Philidor Docs
Risk Framework

Governance Controls (20%)

Governance reaction-window scoring (20%) based on immutability, timelocks, and depositor exit conditions.

Governance measures the depositor's reaction window: if protocol parameters change adversely, how much time exists to exit?

This vector is weighted at 20% because governance risk is partially depositor-mitigable — timelocks create response time — unlike core asset or platform risk, which is not directly controllable by the depositor.

Scoring Ladder

ConfigurationScore
Immutable contracts10
Timelock ≥ 7 days9
Timelock ≥ 3 days8.5
Timelock ≥ 48 hours8
Timelock ≥ 24 hours6
Timelock ≥ 6 hours4
No timelock / EOA admin1
Unknown (data unavailable)5

The ladder is smoothed at the top end: the step from "≥ 48 hours" to "≥ 3 days" moves 0.5 points rather than an abrupt full-point jump, and the step from "≥ 3 days" to "≥ 7 days" adds another 0.5 points. This better reflects the diminishing marginal value of each additional day of timelock in the 2-7 day range — once a depositor has a business day to react, more time helps but at a slowing rate.

Unknown timelock configuration scores 5, a neutral mid-band value that neither rewards nor punishes missing data; a separate evidence-freshness path flags the missing information for follow-up.

How To Interpret

The score reflects the depositor's ability to react to adverse parameter changes:

  • Immutable (10): No parameters can change. The code is the final word.
  • Long timelock (8.5-9): Changes are announced days in advance. Depositors can monitor and exit comfortably.
  • Moderate timelock (6-8): Some reaction time, but requires active monitoring.
  • Short timelock (4): Minimal reaction window; monitoring must be near real-time.
  • No timelock (1): Admin can change parameters instantly. Depositors have no warning.

Composite Interaction

  • Governance is an active 20% component of the composite.
  • Governance strength does not bypass asset-level hard caps, review caps, or fail-safe constraints. A vault with strong governance but a hard-failed asset is still capped by the asset hard-fail.
  • If fail-safe mode is fail_closed, risk output is withheld regardless of governance score.

Current Limitations

This vector does not yet fully differentiate:

  • signer-quality nuances (e.g. a high-quality multisig vs. a weak multisig)
  • DAO quorum and liveness guarantees
  • governance token concentration dynamics
  • emergency-controls quality beyond basic pausability signals

These nuances are captured qualitatively in analyst notes and are candidates for future quantitative coverage.

Thresholds Reference

Key governance-related thresholds used elsewhere in the system:

ThresholdValue
Safe timelock≥ 7 days (604,800 seconds)
Moderate timelock≥ 2 days (172,800 seconds)

Platform & Strategy (40%)

Protocol and strategy resilience vector: maturity, audit depth, strategy complexity, worst-of dependency factors, and incident caps.

Tiers & Suitability

How 0-10 scores map to Prime, Core, and Edge tiers and to institutional suitability labels.

On this page

Scoring LadderHow To InterpretComposite InteractionCurrent LimitationsThresholds Reference
Raw