This page is under construction
Every number in the score can be traced back to a specific signal. The API exposes the full sub-score breakdown so we can tell a user “this vault scores 78/100 because redemptions are currently closed and the admin key is an EOA with no timelock” — not just a number.
Outputs
| Output | What it means |
|---|
| Composite Score (0–100) | Overall risk — weighted sum of all sub-scores + penalties + floors |
| Tier | low / medium / high / critical — bucketed label for the composite |
| listing_verdict | safe_to_list / caution / review_required / do_not_list — actionable recommendation |
| withdrawal_state | normal / constrained / illiquid / locked / blocked — current exit condition |
| liquidity_tier | open / mild_stress / constrained / illiquid / locked — named label for the liquidity sub-score |
| governance_score | Separate sub-score for governance quality specifically (centralization + upgrade + code + webacy code) |
| pct_tvl_withdrawable | What % of the vault’s TVL can actually be withdrawn right now |
| solvency_risk | Weighted sub-score for the “vault is losing money” signals |
| liquidity_risk | Weighted sub-score for the “users can’t get out” signals |
Sub-scores
The weight shows how much it contributes to the final composite.
Contract and Code Quality
| Signal | Weight | What it measures |
|---|
| Protocol Risk | 15% | External label from Trading Strategy’s vault framework, Negligible → Blacklisted. The single largest weight because it’s an independent third-party signal. |
| Upgrade Risk | 10% | Is the contract a proxy? Can it be upgraded? A vault that can be upgraded without a timelock is a rug vector. Timelocks reduce this score (7-day timelock = gold standard). |
| Code Risk | 10% | Is the source code verified on-chain? How many audits does it have? Unverified = +65 sub-score because you can’t audit what you can’t read. |
| Webacy Code Risk | 2% | Webacy’s own vulnerability scan findings — reentrancy, unchecked calls, malicious external calls. |
Governance and Control
| Signal | Weight | What it measures |
|---|
| Centralization Risk | 12% | Who controls the vault? EOA owner (single key) = bad. Multisig = better. A 1-of-3 multisig is still weak — we score both the threshold (how many keys needed) and the ratio (how easy quorum is to reach). Also: does a single EOA hold the strategy manager role? |
| Strategy Risk | 5% | Does the vault use external strategies or leverage? More strategies = more attack surface. |
| Asset Risk | 5% | What’s the underlying stablecoin? USDC/USDT/DAI = low. Algorithmic or niche stablecoins (USR, AUSD) = high. |
Liquidity and Exit
| Signal | Weight | What it measures |
|---|
| Closed Liquidity | 12% | Are deposits or redemptions currently paused/closed? Redemption closed = can’t exit = +60 sub-score. One of the most impactful signals. |
| Utilization Rate | 10% | For lending vaults: what % of the pool is currently borrowed? Above 95% = users can’t withdraw. The curve is nonlinear — 98% scores 88/100, 100% scores 97/100. |
| Looping Risk | 4% | Recursive lending (borrowing to re-deposit). Amplifies liquidation cascades. 80%+ looping = 70+ sub-score. |
| Depeg Risk | 5% | Is the vault’s share price below $1? For stablecoins, any deviation is a red flag. Near-zero = vault collapsed. |
| Signal | Weight | What it measures |
|---|
| TVL Outflow | 2% | Has the vault lost significant TVL recently? 50%+ drop = 100 sub-score. Signals loss of confidence. |
| Size Risk | 2% | Small TVL vaults (<$50k) are riskier, less battle-tested, easier to manipulate. |
| Maturity | 3% | How old is the vault? Brand new (<5 weeks) = +40 sub-score. Time in production reduces risk. |
Oracle Type Quality
The oracle sub-score uses a weakest-link model — the worst oracle type found across all of the vault’s underlying markets sets the floor. Oracle quality is scored by type:
| Oracle Type | Base Score | Why |
|---|
| Chainlink / Chronicle / Pyth / Redstone | 8 | Battle-tested, multi-source, heartbeat monitoring |
| wstETH / Pendle PT wrapped oracles | 18 | Derived from rebase math — manipulation surface if underlying is thin |
| MorphoOracle / UrdOracle (single-source) | 28 | Single price source, no cross-reference |
| Unknown / unverified | 40 | Can’t assess what isn’t disclosed |
thin_collateral_market flag). Below that volume threshold, a well-capitalised attacker can move the price enough to overborrow against inflated collateral — the pattern behind the Mango Markets and Cream Finance exploits.
Additive Penalities
These fire for specific dangerous combinations or events and add directly on top of the weighted composite. Multiple conditions stack independently.
Interaction Penalties (Compound Risk)
| Condition | Penalty |
|---|
| High utilization (>95%) + single concentrated borrower | +10 |
| High utilization (>95%) + single concentrated depositor (holds ≥50% of shares) | +10 |
| High utilization + major TVL outflow happening simultaneously | +10 |
| Upgradeable contract + weak multisig (threshold ≤ 2) | +8 |
| Pause function present + EOA control + no meaningful timelock | +8 |
Governance Behavior Penalties (on-chain activity)
| Condition | Penalty |
|---|
| Recent contract upgrade in last 30 days | +12 |
| Recent contract upgrade in last 30 days + zero audits on record | +32 (stacked) |
| Repeated pausing (3+ times in 90 days) | +10 |
| 1–2 pause events in 90 days | +5 |
| Ownership transfer in last 90 days | +8 |
State & Structural Penalties
| Condition | Penalty |
|---|
| Dormant vault (very low activity, not new/bot-run) | +25 |
| Market concentration >80% in single market | +10 |
| Bad debt in underlying Morpho markets | +15 |
| Tight liquidation buffer (<5%) | +10 |
| Exit liquidity <5% of TVL | +10 |
| Webacy contract risk flagged | +15 |
| Webacy deployer risk flagged | +10 |
| Oracle gap >3x (on-chain price vs market price) | +15 |
| Collateral depegged >20% | +20 |
| ERC-4626 vault used as live price oracle in lending market | +15 |
Yield & Liquidity Trap Penalties
| Condition | Penalty |
|---|
| Reward-dependent yield >90% of APY from emissions | +12 |
| Reward-dependent yield >70% of APY from emissions | +8 |
| Reward-dependent yield >50% of APY from emissions | +4 |
| Yield trap: vault locked/illiquid + reward-dependent APY >70% | +15 |
| Shared collateral exposure: flagged collateral token shared across multiple vaults | +10 |
Hard State Floors (binary minimums)
These ensure a catastrophic condition can never be masked by a low smooth score. The composite cannot go below these values when the condition is active.
| Condition | Floor |
|---|
| Redemptions closed | 75 |
| Redemptions closed + utilization >95% | 80 |
| Active depeg (share price < 0.99) | 70 |
| Oracle risk >60 + liquidation proximity >40 | 70 |
| Exchange rate spike >2% (donation attack pattern) | 70 |
| Dormant vault | 65 |
| Exchange rate crash >1% (exploit in progress / collateral collapse) | 65 |
| Yield trap active | 65 |
| Exit illiquid (<2% withdrawable) | 60 |
| listing_verdict = do_not_list | 75 (tier = critical) |
| listing_verdict = review_required | 50 (tier = high) |
Computed-but-Zeroed Signals
These are calculated and exposed in the API payload but don’t add to the weighted composite — they feed into additive penalties or are surfaced directly for consumers.
| Signal | What it is |
|---|
| Borrower Concentration | Top borrower’s share of total borrow across vault’s Morpho markets. If one whale controls 80% of borrowing, the vault’s liquidity is hostage to them. |
| Depositor Concentration | Top depositor’s share of vault shares. A single whale exiting triggers a utilization spike that traps everyone else. |
| Governance Behavior | Recent on-chain governance events: contract upgrades (30d), pause events (90d), ownership transfers (90d). Structure-based scoring alone misses behavioral patterns. |
| Yield Sustainability | Ratio of emissions-based APY to total APY. >70% = yield collapses when rewards end, causing TVL flight and utilization spike. |
| Exchange Rate Velocity | Rate of change in vault share price since last checkpoint. Spike >2% = donation attack pattern (Venus wUSDM). Crash >1% = exploit in progress or collateral collapse. |
| ERC-4626 Oracle Risk | Whether the vault’s convertToAssets() function is being used as a live price oracle in a Morpho lending market. Direct asset donations inflate this rate without minting shares — enabling overborrowing against inflated collateral. |
| Oracle Gap | Worst ratio between on-chain oracle price and real market price found across collateral tokens. 9x gap = oracle is stale or manipulable. |
| Exit Liquidity Ratio | What fraction of TVL is withdrawable right now vs total deposited. |
| Morpho Liquidity | Absolute USD liquidity available in the underlying Morpho markets. |
| Market Concentration | What % of TVL is in the single largest lending market. |
| Bad Debt | Realized losses in the underlying Morpho markets that won’t be recovered. |
| Momentum | 1-month vs 3-month CAGR divergence — is yield declining recently? |
| Flow Risk | Net capital flows — large outflows signal institutional confidence loss. |
| Fee Drain | Management + performance fees. >2% management fee = meaningful yield erosion. |
| Volatility | Share price volatility over 3 months. |
| Drawdown | Worst historical drawdown from peak. |
| Return Loss | Lifetime or annualized return negative = vault is losing user capital. |
Risk Flags
Flags are surfaced in the API alongside the score. Each maps to one or more of the conditions above.
Blocking flags (force do_not_list): unverified, redemption_closed, dormant
Non-blocking flags: depeg · high_looping_exposure · no_audits · eoa_owner · pause_capable · upgradeable · negative_return · lockup_7d · withdrawal_delay · low_tvl · new_vault · deposit_closed · inactive · subvault · thin_collateral_market · concentrated_borrower · concentrated_depositor · recent_upgrade · unaudited_upgrade · repeated_pausing · ownership_transfer · exchange_rate_spike · exchange_rate_crash · erc4626_donation_risk · reward_dependent_yield · yield_trap · emergency_deposit_cap · shared_collateral_exposure
