Philidor Docs
Guides

Vault Due Diligence

5-step vault assessment — check risk score, inspect vectors, review events, verify oracle freshness, and compare alternatives.

This guide walks through a complete due diligence assessment of a DeFi vault using the Philidor API.

Step 1: Look Up the Vault

curl https://api.philidor.io/v1/vault/ethereum/0x8eB67A509616cd6A7c1B3c8C21D48FF57df3d458

Check the top-level fields first:

  • total_score — composite risk score (0-10)
  • risk_tier — Prime, Core, or Edge
  • is_audited — whether the protocol version is audited
  • strategy_type — what the vault does (lending, yield_aggregation, etc.)

Step 2: Examine Risk Vectors

The risk_vectors field breaks the score into three independent dimensions:

VectorWeightWhat to look for
Asset40%Asset category, review status, evidence freshness, cap reasons
Platform40%How long has the code been live? How many audits?
Governance20%Is there a timelock? How long?

Red flags:

  • Any vector scoring below 3
  • Asset vector constrained by hard-fail/override/staleness caps
  • Platform vector dragged down by incident decay

Step 3: Review Audit Status

Check the audit fields:

  • audit_status — "audited" or "unaudited"
  • auditors — list of audit firms
  • audit_date — when the audit was completed
  • audit_report_url — link to the full report

In v4.1, audit quality is a major platform input and can also inform hard-fail/suitability outcomes, but score limiting is applied via explicit caps and explainability outputs rather than a single forced-tier rule.

Step 4: Check Oracle Freshness

curl https://api.philidor.io/v1/oracle-vector/freshness

Verify that the oracle feeds for the vault's assets are fresh and updating. Stale oracles are a leading indicator of potential issues.

Step 5: Review Events and History

curl https://api.philidor.io/v1/vault/ethereum/0x8eB67A509616cd6A7c1B3c8C21D48FF57df3d458/events

Look for:

  • Incidents — any security events or losses
  • Allocation changes — frequent rebalancing may indicate instability
  • Parameter changes — fee changes, cap adjustments

Step 6: Decision Framework

ScoreTypical Action
8.0+ (Prime)Suitable for core allocations. Monitor for tier changes.
5.0-7.9 (Core)Acceptable with active monitoring. Size positions accordingly.
< 5.0 (Edge)Requires deep due diligence. Consider size limits.
not_assessedTreat as unreviewed exposure; require explicit internal approval

Using the MCP Server

With the MCP server, you can run the entire assessment with a single prompt:

"Run a due diligence report on the Gauntlet USDC vault at 0x8eB67A509616cd6A7c1B3c8C21D48FF57df3d458 on Ethereum"

This triggers the vault_due_diligence prompt which orchestrates multiple tool calls automatically.

Data Integrity & Model Governance

How Philidor enforces evidence quality, approvals, provenance, and fail-safe behavior in v4.1.

Portfolio Risk Analysis

Paste any Ethereum address to get a full risk breakdown — tier distribution, protocol concentration, and exposure alerts.

On this page

Step 1: Look Up the VaultStep 2: Examine Risk VectorsStep 3: Review Audit StatusStep 4: Check Oracle FreshnessStep 5: Review Events and HistoryStep 6: Decision FrameworkUsing the MCP Server
Raw