Vault Due Diligence

This guide walks through a complete due diligence assessment of a DeFi vault using the Philidor API.

Step 1: Look Up the Vault

curl https://api.philidor.io/v1/vault/ethereum/0x8eB67A509616cd6A7c1B3c8C21D48FF57df3d458

Check the top-level fields first:

• total_score — composite risk score (0-10)
• risk_tier — Prime, Core, or Edge
• is_audited — whether the protocol version is audited
• strategy_type — what the vault does (lending, yield_aggregation, etc.)

Step 2: Examine Risk Vectors

The risk_vectors field breaks the score into three independent dimensions:

Red flags:

• Any vector scoring below 3
• Asset vector limited by a non-Chainlink oracle
• Platform vector dragged down by incident decay

Step 3: Review Audit Status

Check the audit fields:

• audit_status — "audited" or "unaudited"
• auditors — list of audit firms
• audit_date — when the audit was completed
• audit_report_url — link to the full report

Unaudited = forced Edge. No exceptions, regardless of other scores.

Step 4: Check Oracle Freshness

curl https://api.philidor.io/v1/oracle-vector/freshness

Verify that the oracle feeds for the vault's assets are fresh and updating. Stale oracles are a leading indicator of potential issues.

Step 5: Review Events and History

curl https://api.philidor.io/v1/vault/ethereum/0x8eB67A509616cd6A7c1B3c8C21D48FF57df3d458/events

Look for:

• Incidents — any security events or losses
• Allocation changes — frequent rebalancing may indicate instability
• Parameter changes — fee changes, cap adjustments

Step 6: Decision Framework

Using the MCP Server

With the MCP server, you can run the entire assessment with a single prompt:

"Run a due diligence report on the Gauntlet USDC vault at 0x8eB67A509616cd6A7c1B3c8C21D48FF57df3d458 on Ethereum"

This triggers the vault_due_diligence prompt which orchestrates multiple tool calls automatically.