Risk Scoring Methodology

How We Score DeFi Risk

Every protocol on VaultMind receives a 1–100 composite risk score built from six independently weighted dimensions. No black boxes. No opaque models. Here's exactly how it works.

6
Risk Dimensions
1–100
Composite Score
150+
Protocols Scored
Daily
Score Updates
Overview
The Composite Score
A single number that distills protocol risk across security, liquidity, governance, oracle reliability, compliance, and operations.

Score Direction

Higher is safer. A score of 85 means the protocol exhibits strong risk controls across all six dimensions. A score of 30 flags material vulnerabilities requiring institutional caution. Scores are not rankings against peers — they are absolute assessments against defined criteria.

Score Frequency

Scores update daily using the latest on-chain data, governance activity, and oracle metrics. Significant events — exploits, governance attacks, large TVL outflows — trigger immediate score reviews outside the daily cycle.

Weighted Aggregation

Each dimension is scored 0–100 independently, then multiplied by its weight and summed to produce the composite. Weights reflect the relative contribution of each risk category to historical DeFi losses and institutional due diligence frameworks.

No Automatic Defaults

Missing data for a sub-signal does not default to zero (unfairly punishing new protocols) or maximum (falsely inflating scores). Missing signals are interpolated from comparable protocols in the same category, with a transparency flag in the score breakdown.

Category Weights at a Glance

Smart Contract Security
25%
Liquidity & Market Risk
25%
Governance
15%
Oracle Reliability
15%
Regulatory Compliance
10%
Operational Risk
10%
Risk Dimensions
The Six Categories
Each dimension is assessed independently before being combined into the composite score.
Smart Contract Security
25%
The largest single weight, reflecting that code exploits account for the majority of historical DeFi losses. We evaluate the full audit history — not just whether an audit exists, but who conducted it, when, whether findings were remediated, and the gap between current deployed code and the audited codebase. Active bug bounty programs signal ongoing security investment and are factored positively. Formal verification, immutable contracts, and time-locked upgrades all improve the sub-score.
Audit history Auditor reputation Finding remediation Bug bounty program Upgrade proxy risk Time-lock controls Formal verification Code age
Liquidity & Market Risk
25%
TVL depth, withdrawal velocity, and concentration risk determine whether a protocol can absorb redemption pressure without cascading failure. We track rolling 7-day and 30-day outflow patterns, the proportion of TVL held by the top 10 addresses, and whether liquidity pools show structural depth or are propped by temporary incentives. Stablecoin peg deviation history is also evaluated for relevant protocols.
TVL depth 7-day outflow rate 30-day outflow rate Top-10 concentration Incentive dependency Pool depth ratios Peg deviation history
Governance
15%
Governance failure is an underappreciated risk vector. Protocols with single-signer admin keys or token distributions dominated by one entity can be unilaterally changed without community consent. We score multisig structure (quorum, signer diversity, hardware wallet use), token distribution Gini coefficients, historical voter turnout, and the presence of time-locks on parameter changes. Active governance participation is a positive signal; silent token concentration is a material red flag.
Multisig structure Quorum requirements Token Gini coefficient Voter participation Time-lock on changes Admin key risk
Oracle Reliability
15%
Oracle manipulation is the second most common exploit vector after smart contract bugs. We assess whether protocols depend on a single oracle or maintain multi-source diversity (Chainlink, Pyth, Uniswap TWAPs), how frequently price feeds update, and whether the protocol employs circuit breakers that pause operations during anomalous price conditions. Historical manipulation events are flagged and permanently weigh down the sub-score.
Oracle diversity Feed update frequency Chainlink usage TWAP protections Circuit breakers Manipulation history
Regulatory Compliance
10%
Institutional allocators face regulatory obligations that DeFi protocols do not — yet. We track jurisdictional clarity (where is the team, what entity structure exists), OFAC sanctions exposure in the protocol's user base, enforcement actions and regulatory correspondence, and alignment with emerging frameworks like MiCA in the EU. Protocols operating with clear legal wrappers and proactive regulator engagement score higher. Anonymous teams with no legal structure are flagged accordingly.
Jurisdictional clarity Legal entity structure OFAC sanctions exposure Enforcement history MiCA alignment KYC/AML posture
Operational Risk
10%
Protocol resilience depends on the team behind it. We evaluate founding team track record (prior projects, exits, failures), incident response quality (did the team communicate clearly and act swiftly during past issues?), infrastructure uptime over trailing 90 days, and team size relative to protocol complexity. Teams that have navigated incidents well — not teams that have never faced one — demonstrate the operational maturity institutional allocators require.
Team track record Incident response history Uptime (90-day) Team size vs complexity Communication quality Key-person dependency
Dual-Track Scoring
Two Asset Classes. Two Frameworks.
Payment stablecoins and tokenized institutional products carry fundamentally different risk profiles. Applying a single framework to both produces meaningless scores — so we don't.
Payment Stablecoins

USDT, USDC, DAI & peers

Pegged currencies where depeg risk, collateral backing quality, and liquidation mechanics are the primary failure modes. Evaluated using the standard 6-category framework with smart contract security and liquidity/market risk carrying the highest weights.

USDT USDC DAI FRAX crvUSD LUSD
Tokenized Securities

BUIDL, FOBXX, OUSG & peers

Treasury-backed money market tokens where the underlying fund is 100% short-duration government securities. Depeg risk and collateral volatility are structurally irrelevant here — the relevant risks are custodial, legal, operational, and smart-contract tokenization risks. A separate scoring framework applies.

BlackRock BUIDL Franklin FOBXX Ondo OUSG Superstate USTB Hashnote USYC

Why Different Frameworks?

A Treasury-backed money market token like BlackRock's BUIDL holds 100% short-duration U.S. government securities in a regulated fund. Scoring it on "depeg risk" or "collateral volatility" — metrics designed for algorithmic and reserve-backed stablecoins — produces a misleading result. The actual risks are: who holds the assets in custody, what happens at redemption, how clean is the regulatory structure, and does the smart contract layer introduce new failure modes?

Institutional allocators evaluating tokenized T-bills alongside USDT need a framework that reflects this. A single score conflating both categories either unfairly penalizes institutional-grade products or obscures genuine stablecoin risks. We built two separate rubrics to serve allocators with the precision the asset class requires.

Tokenized Securities: Scoring Categories
Five categories replace the standard six. Depeg risk and collateral volatility signals are removed; custodian, fund structure, and redemption mechanics take priority.
Custodian & Counterparty Risk
30%
Replaces: Depeg Risk / Collateral Volatility
Who holds the underlying assets? Regulated custodians (BNY Mellon, State Street) with clear bankruptcy-remote structures score highest. Custody concentration, counterparty credit quality, and fund segregation are evaluated. A tokenized product is only as safe as the institution behind it.
Custodian identity & tier Bankruptcy remoteness Custodian credit rating Asset segregation
Regulatory Clarity & Fund Structure
25%
Replaces: Governance
Is this a registered investment vehicle (40 Act, UCITS, Cayman SPC)? Which jurisdiction governs the fund, and is there a clear legal opinion on token holder rights? Unregistered structures with vague legal wrappers represent material institutional risk regardless of the underlying asset quality.
Fund registration type Governing jurisdiction Token holder rights Legal opinion quality Regulatory approvals
Redemption Mechanics & Liquidity
20%
Replaces: Liquidity & Market Risk
Can holders redeem at NAV, and on what timeline? T+0 on-chain vs. T+1 traditional redemption windows matter for institutional cash management. We evaluate minimum redemption amounts, eligible investor requirements, and whether secondary market liquidity exists to exit without waiting for fund redemption cycles.
Redemption window NAV parity guarantee Minimum redemption size Secondary market depth Eligible investor gate
Smart Contract & Tokenization Risk
15%
Carries over from standard framework
The tokenization layer introduces code risk even when the underlying fund is pristine. Transfer restrictions, minting/burning controls, admin key risks, and the audit history of the token contract are evaluated. A sound T-bill fund running on an unaudited smart contract is still a security risk.
Token contract audits Admin key controls Transfer restriction logic Mint/burn authorization Upgrade proxy risk
Operational Track Record
10%
Combines Operational Risk + Oracle Reliability from standard framework
How long has the product been live, and what is the issuer's institutional pedigree? A tokenized fund from a T1 asset manager with $10B+ AUM and a three-year track record scores very differently from a first-time issuer six months into operation. Incident history, NAV reporting frequency, and investor communication quality round out the assessment.
Issuer AUM & pedigree Product track record NAV reporting frequency Investor communication quality Incident history Third-party fund admin
Competitive moat: VaultMind is the only platform that distinguishes between tokenized securities and payment stablecoins in risk scoring. Applying a generic stablecoin rubric to BlackRock BUIDL misrepresents both the risks and the institutional-grade controls in place. Our dual-track approach reflects how sophisticated allocators actually evaluate these assets.
Score Interpretation
Grade Bands
Composite scores map to three institutional grade bands. These align with common risk committee thresholds used by family offices and fund allocators.
A
75 – 100
Institutional Grade
Strong controls across all dimensions. Suitable for inclusion in institutional portfolios with standard due diligence. Ongoing monitoring required but no material flags present.
B
55 – 74
Monitored Exposure
Acceptable for limited, monitored exposure. One or more dimensions show elevated risk requiring active review. Position sizing and liquidity limits recommended.
C
Below 55
High Risk
Material vulnerabilities present. Institutional exposure not recommended without bespoke analysis. Often reflects early-stage protocols, recent exploits, or governance failures.
Dependency Analysis
Composability Risk
DeFi protocols rarely operate in isolation. Dependencies change the risk profile.

How Dependency Chains Affect Scores

A protocol with a strong standalone score of 80 may depend on a lending layer scoring 45 for its core functionality. In this scenario, the dependency risk propagates upward. VaultMind models up to three levels of composability depth — identifying which protocols a given protocol relies on for liquidity, collateral, price feeds, or settlement.

The composability-adjusted score is displayed alongside the standalone score in the VaultMind dashboard. For protocols with deep dependency chains, the adjusted score can differ materially from the standalone figure — a gap that is invisible in competitors' scoring frameworks.

We also flag "single point of failure" dependencies: cases where more than 40% of a protocol's functionality would break if one dependency failed. These are flagged as critical in the protocol risk breakdown.

Example: A yield aggregator routing through three AMMs and a lending protocol inherits risk from all four. If the lowest-scoring dependency scores 38, that floor is reflected in the aggregator's composability-adjusted score — regardless of how well the aggregator's own contracts score.
Data Infrastructure
Data Sources
Scores are derived from public on-chain data, curated off-chain sources, and continuously refreshed feeds. No proprietary black-box data.
DefiLlama
TVL history, protocol rankings, chain breakdowns, yield data.
Liquidity
On-Chain Data
Token holder distributions, transaction volumes, multisig activity, upgrade events.
Governance · Security
Governance Forums
Snapshot votes, Tally proposals, forum participation rates and quorum history.
Governance
Chainlink / Pyth
Oracle feed availability, update frequency, historical deviation events.
Oracle
Audit Reports
Published audit PDFs from Trail of Bits, OpenZeppelin, Certik, Spearbit, and others.
Security
Incident Databases
Rekt.news, DeFiHacks, and community incident post-mortems for exploit history.
Security · Ops
Regulatory Filings
SEC, FINRA, ESMA enforcement actions, FinCEN notices, OFAC designation checks.
Compliance
Team Signals
GitHub commit history, team LinkedIn verification, prior project outcomes.
Operational
Uptime Monitors
Protocol RPC endpoint availability, front-end uptime, API responsiveness metrics.
Operational

See the Scores in Action

150+ protocols scored and updated daily. Full breakdown by category, composability-adjusted scores, and institutional grade bands.

Open Dashboard View Pricing