Skip to main content

Smart Contract Risk Dimensions

This page describes what Ozone evaluates on each scored contract and how those evaluations compose into a per-protocol grade. The grade is a defensible ordering of structural assurance, not a probability of loss.

What the grade measures

A smart contract risk grade describes how the contract is expected to behave when conditions become adversarial: privileged actors escalating, upgrade paths being hijacked, oracle dependencies degrading, governance moving under pressure. The grade quantifies what is observable about the contract's resilience along those axes.

The grade is structural, not predictive. It does not assert a probability of exploit, a probability of loss, or a loss rate. It is a defensible ordering: more assured contracts grade higher, less assured contracts grade lower, and the differences between grades are calibrated to be comparable across contracts and protocols.

How a smart contract risk score is built

Each scored contract receives a 0.0–1.0 grade composed in four stages:

  1. The two evidence families (posture and behavior) are blended into a raw weighted score.
  2. Score reductions subtract for recurring structural weaknesses.
  3. Capping conditions override the result on confirmed catastrophic findings.
  4. Per-contract grades roll up to a per-protocol grade weighted by contract centrality.

Each stage is described below.

The two evidence families

Two families of evidence contribute additively to the per-contract grade: machine-extractable posture and adversarial-behavior tests. A third mechanism, capping conditions, sits separately and overrides the blend when a confirmed catastrophic finding lands. The two additive families share the weighted blend with balanced contribution; neither family dominates by design.

Family 1: Machine-extractable posture

The first family captures what the deployed code and its surrounding artifacts say about the contract today. The family blends the following posture signals, each of which is part of the scored rubric:

  • Upgrade authority surface: who can replace the contract's logic, under what delay, with what review window.
  • Privileged role posture: which roles can pause, move funds, change parameters, and how those roles are gated.
  • Upgrade pattern: how upgradeability is structured (transparent proxy, UUPS, immutable, or absent).
  • Upgrade cadence: how often the contract has been upgraded recently against a rolling window.
  • Audit completeness: how many recent audits cover the surface, who performed them, how complete the coverage was.
  • Bug bounty depth: whether a published bounty exists, what severity it pays, what scope it covers.
  • Dangerous opcode reachability: whether outside callers can reach opcodes that enable self-destruct, delegated execution, or arbitrary code substitution.
  • Source verification on the public explorer: whether the deployed bytecode matches a verified source.
  • Immutable storage profile: which storage slots are immutable by design, and which are mutable behind privileged paths.
  • Dependency graph breadth: how many external contracts the deployed code calls into to do its job.

A high-end posture combines a scoped upgrade path with a delay, multi-firm recent audits, a meaningful bounty, verified source, and immutable storage where it matters. A low-end posture combines single-key admin authority, sparse or stale audits, externally reachable dangerous opcodes, unverified source, or a recent re-deployment with unclear scope.

Family 2: Adversarial-behavior tests

The second family covers what does not show up in bytecode: how the contract is expected to behave when adversarial conditions arrive. Adversarial-behavior tests group into five themes, each carrying a small number of contract-test principles that an analyst walks through against the contract's stated behavior:

  • Safety and authority: privileged-actor abuse paths, role recovery, mint and upgrade authority composition. These tests probe whether a single compromise or coordinated multi-role compromise can move value or alter rules, and whether the contract has any built-in roll-back.
  • State and accounting: invariant preservation under stress, accounting drift, accumulator behavior. These tests probe whether the contract's bookkeeping holds up across edge conditions where rounding, ordering, or pause events could open small gaps that compound.
  • External dependencies: oracle skepticism, dependency degradation, fallback paths. These tests probe whether the contract treats external calls as potentially adversarial inputs and whether it has named fallback behavior when an upstream feed misbehaves.
  • Economic resilience: incentive compatibility under attack, MEV exposure, fee-on-yield interaction. These tests probe whether profitable misbehavior is structurally available and whether the protocol's incentives line up with the safety properties the contract claims.
  • Operational and recovery: pause discipline, recovery posture after partial failure, contingency surface. These tests probe whether operators can stop a slow exploit in progress and whether a partial recovery path exists for assets stranded by an incident.

Each verdict carries a falsifier: a future-observable event that would invalidate the verdict. Verdicts without a falsifier carry zero weight in the score; they are not silently averaged in.

A high-end behavior posture combines defensible verdicts paired with clear falsifiers, evidence anchored to specific contract behavior, and robustness paths named explicitly. A low-end posture combines hedged verdicts with no falsifying event named, missing recovery paths under stated stress scenarios, or untested invariants under composition.

Score reductions

Five named reductions can subtract from the raw weighted blend before any capping condition is checked. Reductions catch recurring structural weaknesses that do not rise to the level of a capping condition but should not be glossed over:

  • Recent incident analog: the contract shares structural traits with a comparable contract that experienced a documented loss event in the past year.
  • Single-key admin: a critical admin role sits behind a single signer or a low-threshold multisig.
  • No delay on critical functions: critical state changes can land instantly, without a published delay window.
  • Unverified bytecode on the public explorer: source verification is missing, so deployed bytecode cannot be diffed against published source.
  • EOA-delegated admin: an admin role is exposed through an externally-owned account using the EIP-7702 delegation pattern, where the EOA effectively executes contract code without the usual upgrade controls.

Each reduction subtracts a small amount from the raw weighted blend. Reductions stack and are clamped at zero. They are subtracted before capping conditions are checked, never after.

Capping conditions

A small set of capping conditions can override the weighted blend regardless of how the two evidence families read. Capping conditions fire from confirmed structural findings, not from a sub-grade drifting below a threshold. They apply per-contract, after the weighted aggregate and after any score reductions, and never raise a grade.

Three capping conditions are published today:

Capping conditionWhat triggers itCap
Unrestricted privileged actionA confirmed path where a single key or compromised role can mint, upgrade, or move funds without restriction.0.39
Oracle-manipulation preconditionA confirmed structural condition where the contract permits price feeds that can be manipulated under realistic conditions.0.59
Unreviewable code contextConfirmed inability to verify what the contract does, due to missing source, dropped artifacts, or compositional opacity.0.84

When more than one cap applies, the lowest cap wins. Across the curated list of contracts evaluated in this release, none of the scored contracts triggered any capping condition.

The unreviewable-code cap sits at 0.84 rather than further down because confirmed opacity prevents a top-band grade without ruling out remediable explanations (a follow-up review, a recovered artifact, or a published source can lift the cap on the next evaluation). Sparse evidence on individual signals is handled separately by the conservative ceiling rule described at the bottom of this page.

From per-contract grade to per-protocol grade

Per-contract grades combine into a per-protocol grade via a weighted geometric mean. The weight on each contract reflects how central that contract is to the protocol: the contract holding parameters that govern the entire protocol carries the most weight; a helper that produces deployment artifacts carries less.

Why this roll-up shape punishes a single weak contract

Contracts in a protocol are composed: if one is structurally weak, the protocol inherits that weakness. The geometric form penalizes a single weak contract more than an arithmetic average does. The same per-contract grades can produce different protocol grades depending on which contract is most central:

Per-contract grades + weightsWeighted geometric meanWeighted arithmetic mean
0.90 @ 1.00, 0.80 @ 0.70, 0.60 @ 0.300.810.82
0.60 @ 1.00, 0.80 @ 0.70, 0.90 @ 0.30 (weakest in most-central seat)0.710.72
0.95 @ 1.00, 0.95 @ 0.70, 0.95 @ 0.30 (all strong)0.950.95

The middle row illustrates the centrality effect: moving the weakest grade into the most-central seat drops the per-protocol grade from 0.81 to 0.71, even though the per-contract numbers are unchanged. In practice, this is why the central contract's structural posture sets the ceiling for the protocol grade.

The per-protocol grade is the value shown on the dashboard. See the Worked Example for the full walk-through against Maple v2.

Tier ladder

The same five tier bands apply to per-contract grades and per-protocol grades. The bands use a parallel shape to the Oracle Risk ladder; the exact ranges differ because smart contract scores cluster on a finer grid than oracle scores do.

Score rangeTierWhat it means
0.85 to 1.00Reference GradeStrong structural assurance across the rubric. Audit coverage is broad and recent; upgrade paths are gated with delay; privileged roles are constrained; adversarial-behavior verdicts pair with explicit falsifiers. In practice, only routine hardening remains.
0.70 to 0.84Low RiskPasses overall, with one or two tracked conditions an allocator would write into a remediation list. Historically, deployment proceeds with the tracked conditions monitored rather than as an unrestricted green light.
0.50 to 0.69Moderate RiskConditional posture. Evidence shape shows mitigations scheduled but not yet in place, or a notable structural finding that requires explicit acceptance. Deployment typically waits for mitigations to land or carries explicit constraints on size and duration.
0.40 to 0.49High RiskMajor structural weaknesses surface across multiple families. A pause on deployment or upgrade is the historical default; allocators wait for remediation or for the next re-evaluation.
0.00 to 0.39Very High RiskA confirmed catastrophic structural finding has capped the grade, or stacked reductions on top of a weak blend have pulled it here. Do not deploy, unpause, or upgrade until the structural issues are remediated and the grade is re-evaluated.

Bands are an ordinal ranking, not a probability or a loss rate. Two protocols in the same band can still differ in their evidence shape. Reading the per-contract panels for two contracts in the same band can reveal materially different structural postures.

What this score does not promise

The grade is calibrated; it is not a probability. Five caveats sit alongside it:

  • Not a probability of loss. The grade orders contracts by structural assurance, not by likelihood of an incident. Two contracts with the same grade may face different incident probabilities depending on capital exposed, market conditions, and external dependencies the grade does not cover.
  • Not backtested against historical incidents. The methodology is calibrated against documented incident analogs, but the grade has not been retroactively scored against every past DeFi loss to confirm it would have surfaced the failure.
  • Not directly comparable across protocols at the raw-number grain. Two protocols at 0.72 may differ materially in their evidence shape. Tier bands are the safer cross-protocol comparison unit; raw-number differences below the band-boundary threshold sit inside the noise floor.
  • Cross-rater consistency is open work. The adversarial-behavior verdicts are produced by trained analysts working from a shared methodology brief. Independent rater agreement on those verdicts is still being measured; the calibration program is actively closing this gap.
  • Sparse evidence does not lift a grade by default. A contract without observed incidents does not earn a top grade by absence of evidence. A conservative ceiling applies until evidence is offered; absence of evidence does not lift the grade.

See the Worked Example for how these dimensions play out on Maple v2, and Monitoring for what causes a grade to refresh.