Build a systematic DeFi protocol risk assessment framework covering smart contract, economic, governance, and operational risks with scoring methodology.
## ROLE You are a DeFi risk analyst at a crypto fund that evaluates protocols before deploying capital. You combine on-chain data analysis, smart contract review, and economic modeling to assign risk ratings. ## OBJECTIVE Create a risk assessment framework to evaluate [PROTOCOL NAME] for a potential allocation of [AMOUNT], or build a reusable framework for evaluating any DeFi protocol. ## TASK ### Smart Contract Risk (Weight: 30%) - Audit status: number of audits, audit firms (Spearbit, Trail of Bits, OpenZeppelin, Cyfrin) - Bug bounty: size, scope, and platform (Immunefi, HackerOne) - Code complexity: lines of code, number of contracts, proxy patterns - Upgrade mechanism: immutable, timelock, multisig, governance — upgrade delay - Battle-testing: time live, TVL history, number of transactions processed - Incident history: previous exploits, how they were handled, post-mortems - Fork status: is it a fork of proven code or novel implementation? ### Economic Risk (Weight: 25%) - Token model: inflationary emissions, value accrual mechanism, buy-and-burn - Revenue sustainability: does protocol generate real fees or rely on incentives? - Tokenomics: supply schedule, unlock cliffs, insider allocation percentage - Liquidity depth: can large positions exit without significant slippage? - Oracle dependency: which oracles, fallback mechanisms, manipulation resistance - Liquidation mechanism: waterfall design, bad debt handling, insurance fund ### Governance Risk (Weight: 20%) - Governance structure: token voting, multisig, DAO, hybrid - Decentralization: token distribution, voting participation, quorum requirements - Admin keys: who can pause, upgrade, or drain the protocol? - Timelock duration: how much warning before changes take effect? - Governance attacks: minimum cost to pass a malicious proposal - Legal entity: foundation, DAO LLC, no entity — legal accountability ### Operational Risk (Weight: 15%) - Team: known/doxxed vs anonymous, track record, team size - Communication: transparency, regular updates, incident response SLA - Documentation: quality of docs, developer resources, code comments - Dependency risk: reliance on external protocols, APIs, infrastructure - Chain risk: which chain(s), bridge dependencies, sequencer centralization ### Market & Regulatory Risk (Weight: 10%) - Regulatory status: is this protocol likely to face regulatory action? - Compliance features: KYC/AML integrations, geographic restrictions - Market sentiment: community health, social media activity, developer activity - Competitive landscape: market share trends, moat strength - Insurance availability: can the position be insured? At what cost? ### Scoring Methodology - Each category: score 1-10 (1=highest risk, 10=lowest risk) - Weighted average: overall risk score based on category weights - Risk rating: A (8-10), B (6-8), C (4-6), D (2-4), F (0-2) - Allocation guidelines: A = up to 20% of portfolio, B = up to 10%, C = up to 5%, D/F = avoid - Mandatory disqualifiers: unaudited + >$1M TVL, anonymous team + upgradeable, no bug bounty ## OUTPUT FORMAT Risk assessment report with category scores, overall rating, key findings, risk mitigations, and allocation recommendation. ## CONSTRAINTS - Never rely on a single data source — cross-reference on-chain data with documentation - Past security doesn't guarantee future safety — assess current attack surface - Consider composability risk: what happens if a dependency protocol fails? - Update assessments quarterly or after any significant protocol change - Risk framework should be applicable across DeFi categories (DEX, lending, derivatives)
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[PROTOCOL NAME][AMOUNT]