Skip to main content
Webacy rates the risk of ERC-4626 vaults so you can screen, list, and monitor DeFi vaults with confidence. Every vault is scored against a versioned risk framework that spans seven categories — from smart-contract quality to counterparty and hack/exploit history — and rolls up into a single composite grade you can act on. This page is the starting point. It orients you to what the vault risk surface gives you, how the new V3 API differs from V2, and where to go to integrate.

What you get

Composite letter grade

A single A+F grade (plus a 0–100 score and star rating) summarizing overall vault risk.

Per-category contributors

See exactly which of the seven risk categories drove the grade, each with its own score and weight.

Criteria taxonomy

A dense pass / warn / fail breakdown across the framework’s individual criteria.

Coverage disclosure

Every response tells you how many criteria are live versus planned — no hidden gaps.
The seven categories are smart_contract, operational_governance, asset_collateral, market_liquidity, counterparty, hack_exploit_history, and chain_infrastructure. The vault risk surface covers six EVM chains: eth, arb, base, opt, pol, bsc.

V3 vs V2

You have two API surfaces. V3 is the newest and the recommended target for new integrations; V2 is frozen but fully supported for existing ones.
V3 (recommended)V2 (stable)
Path/api/v3/vaults/{address}/api/v2/vaults/{address}
OutputComposite letter grade, per-category contributors, criteria taxonomy, coverage0–100 risk rating, tier, listing verdict, risk tags
FrameworkVersioned, pinnable (framework_version, grading_scheme)Single fixed model
risk envelopeVerbatim pass-through of V2Native
The V2 risk envelope is preserved verbatim on every V3 response, so you can adopt V3 incrementally — read the new fields when you’re ready, ignore them until then. See the V2 → V3 migration guide for the full contract.
Score polarity: higher means worse. V3 numeric scores (composite.score, category scores, contributor scores) run 0–100 where 0 is the lowest risk and 100 is the highest — the same direction as the V2 risk.score. The letter grade keeps the conventional mapping (A+ is best, F is worst), so a low numeric score earns a high letter grade. If you build dashboards, make sure higher numbers sort and color as worse. See the polarity warning for the worked example.

Quickstart

Fetch the full V3 risk decomposition for a single vault. You need a Webacy API key (sign up here) and the vault’s contract address and chain. 
curl -X GET "https://api.webacy.com/api/v3/vaults/0x0deFfd509197aAD5207d2A55862835b467E8128F?chain=eth&grading_scheme=v1" \
  -H "x-api-key: YOUR_API_KEY"
Pin framework_version and grading_scheme from your very first call. Both default, but pinning guarantees reproducible scoring across the deprecation window — see Pin from day one.
The framework taxonomy itself is available from a public endpoint (no API key required): GET /api/v3/framework returns the full category and criteria list, so your client never drifts from the live framework.

Where to go next

Vault Risk V3 Overview

The V3 contract: versioning, polarity, upstream floor, and categories.

Vault Detail (V3)

Full request/response reference for GET /api/v3/vaults/{address}.

Framework Methodology

How composite scores are derived and why the framework is API-driven.

Framework Taxonomy

The public endpoint returning the canonical category and criteria list.

V2 → V3 Migration

Endpoint mapping, deprecation contract, and pinning guidance.

Screen and Monitor Vault Risk

Step-by-step integration guide for screening and continuous monitoring.

Vault Risk Intelligence

The data and signals available — verdicts, withdrawal risk, history, depeg.

Vault Incidents

A curated timeline of vault exploits, depegs, and governance failures.