> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Vault Ratings

> How Webacy scores DeFi vaults on a 0–100 composite risk scale from weighted sub-scores, additive penalties, and hard state floors.

<Info>
  This is the **V2 risk-score methodology** — the 0–100 composite that the V3 vault surface maps to a letter grade. For the V3 framework (seven weighted categories, composite letter grade, criteria taxonomy) see [Vault Risk V3](/api-reference/vault-risk-v3/v3-overview). The 0–100 score here is the same value V3 reports as `composite.score`.
</Info>

**How it works:** Every vault gets a 0–100 composite risk score (0 = safe, 100 = critical). It's built from \~20 sub-scores, each weighted by importance. Additionally, additive penalties and hard state floors can force the score higher for binary danger conditions. A higher score means a riskier vault.

<Info>
  Every number in the score can be traced back to a specific signal. The API exposes the full sub-score breakdown so we can tell a user "this vault scores 78/100 because redemptions are currently closed and the admin key is an EOA with no timelock" — not just a number.
</Info>

## Letter grade

The 0–100 composite maps to a letter grade via the standard `grading_scheme=v2` scale (lower risk = better grade):

| Grade                           | Risk score |   | Grade                           | Risk score |
| ------------------------------- | ---------- | - | ------------------------------- | ---------- |
| <span class="gb gb-a">A+</span> | 0–5        |   | <span class="gb gb-c">C+</span> | 47–56      |
| <span class="gb gb-a">A</span>  | 6–12       |   | <span class="gb gb-c">C</span>  | 57–66      |
| <span class="gb gb-a">A-</span> | 13–20      |   | <span class="gb gb-c">C-</span> | 67–77      |
| <span class="gb gb-b">B+</span> | 21–28      |   | <span class="gb gb-d">D</span>  | 78–88      |
| <span class="gb gb-b">B</span>  | 29–37      |   | <span class="gb gb-f">F</span>  | 89–100     |
| <span class="gb gb-b">B-</span> | 38–46      |   |                                 |            |

See the [full grading contract](/api-reference/vault-risk-v3/framework-methodology#letter-grade-mapping).

# Outputs

| Output                  | What it means                                                                                            |
| ----------------------- | -------------------------------------------------------------------------------------------------------- |
| Composite Score (0–100) | Overall risk — weighted sum of all sub-scores + penalties + floors                                       |
| Tier                    | `low` / `medium` / `high` / `critical` — bucketed label for the composite                                |
| listing\_verdict        | `safe_to_list` / `caution` / `review_required` / `do_not_list` — actionable recommendation               |
| withdrawal\_state       | `normal` / `constrained` / `illiquid` / `locked` / `blocked` — current exit condition                    |
| liquidity\_tier         | `open` / `mild_stress` / `constrained` / `illiquid` / `locked` — named label for the liquidity sub-score |
| governance\_score       | Separate sub-score for governance quality specifically (centralization + upgrade + code + webacy code)   |
| pct\_tvl\_withdrawable  | What % of the vault's TVL can actually be withdrawn right now                                            |
| solvency\_risk          | Weighted sub-score for the "vault is losing money" signals                                               |
| liquidity\_risk         | Weighted sub-score for the "users can't get out" signals                                                 |

# Sub-scores

 The weight shows how much it contributes to the final composite.

### Contract and Code Quality

| Signal           | Weight | What it measures                                                                                                                                                              |
| ---------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Protocol Risk    | 15%    | Webacy's vault protocol-risk classification, Negligible → Blacklisted. The single largest weight because it captures protocol-level risk independent of the vault's own code. |
| Upgrade Risk     | 10%    | Is the contract a proxy? Can it be upgraded? A vault that can be upgraded without a timelock is a rug vector. Timelocks reduce this score (7-day timelock = gold standard).   |
| Code Risk        | 10%    | Is the source code verified on-chain? How many audits does it have? Unverified = +65 sub-score because you can't audit what you can't read.                                   |
| Webacy Code Risk | 2%     | Webacy's own vulnerability scan findings — reentrancy, unchecked calls, malicious external calls.                                                                             |

### Governance and Control

| Signal              | Weight | What it measures                                                                                                                                                                                                                                                   |
| ------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Centralization Risk | 12%    | Who controls the vault? EOA owner (single key) = bad. Multisig = better. A 1-of-3 multisig is still weak — we score both the threshold (how many keys needed) and the ratio (how easy quorum is to reach). Also: does a single EOA hold the strategy manager role? |
| Strategy Risk       | 5%     | Does the vault use external strategies or leverage? More strategies = more attack surface.                                                                                                                                                                         |
| Asset Risk          | 5%     | What's the underlying stablecoin? USDC/USDT/DAI = low. Algorithmic or niche stablecoins (USR, AUSD) = high.                                                                                                                                                        |

### Liquidity and Exit

| Signal           | Weight | What it measures                                                                                                                                                |
| ---------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Closed Liquidity | 12%    | Are deposits or redemptions currently paused/closed? Redemption closed = can't exit = +60 sub-score. One of the most impactful signals.                         |
| Utilization Rate | 10%    | For lending vaults: what % of the pool is currently borrowed? Above 95% = users can't withdraw. The curve is nonlinear — 98% scores 88/100, 100% scores 97/100. |
| Looping Risk     | 4%     | Recursive lending (borrowing to re-deposit). Amplifies liquidation cascades. 80%+ looping = 70+ sub-score.                                                      |
| Depeg Risk       | 5%     | Is the vault's share price below \$1? For stablecoins, any deviation is a red flag. Near-zero = vault collapsed.                                                |

### Performance and Market Behavior

| Signal      | Weight | What it measures                                                                                    |
| ----------- | ------ | --------------------------------------------------------------------------------------------------- |
| TVL Outflow | 2%     | Has the vault lost significant TVL recently? 50%+ drop = 100 sub-score. Signals loss of confidence. |
| Size Risk   | 2%     | Small TVL vaults (\<\$50k) are riskier, less battle-tested, easier to manipulate.                   |
| Maturity    | 3%     | How old is the vault? Brand new (\<5 weeks) = +40 sub-score. Time in production reduces risk.       |

### How these sub-scores map to V3 categories

In V3, you'll see these V2 sub-scores regrouped into [seven weighted risk categories](/api-reference/vault-risk-v3/framework-methodology#what-each-category-measures). The mapping below is a **conceptual correspondence** — it shows where each signal appears, not the exact scoring wiring (the V3 composite is computed from its own framework, not by re-bucketing these V2 weights).

| V2 sub-score                                                             | V3 category              |
| ------------------------------------------------------------------------ | ------------------------ |
| Protocol Risk, Upgrade Risk, Code Risk, Webacy Code Risk, Maturity       | `smart_contract`         |
| Centralization Risk, timelock & pause controls, admin-change monitoring  | `operational_governance` |
| Asset Risk, Depeg Risk, Oracle quality                                   | `asset_collateral`       |
| Closed Liquidity, Utilization Rate, Looping Risk, TVL Outflow, Size Risk | `market_liquidity`       |
| Strategy Risk                                                            | `counterparty`           |

`hack_exploit_history` is driven by the additive penalties and risk flags below (for example, recent exploit, ownership transfer, repeated pausing) rather than a single weighted sub-score. `chain_infrastructure` is reserved and carries no V2 signal today.

For details on what each V3 category measures and representative criteria, see [What each category measures](/api-reference/vault-risk-v3/framework-methodology#what-each-category-measures).

# Oracle Type Quality

The oracle sub-score uses a **weakest-link model** — the worst oracle type found across all of the vault's underlying markets sets the floor. Oracle quality is scored by type:

| Oracle Type                              | Base Score | Why                                                                   |
| ---------------------------------------- | ---------- | --------------------------------------------------------------------- |
| Major decentralized oracle networks      | 8          | Battle-tested, multi-source, heartbeat monitoring                     |
| wstETH / Pendle PT wrapped oracles       | 18         | Derived from rebase math — manipulation surface if underlying is thin |
| MorphoOracle / UrdOracle (single-source) | 28         | Single price source, no cross-reference                               |
| Unknown / unverified                     | 40         | Can't assess what isn't disclosed                                     |

Additionally: any collateral token with **\<\$5M daily trading volume** raises the oracle sub-score floor to 55 (`thin_collateral_market` flag). Below that volume threshold, a well-capitalised attacker can move the price enough to overborrow against inflated collateral — the pattern behind the Mango Markets and Cream Finance exploits.

# Additive Penalties

These fire for specific dangerous combinations or events and add directly on top of the weighted composite. Multiple conditions stack independently.

### Interaction Penalties (Compound Risk)

| Condition                                                                      | Penalty |
| ------------------------------------------------------------------------------ | ------- |
| High utilization (>95%) + single concentrated borrower                         | +10     |
| High utilization (>95%) + single concentrated depositor (holds ≥50% of shares) | +10     |
| High utilization + major TVL outflow happening simultaneously                  | +10     |
| Upgradeable contract + weak multisig (threshold ≤ 2)                           | +8      |
| Pause function present + EOA control + no meaningful timelock                  | +8      |

### **Governance Behavior Penalties (on-chain activity)**

| Condition                                                           | Penalty       |
| ------------------------------------------------------------------- | ------------- |
| Recent contract upgrade in last 30 days                             | +12           |
| Recent contract upgrade in last 30 days **+ zero audits on record** | +32 (stacked) |
| Repeated pausing (3+ times in 90 days)                              | +10           |
| 1–2 pause events in 90 days                                         | +5            |
| Ownership transfer in last 90 days                                  | +8            |

### **State & Structural Penalties**

| Condition                                                  | Penalty |
| ---------------------------------------------------------- | ------- |
| Dormant vault (very low activity, not new/bot-run)         | +25     |
| Market concentration >80% in single market                 | +10     |
| Bad debt in underlying lending markets                     | +15     |
| Tight liquidation buffer (\<5%)                            | +10     |
| Exit liquidity \<5% of TVL                                 | +10     |
| Webacy contract risk flagged                               | +15     |
| Webacy deployer risk flagged                               | +10     |
| Oracle gap >3x (on-chain price vs market price)            | +15     |
| Collateral depegged >20%                                   | +20     |
| ERC-4626 vault used as live price oracle in lending market | +15     |

### **Yield & Liquidity Trap Penalties**

| Condition                                                                              | Penalty |
| -------------------------------------------------------------------------------------- | ------- |
| Reward-dependent yield >90% of APY from emissions                                      | +12     |
| Reward-dependent yield >70% of APY from emissions                                      | +8      |
| Reward-dependent yield >50% of APY from emissions                                      | +4      |
| **Yield trap**: vault locked/illiquid + reward-dependent APY >70%                      | +15     |
| **Shared collateral exposure**: flagged collateral token shared across multiple vaults | +10     |

# Hard State Floors (binary minimums)

These ensure a catastrophic condition can never be masked by a low smooth score. The composite cannot go *below* these values when the condition is active.

| Condition                                                           | Floor                |
| ------------------------------------------------------------------- | -------------------- |
| Redemptions closed                                                  | 75                   |
| Redemptions closed + utilization >95%                               | 80                   |
| Active depeg (share price \< 0.99)                                  | 70                   |
| Oracle risk >60 + liquidation proximity >40                         | 70                   |
| Exchange rate spike >2% (donation attack pattern)                   | 70                   |
| Dormant vault                                                       | 65                   |
| Exchange rate crash >1% (exploit in progress / collateral collapse) | 65                   |
| Yield trap active                                                   | 65                   |
| Exit illiquid (\<2% withdrawable)                                   | 60                   |
| listing\_verdict = do\_not\_list                                    | 75 (tier = critical) |
| listing\_verdict = review\_required                                 | 50 (tier = high)     |

# Computed-but-Zeroed Signals

These are calculated and exposed in the API payload but don't add to the weighted composite — they feed into additive penalties or are surfaced directly for consumers.

| Signal                  | What it is                                                                                                                                                                                                                     |
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Borrower Concentration  | Top borrower's share of total borrow across the vault's underlying lending markets. If one whale controls 80% of borrowing, the vault's liquidity is hostage to them.                                                          |
| Depositor Concentration | Top depositor's share of vault shares. A single whale exiting triggers a utilization spike that traps everyone else.                                                                                                           |
| Governance Behavior     | Recent on-chain governance events: contract upgrades (30d), pause events (90d), ownership transfers (90d). Structure-based scoring alone misses behavioral patterns.                                                           |
| Yield Sustainability    | Ratio of emissions-based APY to total APY. >70% = yield collapses when rewards end, causing TVL flight and utilization spike.                                                                                                  |
| Exchange Rate Velocity  | Rate of change in vault share price since last checkpoint. Spike >2% = donation attack pattern (Venus wUSDM). Crash >1% = exploit in progress or collateral collapse.                                                          |
| ERC-4626 Oracle Risk    | Whether the vault's convertToAssets() function is being used as a live price oracle in a lending market. Direct asset donations inflate this rate without minting shares — enabling overborrowing against inflated collateral. |
| Oracle Gap              | Worst ratio between on-chain oracle price and real market price found across collateral tokens. 9x gap = oracle is stale or manipulable.                                                                                       |
| Exit Liquidity Ratio    | What fraction of TVL is withdrawable right now vs total deposited.                                                                                                                                                             |
| Market Liquidity        | Absolute USD liquidity available in the underlying lending markets.                                                                                                                                                            |
| Market Concentration    | What % of TVL is in the single largest lending market.                                                                                                                                                                         |
| Bad Debt                | Realized losses in the underlying lending markets that won't be recovered.                                                                                                                                                     |
| Momentum                | 1-month vs 3-month CAGR divergence — is yield declining recently?                                                                                                                                                              |
| Flow Risk               | Net capital flows — large outflows signal institutional confidence loss.                                                                                                                                                       |
| Fee Drain               | Management + performance fees. >2% management fee = meaningful yield erosion.                                                                                                                                                  |
| Volatility              | Share price volatility over 3 months.                                                                                                                                                                                          |
| Drawdown                | Worst historical drawdown from peak.                                                                                                                                                                                           |
| Return Loss             | Lifetime or annualized return negative = vault is losing user capital.                                                                                                                                                         |

# Risk Flags

Flags are surfaced in the API alongside the score. Each maps to one or more of the conditions above.

**Blocking flags** (force do\_not\_list): unverified, redemption\_closed, dormant

**Non-blocking flags**: depeg · high\_looping\_exposure · no\_audits · eoa\_owner · pause\_capable · upgradeable · negative\_return · lockup\_7d · withdrawal\_delay · low\_tvl · new\_vault · deposit\_closed · inactive · subvault · thin\_collateral\_market · concentrated\_borrower · concentrated\_depositor · recent\_upgrade · unaudited\_upgrade · repeated\_pausing · ownership\_transfer · exchange\_rate\_spike · exchange\_rate\_crash · erc4626\_donation\_risk · reward\_dependent\_yield · yield\_trap · emergency\_deposit\_cap · shared\_collateral\_exposure
