Risk Framework

Number and type of oracle providers. Major assets (SOL, USDC) use feeds from Chainlink, Pyth, Switchboard, and Redstone. Fewer sources = higher risk. Decentralized networks > on-chain feeds > centralized sources. Fallback eliminates single-provider dependency.

Update frequency (sub-second pull-based vs heartbeat-based), historical uptime, and accuracy. Cross-provider deviation patterns reveal systematic issues.

Heuristic anomaly checks, TWAP/EWMA smoothing, configured price bands for pegged assets, multi-provider cross-referencing.

Independent audit coverage — different auditors catch different bug classes. Multiple reputable audits = highest confidence; no audit = elevated risk. Track resolution of critical/high findings.

Verifiability and battle-testing. Open-source with reproducible builds benefits from community review. A contract holding $500M for two years > one deployed last month.

Who can modify the program. Immutable = secure but unfixable. Multisig + timelock substantially lowers risk vs single-key with no delay.

Incentives for responsible disclosure. $1M bounty attracts more research than $10K. Note program maturity and scope coverage.

What backs the token and how verifiable. Stablecoins: cash/treasuries vs commercial paper. LSTs: stake-pool structure, validator count. Composition determines stress resilience.

Track record under stress: max historical deviation, recovery time, depeg event frequency. e.g. USDC dropped to $0.90 post-SVB and recovered in ~48h.

Direct redemption (e.g. USDC at $1) provides hard floor. LST unstaking enables arbitrage but has delay (Solana ~2-day epoch). Note peg-restoration incentives.

Decentralized → DAO-governed → multisig → single-entity. Note signer independence (5 signers at one company ≈ single-entity) and admin-key capabilities.

Top-holder concentration, vesting & unlock schedules, team/investor allocations. Top-10 holding 80% has fundamentally different risk than top-10 at 15%.

Operating history, transparency, regulatory standing. Prompt incident transparency builds confidence; relevant licenses (money transmitter, MiCA) signal compliance posture.

Determines buffer between Max LTV and Liquidation LTV. Higher volatility → lower Max LTV. Trend (stable/increasing/declining) — spikes trigger Max LTV reductions.

Whether collateral can be sold without excessive market impact. Critical failure: when price impact exceeds liquidation bonus, liquidations stop being profitable.

Context for other risk metrics. Low-cap → conservative parameters. Watch FDV/circulating-cap ratio — 98% locked supply means future unlocks create selling pressure.

Price linkage between listed assets — correlated assets compound liquidation demand (e.g. SOL LSTs all fall with SOL). Stress correlations trend toward 1.0 in downturns.

Aggregate exposure analysis. SOL+LSTs combined exposure under -30% shock. If one stablecoin is 60% of debt, its depeg affects 60% of loans.

Modeled scenarios for protocol resilience — KRAF Dashboard models -10/-20/-30/-40/-60% shocks plus idiosyncratic single-asset events.

Supply cap bounds losses if exploited; borrow cap is constrained by debt-token liquidity; daily caps prevent rapid buildup; E-Mode caps limit high-LTV pegged-pair exposure.

Asset classification: General (cross-margin, higher LTV) vs Isolated Collateral (ring-fenced) vs Isolated Debt (borrow-only, strict caps). Isolation prevents cascade.

Rates spike at high utilization to incentivize repayment. Liquidation bonus must exceed expected price impact at max position size. Auto-deleverage for anomalies.

Real-time KRAF Dashboard: per-reserve utilization, LTV-distribution clustering near liquidation thresholds, oracle staleness/deviation, liquidation-at-risk percentages.

Whether this token is issued natively on Solana or is a bridged representation of an asset that lives on another chain. Bridged tokens inherit risk from the bridge in addition to the underlying asset.

Which bridge protocol the token uses, if it is bridged. Bridge security and design (lock-and-mint vs burn-and-mint, custody model, validator set) is a major risk vector.

The entity issuing the token. Use the name + link to the issuer's primary website. Affects counterparty exposure, regulatory standing, and recourse in failure scenarios.

How new units are created. Native = SPL/Token-2022 mint authority (e.g. multisig issuing directly). Smart contract = a program controls minting (staking vault, wrapping program, etc). For Smart contract include both a URL (e.g. Solscan program account) and the GitHub source repo.