DD

Vault Risk Methodology

How we score vault risk and decide what’s safe to list

Back to Vault MonitorAPI docs

Risk Tiers

Each vault receives a risk score from 0–100 (higher = riskier), which maps to a tier:

Low
0 – 24
Well-established, audited, battle-tested
Medium
25 – 49
Some risk factors present
High
50 – 74
Significant risk, review first
Critical
75 – 100
Severe risk, active issues

Safety Grade

The headline signal on every vault is a letter grade from A+ to F. It’s computed from a safety score (0–100, the inverse of the risk score — so higher is safer), then mapped to a grade:

A+
90–100
A
80–89
A-
70–79
B+
60–69
B
50–59
B-
40–49
C+
30–39
C
20–29
C-
10–19
D
5–9
F
0–4

Hard caps stop solid engineering from masking an active problem: a vault in the medium-risk range can’t grade above B+, the high-risk range above C+, and one in the critical range — or with a blocking redemption state — is capped at D no matter how well-built it is.

What We Measure

The risk score is a weighted blend across several dimensions. No single dimension can dominate — a high score reflects multiple dimensions pointing the same way. We weigh:

Protocol maturity

Smart-contract and protocol track record, including any history of incidents.

Asset quality & peg

Quality of the underlying collateral and how stably the vault’s share price holds its peg.

Governance & centralization

Who controls the vault — admin keys, multisig vs. single-owner, and upgrade authority.

Exitability & liquidity

Whether holders can actually redeem — available liquidity, utilization, and any redemption gates.

Code & audits

Contract verification, security-audit coverage, and automated code-risk analysis.

Track record & performance

Returns, drawdowns, capital flows, and signs of dormancy or decline.

Listing Verdict

The verdict combines the risk score with hard gates: any blocking flag (or a closed / locked redemption state) forces “Do not list” regardless of score.

Safe to list
< 30
No blocking flags, low risk across all dimensions
Caution
30 – 54
Moderate risk, review underlying positions
Review required
55 – 74
High risk, manual review before listing
Do not list
≥ 75
Critical risk or a blocking flag is present

Withdrawal Risk Levels

Blocked

Redemptions are fully closed — no exit possible.

Locked

Paused, or a lockup period is in effect — funds can’t be withdrawn until it clears.

Illiquid

Nominally open, but there isn’t enough liquidity to redeem at current size.

Constrained

Withdrawals work but face friction — high utilization, queues, or an enforced delay before redemption completes.

Key Risk Flags

unverifiedBlocking

Contract source code is not verified on the block explorer.

redemption_closedBlocking

Withdrawals are currently disabled.

dormantBlocking

No meaningful activity for an extended period — likely abandoned.

eoa_ownerHigh

Vault owned by a single externally-owned account (no multisig / timelock).

upgradeableHigh

Contract can be upgraded by an admin.

no_auditsHigh

No known security audits for this vault.

high_loopingMedium

High recursive-lending exposure, which amplifies losses under stress.

depegMedium

Underlying asset or share price is showing depeg risk.

negative_returnMedium

Vault has negative lifetime returns.

low_tvlLow

Very small total value locked.

new_vaultLow

Recently deployed, with limited track record.

Data Sources

Vault metadata & performance

Strategy classification, APY, returns, and volatility.

Live pricing & TVL

Current share prices and protocol total value locked.

Lending-market liquidity & utilization

Available redemption liquidity and market utilization rates.

Contract verification

Source-code verification and on-chain contract configuration.

Webacy code & contract risk

Automated code analysis, contract-level risk, and deployer reputation.

Want this data via API?

Every score, grade and signal on this page is available through the Webacy API — plug it straight into your own product.

View the API docs
DD.xyz
API's powered by AI for decisioning, diligence, and data for anything on-chain.
© 2026, Webacy Inc.
By using DD.xyz, you agree to our Terms of Service. The information provided is for informational purposes only and does not constitute financial, legal, or investment advice. Use at your own risk. See our Privacy Policy.