> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Webacy Data Sources for Risk Ratings and Intelligence

> How Webacy combines real-time on-chain analysis with off-chain context to power risk ratings for wallets, tokens, contracts, vaults, and stablecoins.

Webacy generates risk intelligence using a combination of real-time on-chain analysis and supporting off-chain information.

Unlike traditional ratings or data analytics that rely heavily on periodic disclosures, static reports, or self-reported information, Webacy continuously analyzes the underlying blockchain activity that reflects the actual state of a vault (its assets, counterparties, and surrounding ecosystem), an asset, a wallet, a transaction, or anything else on the blockchain.

In certain cases, we may supplement this analysis with off-chain information when it provides meaningful context or additional evidence.

## On-Chain Intelligence

The majority of Webacy's risk signals originate from blockchain data.

Our systems continuously analyze assets, wallets, smart contracts, transactions, vaults, pools, and protocols across supported networks. The majority of this intelligence is proprietary technology that has been built in-house. For a full breakdown of what we build and our 3rd party infrastructure, see [here](/what-technology-does-webacy-build-in-house).

### Smart Contract Intelligence

Webacy evaluates smart contracts for potential security, governance, and operational risks, all in real time.

Examples include:

* Contract architecture
* Upgradeability patterns
* Administrative permissions
* Ownership structures
* Access controls
* Governance mechanisms
* Historical upgrades and changes
* Known exploit indicators
* Dependency analysis

### Asset Intelligence

We analyze the assets themselves and the ecosystems that support them.

Examples include:

* Token structure
* Supply dynamics
* Holder concentration
* Liquidity conditions
* Market depth
* Trading behavior
* Stablecoin integrity
* Wrapped asset exposure
* Bridge dependencies

### Wallet & Counterparty Intelligence

Understanding who is interacting with an asset is often as important as understanding the asset itself.

Webacy analyzes:

* Wallet behavior
* Counterparty exposure
* Fund flow patterns
* Entity relationships
* Contamination propagation
* Historical transaction activity
* Risk associations
* Behavioral anomalies

### Transaction Intelligence

Every transaction contains information that can reveal risk before funds move.

Webacy evaluates:

* Transaction simulations
* Approval permissions
* Contract interactions
* Fund destinations
* Known risk indicators
* Malicious execution patterns
* Transaction-level anomalies

### Market & Liquidity Intelligence

Risk often emerges from changing market conditions before it appears elsewhere.

Webacy continuously monitors:

* Liquidity depth
* Slippage conditions
* Trading activity
* Volatility events
* Oracle integrity
* Price deviations
* Market stress indicators

### Governance & Operational Intelligence

For protocols, vaults, and managed assets, governance can significantly impact risk.

Examples include:

* Governance concentration
* Administrative control
* Upgrade authority
* Emergency permissions
* Ownership transfers
* Operational changes
* Protocol configuration updates

## Off-Chain Intelligence

While Webacy is primarily an on-chain intelligence platform, certain off-chain information may be incorporated when it materially impacts risk.

Examples include:

### Security Reviews

* Smart contract audits
* Security assessments
* Public vulnerability disclosures
* Historical incident reports

### Issuer & Organizational Information

Where applicable, we may consider:

* Issuing organizations
* Project teams
* Governance structures
* Public disclosures
* Transparency reports

### Reserve & Attestation Information

For stablecoins and other asset-backed products, supporting evidence may include:

* Proof-of-reserve reports
* Attestations
* Custody disclosures
* Third-party verification reports

## Vault Rating Data Sources

Vault ratings combine proprietary Webacy systems with third-party blockchain infrastructure. The table below names each source and what it contributes to a vault's composite score, withdrawal signals, and risk flags. For how these signals are weighted, see [Vault Ratings](/vault-ratings) and [Vault Risk Intelligence](/vault-risk-intelligence).

### Internal sources (Webacy proprietary)

| Source                                    | What it contributes                                                                                                                                                                                        |
| ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Webacy vulnerability scanner              | Detects reentrancy, unchecked external calls, and malicious external calls. Feeds the Webacy Code Risk sub-score and the `webacy_contract_risk` additive penalty.                                          |
| Webacy contract & deployer risk           | Independent flags on the deployed contract and its deployer. Applied as additive penalties when triggered.                                                                                                 |
| Exchange-rate velocity tracking           | Share price is checkpointed across pipeline runs to detect donation-attack spikes and exploit-driven crashes. Feeds `exchange_rate_spike` / `exchange_rate_crash` flags and the corresponding hard floors. |
| Large-redemption scanner                  | Continuous scan of on-chain `Withdraw` events across the verified-vault catalog. Feeds withdrawal-risk and concentration signals.                                                                          |
| 90-day score history                      | Daily snapshots of risk score, tier, active flags, share price, and looping exposure. Powers trend deltas and the score sparkline.                                                                         |
| Composite scoring & classification engine | Weighted sub-score aggregation, additive penalties, hard state floors, listing verdict, withdrawal state, liquidity tier, and `actionability_class`.                                                       |
| Real-time monitoring                      | Live overlays for share price, lending-market utilization, vault score, and withdrawal-risk level, refreshed every \~5 minutes on top of nightly pipeline data.                                            |

### External sources

| Source                                                                                 | What it contributes                                                                                                                                                                        |
| -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Trading Strategy                                                                       | Protocol risk classification (Negligible → Blacklisted) used by the Protocol Risk sub-score, plus supporting vault-architecture context.                                                   |
| DeFiLlama                                                                              | Live share prices and audit records (last audit date, audit firms) used by the Code Risk sub-score and `no_audits` flag.                                                                   |
| Morpho Blue GraphQL                                                                    | Live utilization rates and ERC-4626 oracle-usage detection for Morpho-family vaults.                                                                                                       |
| Block explorers and indexers (Alchemy, Etherscan V2, Moralis, and per-chain fallbacks) | Raw on-chain data: `Withdraw` events, contract metadata, proxy/upgrade status, source-code verification, timelock presence, and governance events (upgrades, pauses, ownership transfers). |
| On-chain oracle feeds                                                                  | Reported oracle price per collateral token, compared against market price to derive the Oracle Gap signal and `erc4626_donation_risk` flag.                                                |
| Platform and protocol APIs                                                             | Vault-specific live data pulled directly from the source platform when it is the most accurate feed for that vault.                                                                        |

Webacy does not resell third-party risk scores. Third-party services provide raw data and reference signals; Webacy's proprietary systems generate the risk intelligence on top. For the broader split between in-house technology and third-party infrastructure, see [What Technology Does Webacy Build In-House?](/what-technology-does-webacy-build-in-house).

## Continuous Risk Intelligence

Webacy does not rely on static snapshots.

Our systems continuously evaluate changing conditions across assets, wallets, transactions, smart contracts, stablecoins, vaults, pools, protocols, counterparties, markets, and more. This allows risk assessments to reflect current conditions rather than historical assumptions, helping institutions, platforms, and users make better decisions in real time.
