Operational Risk (Pillar 3)

Operational Risk captures the protocol’s ability to function securely, transparently, and reliably over time. It reflects the resilience demonstrated by its longevity, its TVL, the robustness of its security audits, and the degree of transparency provided around its economic activities. These criteria indicate how well a protocol builds investor trust by implementing measures that mitigate vulnerabilities and minimize fraud, hacks, and operational errors.

The Operational pillar is assessed against three criteria: Lindy, Audits, and Economic Transparency. Its rating is the worst rating among these three criteria.

3rd Pillar
Criteria

Operational

Lindy

Audits

Economic Transparency

Pillar Rating

Worst Rating of the Criteria

Lindy

The Lindy effect reflects the idea that the longer a technology or organization has survived, the more likely it is to continue existing.

We consider both time-based and value-based resilience as indicators:

  • Time-based resilience: how long the protocol and token have been active, and the time elapsed without any recorded hacks or security breaches. A long, incident-free history suggests the code has been battle-tested over time.

  • Value-based resilience: the protocol’s Total Value Locked (TVL). High TVL attracts more attention from potential attackers, as the rewards are greater. Successfully operating with substantial TVL shows robustness as the protocol has withstood attacks despite being a lucrative target.

Either of these dimensions can strengthen a protocol’s Lindy score.

In addition, a new product launched by an established digital asset player can receive a higher rating, as their proven track record and industry presence help mitigate operational uncertainty, compared to completely new entrants.

Audits

Since smart contracts govern all protocol operations, their code should be reviewed by independent security auditors or specialized firms.

Auditing is a standard practice in DeFi, and protocols that have not undergone an audit are inherently considered high-risk. Public audit reports should be made available and must cover all smart contract sets involved in the protocol’s management. The security firms conducting these audits should have strong reputations and be trusted within the developer community.

Additionally, we note that operating a live bug bounty program, either in-house or via a third-party platform, adds an extra layer of protection. Rewards should scale with severity to incentivize thorough security research.

Indicators:

  • Reputation of the audit firm and public availability of the report

  • Implementation of audit fixes and recommendations

  • Existence and scope of a bug bounty program, with adequate reward tiers

Economic Transparency

As on-chain assets grow in sophistication with tokenized real-world assets or financial products mirroring traditional markets, some activities risk becoming opaque and dependent on issuer reports.

To ensure asset valuation integrity, look-through economic activities should be observable. Smart contract interactions should allow investors and curators to monitor underlying asset values.

If full transparency is not natively on-chain, read functions or oracles should provide access to fundamental metrics such as: price, total assets, total supply, collateralization ratios (if applicable)

Indicators:

  • Smart contract functions that expose key economic risk data

  • Price oracles and their update mechanisms

  • Depth and detail of reporting on underlying economic activities

PreviousCredit Risk (Pillar 2)NextPlatform Rating (Layer 2)

Last updated