We were tasked with creating a holistic risk scoring framework for selected real-world assets to guide investment decisions. We defined three risk domains to capture: code, operational, and financial risk, then applied the framework to produce assessment reports across five digital assets.
The task was to create a holistic risk scoring framework for selected real-world assets in order to guide investment decisions. We identified three risk domains to capture: code, operational, and financial risk. We then applied the framework to five liquid, institutionally relevant RWAs: USD-denominated stablecoins and gold-backed tokens.
The framework scores every domain on two axes it deliberately keeps apart. A risk score describes the severity of the residual condition in that domain. A confidence score describes how reliable, complete, and reproducible the evidence behind that risk score is. Low confidence does not soften the risk; it marks where the evidence runs thin.
Risk scoring framework, evidence model, score definitions, confidence scoring, and RWA assessment reports.
Each domain is shown as risk/confidence. The composite score summarizes the decision-level risk conclusion; confidence indicates how strongly the available evidence supported it.
| Asset | Category | Composite Risk | Composite Confidence | Smart Contract | Opsec | Financial |
|---|---|---|---|---|---|---|
| USD Coin USDC | USD stablecoin | Low | Low | Low / High | Medium / Low | Low / Medium |
| Sky Dollar USDS | USD stablecoin | Moderate | Medium | Low / High | Medium / Medium | Medium / Medium |
| Tether USD USDT | USD stablecoin | Moderate | Medium | Low / High | Medium / Medium | Medium / Medium |
| PAX Gold PAXG | Gold-backed asset | Low | Low | Low / High | Medium / Low | Low / Medium |
| Tether Gold XAUT | Gold-backed asset | Moderate | Medium | Low / High | Medium / Medium | Medium / Medium |
Operational risk largely remains a black box that cannot be judged from public information. We can observe that Tether runs pivileged controls through on-chain multisigs, while other issuers use EOA governance. However, no information about the key storage for any issuer is publicly available. This lack of public evidence leads to a low-medium composite confidence score. Operational security disclosure across the industry has to improve to make holistic risk assessments more meaningful.
Reach out for existing assessment reports or to request a risk assessment for an RWA of your choice.
Submit a request