← Back to site

ClariQ Risk Methodology

A Deterministic, Fact-Gated Framework for DeFi Vault Risk Assessment

Document: Public Methodology Whitepaper Version: 1.0 (Draft) Date: 2026-07-09 Audience: Integration engineering teams and compliance officers evaluating ClariQ as an embedded risk layer


1. Purpose and Scope

This document describes how ClariQ produces risk scores for DeFi yield vaults and protocols: what the scores mean, what inputs they are computed from, how those inputs are verified before they are allowed to influence a score, and — just as importantly — what the system refuses to do when it does not have enough verified information.

It is written for two readers. The first is an engineering lead deciding whether ClariQ's scores are sound enough to embed in a product surface. The second is a compliance or risk officer who must be able to defend, internally and to regulators, a decision to rely on a third-party risk signal. For both readers, the central claims of this document are the same:

  1. Scoring is deterministic. A ClariQ score is the output of a pure, versioned rules function applied to a structured set of verified facts. The same facts and the same engine version always produce the same score. There is no statistical model, no human judgment call, and no language model anywhere in the scoring path.
  2. Facts are gated before they can affect scores. AI assistance is used to find and draft candidate facts from primary sources, but no AI-derived fact can influence a production score until a human reviewer has accepted it through an auditable review process.
  3. Missing information is never papered over. When the system lacks the verified facts required to score a position, it reports a Pending state rather than an estimated score. When a specific safety check cannot be evaluated because its underlying facts are not yet collected, that check reports "not applicable / not evaluated" — never a false "passed."

This document describes the system as built and running today. Capabilities that are designed but not yet live are explicitly labeled as roadmap items in Section 9, and are excluded from all other sections.


2. Design Principles

2.1 Determinism over judgment

Most risk assessments in DeFi are either manual analyst write-ups or opaque model outputs. Both are difficult for a relying party to audit: the first cannot be reproduced, and the second cannot be explained. ClariQ takes a third path: the scoring engine is a pure function. It reads no network, no database, no environment, and no system clock. Every input it consumes is present in a versioned facts document; every output can be regenerated bit-for-bit from that document and the engine version recorded alongside the score.

Practical consequences for a relying party:

2.2 Facts before scores

The engine is deliberately the simple part of the system. The hard part — and the part where errors would be dangerous — is establishing that the inputs are true. ClariQ therefore separates the system into a facts pipeline (which gathers and verifies inputs) and a scoring engine (which mechanically converts verified inputs into scores). The boundary between them is a schema: the engine will only score a facts document that satisfies its required-field contract, and the pipeline will only emit facts that have passed its verification gates.

2.3 Honesty about ignorance

A risk score that silently substitutes assumptions for missing data is worse than no score, because it manufactures false confidence precisely where risk is least understood. ClariQ's engine enforces a completeness contract: if the required facts for a target are not all present and verified, the engine returns no numeric score at all. The product surfaces this as Pending (or, while collection is actively in progress, Processing). This is a deliberate product decision: users and integrators will sometimes see "Pending" where a competitor would show a number. We consider that a feature.

2.4 Independence

ClariQ is never paid by the protocols or vaults it rates. There is no "pay to be rated," no "pay to improve a rating," and no sponsorship relationship with any rated entity. Ratings are impersonal: the same score for a given vault is shown to every user, and scores are statements about the instrument, not personalized investment advice. This posture is structural, not aspirational — the issuer-pays model is, in our assessment, a disqualifying conflict of interest for a risk rating business, and we have declined to build revenue mechanisms that depend on it.


3. What a Score Means

3.1 Scale semantics

ClariQ scores are expressed on a risk-native scale from 1.0 to 5.0, where lower is safer:

The overall score is a fixed weighted combination of the eight factor scores described in Section 4, subject to the kill-switch floor described in Section 5. Each factor is itself scored on the same 1-to-5, lower-is-safer scale, so the decomposition is directly interpretable: a vault with an overall score driven by a poor Technical Security factor tells a different story from one driven by Systemic Exposure, and the breakdown makes that visible.

3.2 What a score is not

3.3 Scoring scope and fallback

Scores are computed at the most specific level for which complete verified facts exist. When vault-level facts are complete, the vault is scored on its own facts. When vault-level facts are incomplete but the underlying protocol's facts are complete, the engine may score at protocol scope — and when it does, the result is explicitly labeled as a protocol-scope score, with the missing vault-level fields enumerated in the result. When neither is complete, the result is Pending. The scope of every score is recorded in its output; a protocol-fallback score is never presented as a vault-specific one.


4. The Eight Risk Factors

Every scored instrument is assessed across eight named factors. Each factor has a defined scope — a "primary home" rule ensures each underlying signal is scored in exactly one factor, so no single weakness is double-counted across the framework. The factors and their weights are fixed and versioned; the numeric weights themselves, and the precise scoring bands within each factor, are part of ClariQ's proprietary quantitative specification (see Section 8).

1. Technical Security. The security posture of the smart contracts themselves: source-code verification, the count and quality tier of independent security audits, upgradeability architecture (immutable vs. proxy-upgradable), timelock protections on privileged operations, administrative key control structure, and the instrument's exploit history. Contracts that are unverified, unaudited, or controlled by a single externally-owned key are treated as severe findings in this factor (and can independently trigger kill-switch conditions — see Section 5).

2. Financial Health. The economic soundness of the instrument: total value locked as a depth-and-scrutiny signal, utilization, and the composition of the advertised yield. Yield composition is decomposed into real yield (fees and interest actually generated), token-emission incentives, and speculative components, using sourced per-pool data where the upstream providers publish it. Where a sourced decomposition is unavailable, the engine does not fabricate a split — it does not manufacture an emissions-versus-real breakdown, and the emissions composition for that instrument should be treated as unverified rather than as a finding. Where a sourced decomposition is present, yield structures dominated by emissions or speculative components score worse than equivalent structures generating real yield.

3. Operational Maturity. The human and governance layer: whether the team is publicly identified (doxxed), the governance structure (DAO or otherwise), and the discipline of administrative controls. Anonymous teams with weak audit coverage represent a materially different operational risk than identified teams under decentralized governance, and the factor scores accordingly.

4. Systemic Exposure. Dependency and contagion risk: what the instrument is built on top of, and what fails if those layers fail. This factor evaluates dependency depth, with explicit handling for layered restaking structures — each additional layer of receipt tokens (LST/LRT stacking) raises the factor's floor, reflecting compounding slashing and depeg exposure. Custodial and wrapped-asset control risk is also assessed here as its primary home.

5. Complexity. Strategy complexity as an independent risk dimension: the number of protocols composed in the strategy, use of leverage and liquidation-bearing positions, and the degree of active management required. Simple single-protocol lending positions and multi-protocol leveraged loops are distinguished even when both look healthy on every other factor, because complexity expands the surface for both technical failure and operator error.

6. Frontend / Interface. The risk that users are harmed through the interface layer rather than the contracts: hosting and DNS posture, and — critically — a permanent scar rule for instruments whose frontends have been successfully attacked. A frontend compromise with user losses imposes a lasting floor on this factor's score; the floor deepens with the magnitude of losses and with repeated incidents. Interfaces do not get a clean slate by relaunching.

7. Legal / Regulatory. Regulatory exposure of the instrument and its operators: recognized licensing or registration where applicable, sanctions exposure, and regulatory-action history. A strong legal posture can improve this factor, but the framework enforces a structural limit: no protocol can achieve the framework's best-possible legal score purely on formal credentials — a recognition that DeFi legal risk is never fully extinguished by a license.

8. Chain / L2. The risk contributed by the settlement layer itself. Ethereum mainnet is treated as the reference safest environment. Instruments on L2s and alternative chains are assessed on the maturity of the rollup (including its independently published decentralization stage), sequencer architecture, and bridge control structure. Chain-level risk also carries its own dedicated set of kill-switch conditions (Section 5).

Factor scores combine into the overall score through fixed, versioned weights. The weighting was validated empirically during framework development — including testing and rejecting proposed re-weightings that produced no fitness improvement — and does not change without a versioned framework release.


5. Kill Switches: Conditions That Floor the Score

Weighted averages have a known failure mode: a catastrophic single weakness can be diluted by strength elsewhere. History is explicit on this point — instruments have collapsed totally while carrying top-tier audits, identified founders, and polished interfaces, because one fatal economic or structural flaw outweighed everything else.

ClariQ addresses this with kill switches: a set of 13 named conditions (eight general conditions, plus five chain/L2-specific conditions) that are evaluated on every scoring run, independently of the factor mathematics. If any kill switch is triggered, the overall score is floored deep in the high-risk band, regardless of how well the instrument performs on the eight factors. A vault with five tier-1 audits and a billion dollars of TVL that is controlled by a single externally-owned key does not get partial credit; it gets floored.

The general conditions cover, qualitatively: single-key administrative control; unverified contract source; absence of any credible security audit; reliance on proprietary or unverifiable oracle infrastructure; sustained depeg behavior in algorithmic-stable structures; recent unremediated exploit history (with a recency window — a fully reimbursed exploit ages out of kill-switch status over time, while an unreimbursed one does not); upgradable contracts holding substantial value without adequate timelock protection; and fatally weak financial structure as measured by the Financial Health factor itself, evaluated after factor scoring. The chain-level conditions cover early-stage rollup decentralization, centrally controlled bridges, censorship posture, closed-source chain infrastructure, and insufficient chain operating history.

The precise numeric thresholds for each condition are part of the proprietary quantitative specification (Section 8).

Three properties of the kill-switch layer matter for a relying party:


6. The Facts Pipeline

6.1 Sources

Scores are computed from a structured facts document assembled per instrument. Facts are drawn from:

6.2 AI-assisted fact-finding, human-gated fact promotion

Assembling qualitative facts — audit inventories, incident histories, governance details — across hundreds of instruments is research work, and ClariQ uses AI assistance to do it at scale: automated assessment runs read primary sources and produce candidate facts with citations.

The critical control is what happens next. Candidate facts do not affect scores. They enter a review feed, where each proposed fact is examined by a human reviewer against its cited evidence. Only on explicit acceptance is a fact promoted into the curated fact registry that feeds the scoring engine. Every promotion records what was promoted, from which review item, by whom, and when — producing a per-fact audit trail from source citation through human acceptance to score impact.

The scoring engine itself never invokes an AI model. The division of labor is strict: AI drafts and cites; humans verify and promote; deterministic rules score. A relying party's exposure to AI error is therefore bounded by the human review gate, not by model behavior.

6.3 The no-fabrication policy

The pipeline enforces, as code rather than convention, a policy that production scoring paths never fabricate data:

6.4 Freshness and re-scoring

Facts documents carry their collection timestamp, and scores are recomputed from current facts rather than cached indefinitely; time-sensitive logic (such as exploit-recency windows) is anchored to the facts' collection time so that a score remains reproducible from its snapshot. Stale or incomplete data results in Pending/Processing states rather than silently aging scores.


7. Governance of the Methodology

The methodology itself is under formal change control:


8. Proprietary Specification and Enterprise Access

The qualitative framework — the eight factors, their scopes, the kill-switch conditions, the honesty guarantees, and the pipeline controls — is public and is described in this document. The quantitative specification — the numeric factor weights, per-factor scoring bands, and kill-switch trigger thresholds — is proprietary. Weights and thresholds exist, are fixed, and are versioned; they are not disclosed publicly.

Enterprise integration partners with a compliance need to review the full quantitative specification — including exact weights, thresholds, scoring band definitions, and the change history of each — may obtain it under NDA as part of an enterprise engagement. This tiering exists so that relying parties who must defend the methodology internally can inspect it completely, while limiting the surface for score-gaming by rated entities.


9. Roadmap (Designed, Not Yet Live)

In keeping with this document's as-built discipline, the following are explicitly not part of the current production system, and no section above should be read as claiming them:

Roadmap items ship as versioned engine and pipeline releases and will be reflected in future revisions of this document.


10. Summary for the Relying Party

A ClariQ score is: a number on a fixed 1-to-5, lower-is-safer scale; computed by a pure, versioned, regression-tested rules engine; from facts that were either mechanically collected from primary sources or human-approved through an audited review gate; decomposable into eight named factors under a no-double-counting rule; subject to 13 named kill-switch conditions that floor the score on any single fatal finding and that report honestly when they could not be evaluated; and withheld entirely — shown as Pending — whenever the verified evidence is insufficient to compute it.

ClariQ is not paid by the entities it rates, shows the same impersonal score to everyone, and treats "we don't know yet" as an acceptable answer and "we made it up" as a prohibited one.

Questions about this methodology, requests for the full quantitative specification under NDA, or integration inquiries should be directed to ClariQ.


Version 1.0 (Draft) — 2026-07-09. This document describes the production system as of its date. Material methodology changes will be published as revised versions of this document.