Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.vaults.fyi/llms.txt

Use this file to discover all available pages before exploring further.

The Vaults.fyi Reputation Score is a proprietary metric that gives you a single, objective number to assess how battle-tested a vault is. It is not a comprehensive risk rating — it is a signal about how long a protocol has secured significant capital, how well the underlying assets and blockchain have held up over time, and whether any active risk flags are currently applied. In API responses, reputation data is returned as the score object. The composite Reputation Score is score.vaultScore; the other fields are component scores and penalty details that explain how the final value is calculated.

What the Reputation Score measures

The Reputation Score favors protocols that are “Lindy” — the longer a protocol has secured large amounts of capital without incident, the higher the vault tends to score. A low Reputation Score does not mean a vault is unsafe; it means the vault has not yet accumulated the track record that the metric rewards.
The Reputation Score complements — but does not replace — detailed risk reviews from auditors and risk managers like LlamaRisk, Chaos Labs, and Gauntlet. Use it for programmatic filtering; use risk reports for deeper due diligence.

Component scores

Vaults.fyi calculates the Reputation Score from five weighted component scores:
Measures the scale of trust a protocol has earned over its operational history. This component captures how much TVL the protocol has secured and for how long, using logarithmic scaling to prevent a handful of massive protocols from dominating. A protocol with $500M TVL sustained for two years contributes more positively than one that briefly touched the same TVL for a week.
Accounts for liquidity characteristics at the individual pool level, not just the protocol level. A large protocol can host pools with very different liquidity profiles — for example, Aave v3 USDT on mainnet (5BTVL)behavesdifferentlyfromAavev3pyUSDonmainnet(5B TVL) behaves differently from Aave v3 pyUSD on mainnet (12M TVL). This component uses the same TVL-over-time approach as protocol integrity, applied to the specific pool.
Measures holder distribution and diversity. More unique holders indicate broader trust and reduce concentration risk. Future improvements to this component will include filtering low-value addresses, distinguishing individual holders from protocol-owned positions, and analyzing the ability of large holders to exit and affect liquidity.
Evaluates the stability and creditworthiness of the vault’s deposit asset. For stablecoins and pegged assets (ETH/BTC derivatives), this component measures historical price stability relative to the peg, plus/minus 2% liquidity depth in on-chain markets, and CEX and DEX trading volume. Assets with a consistent peg and deep liquidity contribute more positively.
Assesses the maturity and security of the network the vault runs on. For Ethereum L2s, Vaults.fyi uses the L2Beat Stages framework as input. For alt-L1s like Polygon and Gnosis, the component is set at the equivalent of a Stage 0 L2. Mainnet Ethereum contributes the highest value by default.

Flag penalties

Active vault flags — security incidents, protocol risk warnings, and similar indicators — directly reduce the Reputation Score. Higher-severity flags carry larger deductions. Only the single largest active penalty applies; multiple flags do not stack. When a flag is resolved, the penalty does not disappear immediately. It decays gradually over time, so a vault that resolves an incident recovers trust incrementally rather than resetting overnight. The score.penaltyComponents field in detailed-vaults responses shows each active or decaying flag penalty, its severity, and resolution status. The score.totalScorePenalty field shows the total penalty currently applied to the composite Reputation Score.

Interpreting the Reputation Score

A higher Reputation Score indicates a longer track record securing significant capital on a well-established chain with a stable underlying asset. A high score does not guarantee safety — it means the vault has passed more of the tests that time imposes.
The Reputation Score does not incorporate smart contract audit results, governance risk, or nuanced risk assessments of protocol architecture. Do not use it as a substitute for security research.

Using the Reputation Score to filter vaults

You can filter the detailed-vaults API response to only return vaults above a minimum Reputation Score threshold using the minVaultScore query parameter: 
GET /v2/detailed-vaults?minVaultScore=60
This is useful when building integrations where you want to surface only established vaults to end users, without needing to maintain your own allowlist.
Set minVaultScore to match your product’s risk tolerance. Consumer wallets typically want higher thresholds (70+). Yield aggregators serving sophisticated users may set lower thresholds to capture emerging opportunities.
The Reputation Score is also visible in the Vaults.fyi app at app.vaults.fyi and returned by the detailed vaults endpoint as score.vaultScore.

Known limitations

The Reputation Score is objective and formula-driven, which means it has edges. A genuinely risky protocol with a long history can score well. A well-audited new protocol will score low until it builds a track record. Keep these limitations in mind when making risk decisions.
  • The Reputation Score does not account for governance risk, upgrade mechanisms, or admin key exposure.
  • Networks not rated by L2Beat may not have blockchain security component scores.
  • Smart contract audit status is not currently a direct input to the Reputation Score.
  • Flag penalties reflect known incidents surfaced by vaults.fyi — they do not capture all possible risk vectors.
For a deeper explanation of the methodology and the thinking behind the Lindy-based approach, read the Vaults.fyi reputation score blog post.