Smart Contract Custody

Introduction

The Smart Contract Custody Sub-Methodology evaluates the risks associated with tokens that rely on smart contract-based custody solutions. Operating within the Sub-Methodology Layer of the Token Rating Framework, it leverages historical exploit data, empirical research, and operational risk factors to produce a probability of default (PD). The PD outputs from this methodology layer serve as inputs for subsequent methodology layers.

Key Sections

Below is an overview of the core sections covered in the methodology document:

1. Anchor PD Determination

   • Network Protocol PD: Baseline measure that reflects the likelihood that a protocol on a specific blockchain will experience an exploit, derived from historical exploit rates, realized loss rates, and DeFi TVL.
   • Adjusted Network Protocol PD: Amplifiers are applied to account for bridge risks and oracle risks.
   • Slashing Risk: Considers the risk of slashing informed by historical Ethereum network slashing statistics.

2. Risk Calibration Multipliers: Refines the Anchor PD by considering additional factors.

   • Audit Quality: Adjusts Anchor PD based on the number of audits and the presence of bug bounty programs.
   • Smart Contract Maturity: Adjusts Anchor PD based on operational track-record.
   • Recent Incidents: Increases the Anchor PD by one-notch for protocols that have experienced a security incident in the last six months.

3. Final Output: Incorporates all adjustments to produce a PD and rating.

   • High-risk contracts with dependencies on bridges or oracles and a low number of audits result in elevated PD outputs, while mature, audited contracts with minimal dependencies achieve lower PD outputs.

4. Framework Integration: Outputs form the foundation of the Calibration Layer evaluation.

Access the Full Documentation

You can view the complete Smart Contract Custody Sub-Methodology on GitBook.

Share Your Feedback

Your feedback is critical to improving Credora methodologies, driving a more efficient DeFi ecosystem. Here’s how you can best engage the community:

1. Provide General Feedback: Share your comments, suggestions, or questions in the replies below.
2. Propose Specific Improvements: If you have a clear and structured recommendation for improving the methodology, please submit it using the Methodology Proposal Template. This ensures we can evaluate and implement your suggestions effectively.
3. Ask Questions: Feel free to ask about any section of the methodology or its applications.

Thank you for contributing! Together we can set a new standard in risk analysis.

Screenshot 2025-02-11 at 13.22.131596×1000 103 KB

Is the formula at the bottom of the attached screenshot correct?

Taken from here

Hey @bobzedf!

Thanks for your question.

We use a probability union formula, where we sum each independent probability (adjusted network protocol PD, slashing risk) and subtract the probability of simultaneous occurrence. The rationale in this case is the probability of smart contract exploit and probability of slashing are independent variables, so the formula subtracts their intersection probability to avoid overestimation due to double counting.

Pls let us know if that does not adequately answer your question!