Why Pre-Allocation Due Diligence Matters
Catch It Before Capital Moves
Screen contracts, deployers, and liquidity before you list or allocate, not after funds are locked
Deployer-Level Signal
Surface a deployer’s history across other contracts, not just the asset in front of you
One Workflow, Any Asset Type
Tokens, vaults, stablecoins, and RWAs all resolve through the same due diligence chain
- Cheapest checks first: contract and threat screening return in milliseconds, before you spend time on deeper liquidity or rating analysis
- Deployer risk, not just contract risk:
deployer_risk=truesurfaces what else the deployer has shipped and whether it was flagged - Graded ratings for regulated-adjacent assets: vaults, stablecoins, and RWAs get an A+ to F composite grade, not just a raw score
- Fail-closed by design: missing or stale data is treated as unknown risk, never as a pass
Prerequisites
Before running due diligence, ensure you have:- A Webacy API key (sign up here)
- Basic familiarity with REST APIs or the Webacy SDK
- Your listing, collateral-onboarding, or allocation workflow identified for integration points
Step 1: Scan the Contract and Its Deployer
Start with the cheapest, fastest check. Every new asset is a contract, scan it, and pull its deployer’s history in the same call withdeployer_risk=true.
Step 2: Assess the Address for Threats
Contract scanning tells you about the code. Address screening tells you about behavior, run the candidate asset’s contract address (and, separately, any admin or treasury address tied to it) through threat assessment.Step 3: Break Down Market and Liquidity
A clean contract with no liquidity is still a bad allocation. Pull the token’s pools to see where price discovery actually happens and how deep the liquidity is.
Spot the difference, two pools, one healthy allocation candidate:
Both pools can carry the same
poolType label. Only reserve, lockedLiquidityPercent, and lpHolderCount tell you which one you can trust.
Step 4: Pull the Graded Rating (Vaults, Stablecoins, RWAs)
If the candidate asset is an ERC-4626 vault, a stablecoin, or a real-world asset, pull its graded v3 rating. Use the right endpoint for the asset type:
Depeg detail fields to use (stablecoins):
For deeper coverage of depeg monitoring, see the Monitor Stablecoin Depeg Risk guide.
There is no
stale or generated_at field on the v3 detail endpoints, use metadata.last_scored_at to judge freshness, and fail closed per the hard-gating rules if it’s older than your policy allows.Complete Due Diligence Workflow
Here’s how the full playbook fits together, from a new asset landing on your desk to an allocate/review/reject decision.Implementation Example
Full TypeScript Implementation
Full TypeScript Implementation
Example Addresses for Testing
API Quick Reference
Authentication:
Ready to Ship?
- Get your API key: Takes 2 minutes
- Run the workflow against the example addresses: Confirm each step returns the fields your policy needs
- Wire the decision function into your listing or allocation pipeline: Fail closed on missing or stale data
Next Steps
Ongoing Risk Monitoring
Keep watching an asset after you’ve allocated to it
Contract Risk API
Full reference for the contract and deployer risk scan
Vault Risk (V3) API
Full reference for the graded vault rating
Depeg Monitor API
Full reference for stablecoin and RWA depeg detail
