
