The financial system is moving on-chain. Not hypothetically, not eventually, it’s now. Banks are issuing tokenized bonds. Asset managers are running treasury strategies through DeFi vaults. Stablecoins are the settlement layer for cross-border payments, institutional liquidity, and an expanding universe of structured products. Permissioned chains purpose-built for regulated institutions are going live. Firms that once had no on-chain footprint are tokenizing real-world assets to access new pools of capital and liquidity.

Every one of these participants has a risk problem that the traditional financial system has never had to solve before and that the tools built for traditional finance are structurally unable to address.

They understand reserve asset risk. They understand credit risk on the off-chain side. What they do not have is a comprehensive, real-time view of on-chain structural risk: the fragility that lives inside smart contract architecture, governance design, oracle configuration, liquidity mechanics, and the propagation pathways that connect one failing asset to every protocol that touched it. That risk is not captured in a credit rating. It is not visible in a balance sheet. It does not appear in a 10-K. It surfaces, without warning, in the middle of the night when a stablecoin loses 94% of its value in under an hour.

Today, we are announcing Digital Asset Ratings, the most comprehensive real-time digital asset rating system ever built, available now at https://dapp.webacy.com/vaults . Today, it covers vaults and stablecoins. Tomorrow, it will be much, much more.

Ratings as Infrastructure, Not an Event

The traditional ratings model was designed for a world where assets change slowly. A corporate bond gets rated at issuance. It gets reviewed annually, or when a material event triggers a reassessment. The assumption is that structural conditions are stable enough that a once-a-year check, or a check you pay for when you need it, is sufficient.

On-chain finance breaks that assumption completely.

A vault’s governance configuration can change overnight via an unilateral admin key action. A stablecoin’s backing integrity can fail in under twenty minutes. A smart contract upgrade can alter the trust model of a protocol without triggering any off-chain disclosure obligation. Oracle prices can diverge silently from market reality until the gap becomes an exploit.

The risk is continuous. The rating has to be continuous too.

Digital Asset Ratings is a live system. It does not produce a score once a quarter and send a PDF. It monitors stablecoin peg stability, contamination propagation, smart contract integrity, vault structural health, oracle quality, governance behavior, liquidity dynamics, and exit risk, all simultaneously, in real time, across every covered asset. When conditions change, scores change. When a critical condition is detected, alerts fire. The system does not wait for a review cycle.

The Journey to Get Here

Digital Asset Ratings is not a product that was designed in a whiteboard session and built to spec. It is the result of years of building in response to what on-chain finance actually does to risk systems that weren’t built for it.

It started with the most visible and most dangerous problem in the space: stablecoin depeg risk.

The question was whether a system could detect a breaking stablecoin before the market did; not by being faster at reading a single price feed, but by building multi-source price consensus with persistence scoring that eliminated noise while catching genuine structural breaks in time to matter. The answer required triangulating prices across liquidity-weighted sources, requiring sustained deviation before escalating, and tracking cross-chain behavior simultaneously.

That system was validated under conditions that could not have been manufactured in a test environment.

On March 22, 2026, USR (Resolv USD) lost more than 94% of its value in under an hour, touching $0.0545 on Ethereum following an unbacked minting exploit. Our Stablecoin Monitor detected a 38% price dislocation at 02:41 UTC and issued the first high-risk warning automatically. By 03:04 UTC we had issued a sustained Critical alert. The official public announcement from Resolv Labs did not come until 04:58 UTC — two hours and seventeen minutes later.

That information gap is the entire argument for real-time ratings. While the broader market was still pricing USR as a functioning stablecoin, our partners had already received actionable alerts. The cost of that gap for anyone on the wrong side of it, was measured in forced liquidations, cascading protocol pauses, and losses that no annual review process could have prevented.

But detecting the depeg was only part of the problem. The larger problem was what happened next.

Contamination: Risk Does Not Stay Where It Starts

A stablecoin depeg is not a contained event. It is the beginning of a propagation sequence.

Every protocol that held USR as collateral inherited its structural failure. Lending markets that had priced USR at $1.00 suddenly faced collateral worth $0.05. Vaults running treasury strategies through USR exposure found their positions underwater with no exit pathway. Institutions that had touched USR indirectly, through a vault holding it as one asset among many, had contaminated exposure they may not have known existed.

This is the contamination problem. It is not unique to USR. It is the structural condition of any deeply interconnected financial system, and DeFi is the most interconnected financial system ever built.

Our contamination monitoring was built specifically to map how fragility propagates. When a stablecoin escalates in risk tier, that signal is immediately inherited by every vault, structured product, and lending market holding it. Risk at the asset level becomes a portfolio signal. The system translates “this token is failing” into “these are the positions in your exposure that are now contaminated”.

For any institution with on-chain exposure, this is the layer that converts asset risk into portfolio-level clarity.

Smart Contract Risk: Structural Fragility Before It Becomes a Market Event

Price signals and contamination monitoring describe what is happening. Smart contract risk analysis describes what the architecture makes possible before anything happens.

The code layer of our rating system evaluates contracts across four dimensions:

Protocol Risk draws on third-party technical assessments from the Trading Strategy vault framework, incorporating labels from Negligible to Blacklisted based on design weaknesses, prior incidents, and systemic dependencies. It carries the highest single weight in our composite score because it represents an independent, external technical judgment on protocol integrity.
Upgrade Risk evaluates whether a contract is a proxy, whether it can be upgraded without a timelock, and what protections exist between an admin decision and a live change to production code. An upgradeable contract with a weak multisig and no meaningful delay is a structural vulnerability even if the underlying logic is sound today. A 7-day timelock is the gold standard; anything below it scores accordingly.
Code Risk assesses source code verification status and audit coverage. Unverified code (code that cannot be read on-chain) receives a sub-score of 65 out of 100 by default. You cannot assess what you cannot read, and unreadable code in a financial context is an unacceptable condition. We can ingest bytecode to understand risk fundamentally, but the readability is still paramount.
Webacy Code Risk applies our own vulnerability scanning for reentrancy vectors, unchecked external calls, access control gaps, and behavioral anomalies that have historically preceded exploits.

These are not advisory signals. When critical vulnerabilities are detected, they shift the composite score materially regardless of recent performance. A vault earning strong yield on an unaudited, upgradeable contract with EOA admin control is not a low-risk vault. The architecture is the rating.

The Vault Rating System: The Full Picture of Structural Health

The Vault Technical Risk Rating system is where every layer converges into a single, traceable, actionable score.

Every vault receives a composite risk score from 0 to 100 (100 = highest risk) built from approximately twenty sub-scores, each weighted by structural importance. Additive penalties fire for dangerous combinations. Hard state floors ensure that catastrophic conditions can never be masked by an otherwise low score. Our numerical ratings also map to letter-based grade bands.

The design logic reflects how vault failures actually happen:

Exit risk carries the highest practical weight. Redemptions closed means the composite floor is 75, regardless of every other signal. Redemptions closed plus utilization above 95% means the floor is 80. The system does not allow a structurally locked vault to appear safe, ever.
Governance configuration is evaluated across centralization, upgradeability, and on-chain behavioral history; not just structural design. A recent contract upgrade in the past 30 days adds 12 points to the composite. An unaudited upgrade in the same window adds 32. An ownership transfer in the past 90 days adds 8. Governance behavior leaves a trail, and the system reads it.
Liquidity dynamics track the nonlinear curve of illiquidity risk. At 98% utilization, the sub-score is 88 out of 100; at 100%, it is 97. The system also applies interaction penalties - high utilization combined with a single concentrated borrower is scored more severely than either condition alone, because the combination is disproportionately more dangerous than the sum of its parts.
Oracle integrity uses a weakest-link model: the worst oracle type found across a vault’s underlying markets sets the floor for the oracle sub-score. Any collateral token with less than five million dollars in daily trading volume triggers a thin collateral market flag, the condition that enabled the Mango Markets and Cream Finance exploits. The system flags it before an attacker prices in the same observation.

The outputs are designed for integration, not just display: composite score, tier classification, listing verdict, withdrawal state, liquidity tier, percentage of TVL actually withdraw-able right now, and a full sub-score breakdown that allows any alert to be explained precisely. Not “this vault scores 78” but “this vault scores 78 because redemptions are currently closed, the admin key is an EOA with no timelock, and the underlying collateral has insufficient daily trading volume.” Every number traces back to a specific structural condition.

Who This Is For — and Where Ratings Should Exist

Digital Asset Ratings is not built for a single use case. It is built for every point in the on-chain financial ecosystem where a rating should exist but currently does not:

Stablecoin issuers need to demonstrate that the assets holding their reserves or backing their peg are structurally sound, not just overcollateralized on paper. Real-time ratings provide the continuous transparency that institutional adoption requires.
Tokenizers and RWA platforms need to assess the on-chain infrastructure their products interact with: the vaults, the lending markets, the liquidity layers; with the same rigor applied to the off-chain assets being tokenized.
Exchanges and trading venues need to know whether the assets they list, hold in treasury, or use as collateral meet a structural health standard before a failure event, not after it.
Banks and regulated institutions touching on-chain finance through stablecoins, settlement infrastructure, or permissioned chain deployments need to demonstrate to their risk teams and regulators that on-chain structural risk is being actively monitored, not acknowledged in a footnote.
DeFi protocols and vault operators need transparent, third-party structural assessments that their users and institutional counterparties can verify independently.

We also believe strongly in a broader principle: ratings should be more visible, and they should exist in more places with a trustworthy, third-party originating it. The default in traditional finance is that ratings live behind paywalls, get consulted reactively, and are treated as expert opinions and more performative rather than operational infrastructure. In on-chain finance, where the assets are public, the contracts are readable, and the risk is continuous, there is no good reason for ratings to be anything other than ambient, transparent, and always-on.

The Standard Has Changed

The Depeg Monitor is live at https://dapp.webacy.com/rwa. The Vault Dashboard, Vault Incidents taxonomy, and full API are available for integration by issuers, tokenizers, exchanges, banks, and any institution building on or alongside on-chain financial infrastructure.

For four years we built the infrastructure that makes this possible, starting with tokens in the DeFi universe. We learned from the riskiest of assets and ported that thinking and technology to the tokens that ended up dominating the bulk of the mainstream adoption of blockchain: through stablecoins.

Our vision is simple:

Ratings are no longer an event: it is a continuous signal. And wherever on-chain finance operates, that signal should be there. As every asset becomes tokenized, ratings can be the leading edge that informs all players in the financial ecosystem in real-time with the right transparency, and at the right time. Join us on this journey into rolling out the next generation Financial Ratings that the industry has been waiting for.

For API access and institutional partnerships, reach us at webacy.com.

‍

Introducing DD Digital Asset Ratings: The Most Comprehensive Real-Time Rating System for On-Chain Finance