Modifiers
Reserve Management
Evaluates the operational competence and track record of the institution or individuals managing productive assets. Applies only where reserves are actively managed or yield-generating.
Manager tenure serves as a second-order proxy for operational and governance maturity, combined with institutional track record, transparency of investment decisions, and conflict-of-interest structure.
| Tier | Reasoning | Evidence |
|---|---|---|
| 20+ years of institutional tenure | Multi-cycle-seasoned operations: established enterprise risk management, demonstrated survival through historical dislocations, and institutional memory that absorbs operational shocks without preventable failure. | Examples: BlackRock (founded 1988, $11T AUM), State Street (founded 1792, $4T AUM), Fidelity (founded 1946, $5T AUM) — managers running tokenized fund reserves through multiple complete cycles. FSB and BIS guidance reference long-tenured managers as the institutional standard for reserve-backed liabilities. |
| 2 to 20 years of tenure | Past the highest-risk early period and has accumulated meaningful operational track record, though has not demonstrated full-cycle strategic resilience or proven controls durability across all stress regimes. | Newer institutional managers with material AUM but limited cycle exposure. Meets minimum FSB expectations for stablecoin reserve managers. |
| Under 2 years of tenure | Insufficient time to demonstrate adversity management, controls durability, or conflict-of-interest discipline. | Recent issuer-affiliated manager arrangements have raised reserve-quality concerns. Stream Finance's $93M loss in November 2025 to an undisclosed external manager illustrates the operational fragility of short-tenured arrangements. |
Regulatory Cover
Assesses the scope and relevance of licenses held by the issuing entity, alongside bankruptcy remoteness for both the issuer and custodian structures.
The methodology distinguishes generic Virtual Asset Service Provider (VASP) registration from stablecoin-specific prudential regimes. The strongest tier requires a recognized stablecoin-specific framework (GENIUS Act, MiCA Asset-Referenced or E-Money Token regimes, MAS Stablecoin Issuer regulation) combined with bankruptcy-remote legal structuring. A regulatory arbitrage flag downgrades assets that nominally comply with a favorable jurisdiction's framework while maintaining material operational exposure elsewhere.
| Tier | Reasoning | Evidence |
|---|---|---|
| Stablecoin-specific regime with bankruptcy remoteness | Reserve-specific prudential supervision directly regulates reserve composition, redemption obligation, segregation, and attestation. Combined with legal structures that place reserves outside the issuer's insolvency estate, this provides the strongest available protection for both day-to-day discipline and tail-stress recoverability. | MAS Stablecoin Issuer Regulation (2023), MiCA Asset-Referenced and E-Money Token regimes (2024), and the US GENIUS Act (2025) impose specific requirements on reserve composition, redemption-at-par, attestation cadence, and bankruptcy treatment. PYUSD operates under NYDFS Trust Company regulation; USDC under MiCA EMT registration. |
| General VASP or payment license only | Provides operational legitimacy and some supervisory discipline but does not typically regulate the core stablecoin mechanics — reserve composition, redemption obligation, or segregation standards. Bankruptcy remoteness is not automatic. | Generic licensing under FATF (Financial Action Task Force) VASP frameworks or state-level money-transmitter regimes places no specific requirements on reserve composition or redemption. Multiple historical issuers operated under such regimes while maintaining weak reserve controls (BUSD before NYDFS oversight, FDUSD pre-FDT crisis). |
| Undisclosed or unregulated | Absence of formal supervision is treated as worst case because legal opacity itself constitutes structural risk: enforcement pathways, insolvency handling, and reserve claims are all uncertain. | Cred (2020), Voyager (2022), and Prime Trust (2023) all involved customer-asset commingling and contested ownership in the absence of reserve-specific oversight. Loss recovery in insolvency was materially weaker than for regulated equivalents. |
User Rights
Examines the clarity and enforceability of redemption terms, asset segregation provisions, and the recognition of beneficial ownership within the issuer's documentation.
Three sub-components are scored independently: redemption rights (explicit and time-bound, discretionary, or undisclosed), asset segregation (legally segregated, commingled, or unknown), and beneficial ownership (user as beneficial owner, ambiguous, or issuer as owner). A structural haircut applies to stated collateralization where asset segregation is unclear or undisclosed; this haircut flows directly into the Collateralization assessment.
| Tier | Reasoning | Evidence |
|---|---|---|
| Clear redemption, segregated reserves, user as beneficial owner | Documented redemption rights, legally-segregated reserves, and beneficial ownership through a trust or equivalent structure together provide enforceable claims senior to general creditors and ring-fence reserves from issuer insolvency. | Matches MiCA Article 39's prompt-redemption-at-par requirement and customer-asset segregation rules in traditional finance (SEC Rule 15c3-3 and equivalents). Ondo USDY's published trust structure (BVI issuer + Delaware bankruptcy-remote asset holder) is the gold standard. |
| Discretionary or partially disclosed terms | Some rights are documented but contain discretionary suspension clauses, operational barriers, or partial protections; legal certainty exists on some dimensions while ambiguity persists on others. | Many issuers' Terms of Service explicitly allow redemptions to be postponed or refused during stress (historical Tether ToS), and large minimum redemption sizes effectively close direct redemption to retail holders. FDUSD's April 2025 run was amplified by retail inability to redeem directly. |
| Terms undisclosed or unenforceable | Treated as worst case because the burden of proof sits with the issuer. Treating "undisclosed" as neutral would create a perverse incentive to publish less rather than more. | Prime Trust (2023) and Mt. Gox (2014) demonstrate that undisclosed customer-asset language leads to commingling and contested ownership in insolvency, with severe impact on user recovery. CFTC v. Tether (2021) demonstrated the cost of opaque reserve language. |
Collateralization
Measures total reserve coverage, including any dedicated insurance vehicles, relative to outstanding token supply. For Alternative Asset and Active Strategy Stablecoins, collateralization is assessed within the Asset Quality framework via Monte Carlo or Black-Cox modeling.
Coverage is scored on a non-linear curve. Sub-80% coverage carries a steep, accelerating penalty because the failure mode is a reflexive bank run, not gradual deterioration. Coverage near 100% is the baseline expectation; over-collateralization above approximately 120% earns a positive adjustment. A Haircut-Adjusted Collateralization Ratio reflects asset-quality discounts on the reserve composition, and the User Rights segregation haircut compounds with it.
| Tier | Reasoning | Evidence |
|---|---|---|
| Sub-80% (insolvency zone) | Mathematical insolvency under any realistic stress: even modest asset drawdowns make full recovery implausible without external capital, and visible undercollateralization triggers self-reinforcing run dynamics rather than orderly price discovery. | UST/LUNA collapsed from approximately $18B market cap to near zero within 72 hours of peg visibility erosion in May 2022. Iron Finance demonstrated the same reflexive dynamic at a 75% partial-backing threshold in June 2021. IRON stablecoin produced an identical pattern. |
| 80% to 95% (fragility zone) | Technically solvent at a point in time but structurally precarious; stated solvency depends entirely on no asset drawdown occurring before reserves can be replenished, and modest stress pushes the protocol into the insolvency zone. | The 2021 NYAG investigation revealed Tether held approximately 49% in unspecified cash equivalents during portions of 2017–2018. S&P's November 2025 USDT assessment cited a 3.9% overcollateralization margin against approximately 5.6% BTC reserve exposure — a single 30% BTC drawdown would consume the entire buffer. |
| 95% to 105% (baseline) | Marginal coverage: par is not a safe state because it is the minimum condition for solvency before accounting for real-world frictions — liquidation costs, mark-to-market noise, haircut-adjusted asset quality. | Parity coverage is the institutional standard reflected in FSB and Basel framework expectations that liabilities are fully matched by reserves. USDC and PYUSD operate at or near this band. |
| 105% to 120% (resilient) | Meaningful buffer that can absorb modest haircuts and frictions without falling below par. Rewards are intentionally bounded because overcollateralization eliminates one failure mode but operational, governance, and legal risks remain. | Aligned with Basel-style stress testing tolerances. USDS (Sky), crvUSD, and LUSD operate at or above this band. |
| Over 120% (over-collateralized) | Substantial buffer calibrated to absorb underlying asset volatility, appropriate for backings whose price movements require explicit volatility cushion. Reward is capped to preserve the asymmetry between binary downside and bounded upside. | Minimum collateralization ratios in algorithmic CDP designs (typically at or above 110%) are set above parity to absorb collateral drawdowns under stress. Performance through the 2018, 2020, and 2022 stress events supports the buffer's effectiveness. Liquity LUSD's 110% MCR plus 150% Total Collateral Ratio Recovery Mode is canonical. |
Reserves Transparency
Evaluates the mechanisms by which reserve adequacy is demonstrated, including on-chain verification, audit attestations, and third-party assurance.
Reserve evidence is ranked along three dimensions: verifiability (can a third party independently confirm the claim), timeliness (how stale is the evidence), and independence (does the evidence originate outside the issuer). Independent audit is the institutional baseline.
| Tier | Reasoning | Evidence |
|---|---|---|
| On-chain Proof of Reserves | Real-time, public, third-party-verifiable visibility of reserve composition combined with cryptographic proof of asset existence and operational controls. Capped because on-chain visibility proves asset existence, not solvency, legal segregation, or enforceable redemption. | BIS research (2023) on on-chain attestation mechanisms; Accountable, LlamaRisk, Chainlink Proof of Reserve frameworks deployed by select tokenized fund wrappers; Securitize's DS Protocol attestation layer. |
| Independent audit (Big Four or equivalent) | Reasonable assurance from an independent auditor on fairly-presented financials is the highest assurance level short of continuous monitoring, and is now embedded as a regulatory floor rather than an aspirational benchmark. | Minimum regulatory expectation under MiCA Article 35–37 and the US GENIUS Act. Big Four providers (Deloitte, EY, KPMG, PwC) and select mid-tier firms (BDO, Grant Thornton) are the typical providers. |
| Third-party assurance (attestation, agreed-upon procedures) | Materially weaker than audit: review provides moderate assurance via inquiries and analytics without controls testing, and agreed-upon-procedures reports issue no opinion at all. The penalty is modest only if reports are regular, public, and standards-based. | Tether's quarterly BDO attestations are the most prominent example: they confirm reserve balances at a point in time but do not test the surrounding controls. Circle used agreed-upon-procedures reports prior to its full audit transition. |
| No third-party reporting | Foundational control failure: independent verification disappears, hidden insolvency becomes possible, and confidence can evaporate within hours because there is no circuit-breaker between perception and reality. | CFTC v. Tether (2021) showed that opaque reserves create discontinuous downside. Stream Finance's November 2025 $93M loss to an undisclosed off-chain manager was undetected until the issuer's disclosure days after on-chain anomalies first appeared. |
Peg Track Record
Evaluates the token's historical performance in maintaining its intended peg, incorporating quantitative measures of volatility, deviation frequency, and drawdown severity relative to the reference asset.
A two-axis matrix combines annualised peg volatility (daily log return standard deviation × √365) with downward deviation frequency (percent of days trading below a defined threshold). The matrix produces four bands. Partial-data penalties apply to assets with less than 365 days of price history or below a minimum daily volume threshold.
| Tier | Reasoning | Evidence |
|---|---|---|
| Low volatility, rare deviations | Sustained arbitrage-enforced peg maintenance across a full observation window that included at least one significant market stress event. Reward is bounded because good peg maintenance is the expected behavior, not exceptional. | Mature stablecoins observed through the 2022, 2023, and 2024 stress events anchor the upper band. USDC's recovery following its March 2023 SVB exposure event — depegged to approximately $0.87 and fully restored within 72 hours — demonstrated fast, complete recovery from a discrete shock. |
| Low volatility, occasional deviations | Broad peg stability with observable but contained dislocations: the structural backstop functioned during discrete shocks even though the peg was briefly tested. | Reflects normal arbitrage friction in liquid markets. stETH and major fiat-backed stablecoins outside stress periods exhibit this pattern. Mid-2024 to mid-2025 baseline behavior for major LSTs anchors this band. |
| Moderate volatility, recurring deviations | Systematic peg fragility under normal market conditions: continuous noise combined with elevated deviation frequency indicates that arbitrage mechanisms or redemption paths are not fully closing dislocations, even absent acute stress. | Common in early-deployment LSTs and structurally newer stablecoins. Newer LRT protocols in their first 6–12 months exhibit this pattern. |
| High volatility, frequent or severe deviations | Demonstrated repeated failure of the peg mechanism to perform its core function; price history reveals either fundamental fragility or recurring stress that the structural backstops have not arrested. | UST's May 2022 catastrophic depeg (-99% in 5 days), multiple algorithmic stablecoin failures throughout 2021–2022, Stream Finance's xUSD depeg to $0.26 (November 2025), and Resolv USR's depeg to $0.27 (March 2026) anchor the worst tier. |
Market Adoption
Analyzes market capitalization relative to leading peers in the same category, serving as a proxy for market confidence and the issuer's incentive to address material deficiencies.
Scoring divides the protocol's market cap by the category median (not the maximum), with assets grouped into peer categories — Stable–Base, Stable–Alt, LST, LRT, and Wrapped. The asymmetric range reflects market cap's nature as a noisy proxy: it can confirm absence of obvious risk but cannot substitute for direct evaluation of reserve quality, governance, or legal structure.
| Tier | Market Size vs. Peers (% of median) | Reasoning | Evidence |
|---|---|---|---|
| Category leader | 25% to 100%+ | Convergence of liquidity depth (thicker secondary markets, tighter spreads, larger natural arbitrageur base), continuous regulatory and analyst scrutiny that forces institutional-grade standards, and revealed preference of due-diligence-driven counterparties — all structurally risk-reducing. | Top-quintile protocols within each category historically show lower rates of critical security incidents per dollar deployed than the bottom quartile (Halborn 2023, CertiK 2024). USDC absorbed approximately $3B in net redemptions over 72 hours following the SVB collapse without structural failure. |
| Established baseline | 10% to 25% | Sufficient scale to demonstrate operational viability, attract institutional integrations, and maintain meaningful liquidity depth under normal conditions. | Examples: LUSD, FRAX, PYUSD in stablecoin categories; rETH, swETH in LSTs. |
| Transitional | 5% to 10% | Real, functional protocol with material market presence, but adoption level has not been tested against a category-wide stress event. | Examples: newer LRT protocols, recently-launched RWA wrappers in the 12–18 months following launch. |
| Fragility zone | Sub-5% of category median | Convergence of three risk factors at small relative scale: liquidity fragility (thin secondary markets amplify exits into runs), operational resource constraints (limited budget for audits, incident response, controls), and counterparty concentration. | Iron Finance held $2B at peak but its collateral base was structurally thin. Small relative scale within a category produces thin secondary-market depth and weak arbitrage support, amplifying losses under redemption pressure. Mai Finance and various pre-2022 algorithmic stablecoins demonstrated this dynamic. |
Governance
Reviews the structures and controls governing protocol upgrades, token issuance, and parameter changes. The assessment is decomposed into four dimensions covering who can change the protocol, who can issue tokens, how privileged roles are composed and disclosed, and how much time elapses between approval and execution of critical actions.
Contract Upgradability Permissions
Evaluates who holds the authority to change deployed contract code. Upgrade authority is the protocol's root authority, so the concentration and transparency of upgrade rights is the primary input.
| Tier | Reasoning | Evidence |
|---|---|---|
| Single signer or undisclosed proxy admin | Upgrade authority is the protocol's root authority — anyone with upgrade rights can rewrite contracts to grant themselves any other privilege. A single signer or undisclosed proxy admin is worst-case because every other control can be bypassed through it. | Radiant Capital (October 2024, $53M) was drained via a malicious ownership transfer through an upgrade path with no timelock. Ankr's deployer EOA (December 2022) pushed a malicious mint implementation through unchecked upgrade authority. |
| Multisig with modest threshold and limited transparency | A multisig distributes the compromise surface across multiple keys, so no single holder can unilaterally rewrite the protocol. Modest thresholds and limited transparency leave residual concentration risk and impede external verification of true signer independence. | Modal configuration across mid-tier DeFi protocols. Compound v3 and Aave V3 operate at this tier with multisig-controlled upgrade authority and 24–48h timelock, providing meaningful but not maximal protection. |
| High-quorum multisig with verified signers and tightly scoped upgrade path, or immutable contracts | A high-quorum multisig with verified, independent signers and a tightly-scoped upgrade path narrows the compromise surface to a level requiring broad collusion; immutable contracts eliminate the attack surface entirely. | Arbitrum's Security Council 9-of-12 multisig with a 13-day timelock anchors the top multisig tier; immutable contracts (Liquity, Uniswap V2) remove the upgrade attack surface entirely. |
Mint Authority Permissions
Evaluates who can issue new tokens and under what constraints. The number of independent parties required to authorize issuance, and whether issuance is constrained at the contract level, are the primary inputs.
| Tier | Reasoning | Evidence |
|---|---|---|
| Single signer or undisclosed | One key with mint authority can issue any quantity without external constraint; what matters is how many independent humans must agree, and one equals worst case. | Nine documented compromised-key minting incidents (Ronin, Harmony, Multichain, Heco, Orbit, Resolv, Ankr, PAID, ALEX) account for approximately $1.43B in realized losses. Resolv (March 2026) confirmed that hardware-protected keys produce the same loss profile as plaintext EOAs when on-chain controls are absent. |
| Bounded multisig (signer count, threshold, timelock as sub-factors) | A bounded multisig distributes mint authority across multiple keys with an explicit threshold and timelock, so unauthorized issuance requires collusion or compromise of several independent signers within the delay window. Signer count, threshold, and timelock duration are scored as sub-factors. | Paxos PYUSD, Circle USDC issuance multisigs, and Aave GHO Stewards 3-of-4 multisig operate at this tier. The compromised-key incident record shows loss severity scaling inversely with the number of independent signers required to authorize issuance. |
| Fully algorithmic mint logic gated by on-chain collateral | Algorithmic mint gated by on-chain collateral constrains supply at the contract level, so even complete key compromise cannot produce unauthorized issuance. | Algorithmic mint architectures (Liquity, MakerDAO Vaults, Lido stETH, Rocket Pool rETH) have not produced a mint-role incident across multi-year exposure. |
Signer Composition, Role Documentation, and On-Chain Verifiability
Evaluates whether privileged roles are independently composed and externally verifiable. A nominal threshold carries information only if signer independence and role assignment can be confirmed by an outside observer.
| Tier | Reasoning | Evidence |
|---|---|---|
| Unclear | A nominal multisig threshold cannot be relied upon without verified signer independence. Opaque role management turns offboarding failures and unrevoked access into persistent attack vectors. | Ronin's 5-of-9 was functionally controlled by Sky Mavis ($625M loss); Orbit Chain's 7-of-10 was defeated by a former CISO relaxing firewalls ($81.5M loss); Multichain's self-described MPC was administered by a single principal ($126M loss). |
| Clear | Clear documentation with named roles, on-chain verifiable access control, published multisig addresses, and verifiable signer composition allows an external observer to assess the actual concentration of control. | MakerDAO governance multisigs, the Lido validator set, and Aave Stewards publish named roles and on-chain-verifiable access control. |
Timelock Duration on Critical Actions (Upgrades and Mint)
Evaluates the delay between approval and execution of upgrades and mint actions, and whether that delay is actively monitored. The timelock is the user's exit window before contested actions occur.
| Tier | Reasoning | Evidence |
|---|---|---|
| No timelock, or bypassable via emergency execution path | A timelock is the user's exit window before contested actions occur. No or short timelock, or one bypassable through an emergency execution path, means a compromised or malicious action becomes immediate and irreversible. | Radiant Capital's October 2024 exploit ($53M) executed instantly because there was no timelock on transferOwnership. Ankr's deployer EOA similarly pushed a malicious mint implementation with no upgrade delay. Beanstalk's emergencyCommit (24h seasoning) was bypassed by a flash-loaned supermajority vote in April 2022 ($182M). |
| 1 to 72 hours | A meaningful delay creates a response window between approval and execution, but its protective value is conditional on the proposal queue actually being monitored; the delay alone does not guarantee detection. | Moonwell (March 2026) showed that a 48-hour timelock provided no protection because no one monitored the proposal queue — an attacker spent approximately $1,800 on MFAM tokens to push a near-fatal proposal. |
| 72+ hours with active monitoring and community visibility | A long delay combined with active monitoring of the proposal queue and community visibility ensures the community has both the time and the information to detect and respond to contested actions before they execute. | Arbitrum's Security Council 13-day delay with verifiable on-chain proposal visibility anchors the top tier. |
Operational Security
Evaluates whether the protocol's infrastructure can absorb real failures under adverse conditions. The cluster comprises seven sub-metrics — Incident Playbook, Privilege Scope, Privilege Constraints, Key Custody Environment, Circuit Breaker Sophistication, Redemption Risk, and Loss Absorption Capacity — each scored on a three-tier rubric and combined into a cluster-level assessment.
Incident Playbook
Evaluates whether the protocol has a defined, rehearsed process for detecting and responding to a compromise. The existence and maturity of pre-agreed response procedures is the primary input.
| Tier | Reasoning | Evidence |
|---|---|---|
| No compromise plan | Protocols that discover their incident response process at the moment they need it consistently produce worse outcomes; the response window is consumed by ad-hoc coordination while losses accumulate. | Stream Finance (November 2025) and Resolv (March 2026) announced asset losses days after on-chain anomalies were first visible to third-party monitors. |
| Mechanisms exist with ad-hoc response | Some response capability is in place, but absent defined triggers, escalation paths, and rehearsal, coordination is improvised under pressure and the containment window is partially consumed by figuring out who does what. | KyberSwap (November 2023, $48M) is illustrative: the team had a pause function and used it, but response was uncoordinated and recovery (~60% via treasury grant) was partial — the modal outcome for protocols without a rehearsed playbook. |
| Documented, tested incident runbook | A documented and rehearsed playbook — defined detection triggers, pre-agreed escalation paths, signer rotation procedures, and rehearsed simulations — enables coordinated response within the narrow window during which incidents can be contained. | The December 2023 Ledger Connect Kit attack produced a coordinated three-hour response across Sushi, Lido, MetaMask, and Coinbase, only possible because procedures existed and personnel knew their roles. |
Privilege Scope
Evaluates the blast radius of a single privileged-key compromise. The breadth of powers attached to privileged roles, and whether they include custodial reach over user funds, is the primary input.
| Tier | Reasoning | Evidence |
|---|---|---|
| Full centralized control | The damage from any single key compromise is bounded by what that key's scope permits. Combined pause, mint, freeze, seize, redirect, and upgrade authority means the blast radius of a single compromise is total. | 80.5% of stolen DeFi funds in 2024 came from compromised accounts and off-chain attacks. USDC's five privileged roles (pauser, blacklister, masterMinter, owner, proxyOwner) combine pause + freeze/seize + mint + upgrade authority and anchor the worst tier. |
| Broad operational controls without seizure | Separating operational from custodial powers materially lowers the loss profile: a compromise of broad operational authority can disrupt the protocol but cannot directly seize or redirect user assets. | The StablR exploit (May 2026, $10.4M in unbacked EURR and USDR minting) illustrates the residual exposure — broad mint scope turned a single contract compromise into an asset-wide depeg even without direct seizure authority. |
| Narrow, non-custodial powers | Narrow, non-custodial powers mean that full compromise of every privileged role cannot directly impair user funds. | GMX V2's isolated-market design, where privileged powers are scoped away from custody of user assets, anchors the best tier. |
Privilege Constraints
Evaluates how easily privileged actions can be executed and how much time the community has to respond. Quorum thresholds, timelock durations on non-upgrade/non-mint actions, and active monitoring are the primary inputs.
| Tier | Reasoning | Evidence |
|---|---|---|
| Weak quorum and minimal timelocks | Quorum thresholds and timelock durations determine how easily privileged actions can occur and how much time the community has to detect and respond. Weak settings mean privileged actions execute essentially on demand. | Beanstalk's emergencyCommit ($182M) bypassed timelocks entirely for supermajority proposals, demonstrating how weak constraints collapse the response window to zero. |
| Moderate quorum and partial timelocks | Moderate quorum and partial timelock coverage raise the bar for privileged execution but leave gaps — either in the threshold required or in which actions are delayed — and offer no protection where the proposal queue is unmonitored. | Moonwell (March 2026) showed that a 48-hour timelock provided no protection because no one monitored the proposal queue. |
| Strong quorum, meaningful timelocks, community veto | Strong settings — high quorum, meaningful timelocks on non-upgrade non-mint privileged actions, public visibility of pending actions, and active monitoring — convert privileged execution from a top-down to a contestable process. | Lido's dual-governance structure, where on-chain actions entering execution can be challenged by stakeholders who trigger dynamic delay mechanisms, anchors the best tier. |
Key Custody Environment
Evaluates how the keys controlling privileged roles are stored and whether a single point of failure exists. The cryptographic and operational protection around private keys is the primary input.
| Tier | Reasoning | Evidence |
|---|---|---|
| Software or undisclosed custody | Software-resident keys are extractable by malware or server breach; the cryptographic protocol provides no defense against extraction. | Eleven documented key custody failures total approximately $1.44B in losses. Ronin (Mar 2022, $625M, plaintext keys on operator servers), Harmony (Jun 2022, $100M, plaintext keys), and StakeDAO (May 2026, vsdCRV reconfigured via compromised deployer key) anchor this tier. |
| Hardware-protected custody | Hardware-protected keys are held in tamper-resistant chips that do not release them in plaintext, but a complete key still exists somewhere and remains a single point of failure if the device or its operator is compromised. | Resolv (March 2026) confirmed that hardware-protected keys produce the same loss profile as plaintext EOAs when on-chain controls are absent — the device protects the key, not the authority it holds. |
| True MPC with verified operator diversity | True MPC removes the single point of failure entirely by distributing shares across independent operators across organizations and jurisdictions, with operator diversity verified externally. | Multichain (Jul 2023, $126M) shows the failure mode of nominal MPC: its centrally-administered MPC was effectively a single point of control, underscoring why external verification of operator diversity is required for the top tier. |
Circuit Breaker Sophistication
Evaluates how quickly and reliably the protocol can halt fund-touching activity during an attack. Detection-to-halt latency, scope coverage, and separation of pauser authority from upgrade authority are the primary inputs.
| Tier | Reasoning | Evidence |
|---|---|---|
| Manual, poorly scoped pause | An attack can complete in seconds; a manual pause typically takes minutes-to-hours to assemble, and if the pauser and admin keys are co-located, the same compromise that triggers the need for a circuit breaker can disable it. | Twenty-six documented circuit breaker failures (2016–April 2026) total approximately $3.5B in net realized losses. Drift (April 2026, $285M drained over two hours) and Kelp DAO (April 2026, $292M out before the 46-minute manual pause) anchor the latency failure mode. |
| Semi-automated with partial scope | Partial automation reduces latency but incomplete scope leaves fund-touching surfaces uncovered; a pause that cannot reach the exploited contract produces false security. | Wrong-scope pause anchors this failure mode: Curve's emergency DAO (July 2023) was unable to pause Vyper pools, and Balancer V2 had expired pause windows. |
| Fully automated, on-chain invariant-triggered | Autonomous on-chain triggers fire within a block on coded conditions, collapsing detection-to-halt latency. Pause scope must cover the actual fund-touching surface, and pauser authority must be separate from upgrade authority. | ERC-7265 implementations, Chainlink CCIP Risk Management Network, and Sui validator-level freeze (Cetus May 2025, which captured $162M of $223M) anchor the top tier. |
Redemption Risk
Evaluates the reliability of user exits under stress. Withdrawal predictability, unbonding behavior through dislocations, and whether any actor can unilaterally pause withdrawals are the primary inputs. The top tier is capped at middle whenever a privileged actor can discretionarily pause withdrawals.
| Tier | Reasoning | Evidence |
|---|---|---|
| Frequent freezes or unreliable exits | The redemption commitment is the load-bearing user right of any reserve-backed token. Repeated withdrawal pauses or extended halts mean users cannot predict exit reliability. | Stream Finance's November 2025 xUSD depeg to roughly $0.26 followed an immediate withdrawal suspension after the disclosed $93M external manager loss. FTX's November 2022 terminal halt and BUSD's February 2023 regulator-forced halt anchor this tier. |
| Queued or occasional delays | Moderate unbonding periods that have experienced contained dislocations sit in the middle band; exits remain available but are subject to queues or delays under stress. The top tier is capped here whenever any privileged actor can unilaterally pause withdrawals. | Lido pre-Shapella allowed only secondary-market exits during the June 2022 Three Arrows / Celsius unwind, illustrating queued-exit behavior through a dislocation. |
| Fast, reliable under stress | Short, contract-enforced exits consistently processed through stress events anchor the top tier, with discretionary-pause capability separating architectural reliability from contestable reliability. | USDC's March 2023 SVB recovery — absorbing approximately $3B in net redemptions over 72 hours — anchors the top tier. |
Loss Absorption Capacity
Evaluates whether an explicit, liquid backstop exists and how it is activated. The size, transparency, and activation mechanism of the backstop are the primary inputs; the top tier requires autonomous on-chain trigger rules rather than governance-vote activation.
| Tier | Reasoning | Evidence |
|---|---|---|
| No meaningful backstop | A protocol with no meaningful backstop transmits losses directly to downstream holders with no recovery mechanism. | The Resolv RLP impairment (March 2026) demonstrates how absence of a meaningful backstop transmits losses directly to holders — RLP price reset to 0.71 USDC, with no recovery mechanism. |
| Limited cover, or governance-vote activation | A backstop with no autonomous trigger relies on a governance vote to activate, introducing latency precisely when speed matters. Named backstops that depend on governance-vote activation sit in the middle band even when adequately sized, because the activation path is the binding constraint. | Aave's legacy Safety Module was never triggered despite multiple bad-debt events because political incentives blocked slashing — the governance-vote activation path was the binding constraint. |
| Large transparent safety module with autonomous trigger | An explicit, on-chain, liquid backstop sized for tail-risk absorption with autonomous on-chain trigger rules fires mechanically when conditions breach the threshold, eliminating both the activation delay and the political pressure to delay. | Aave's Umbrella redesign (2025) replaced governance-vote activation with automatic slashing once bad debt exceeds a preset threshold, anchoring the top tier. |