For high-volume, highly audited protocols, we rely on audits and public information as a guide for evaluating smart contract risk. Elsewhere, with new protocols, a deeper analysis is performed with our general framework revolving around the following:

Code Vulnerabilities: Contracts may have coding errors or vulnerabilities that can be exploited by attackers, for example with reentrancy attacks, integer overflows, and more..

Security of External Dependencies: Smart contracts may rely on external data sources, such as oracles, to function properly. If these external dependencies are compromised or can be manipulated, it can introduce significant risk to the smart contract.

Regulatory and Legal Risks: Some smart contracts operate within an existing legal framework, and their execution must comply with relevant laws and regulations. Failure to consider these aspects may result in legal challenges or regulatory interventions.

Economic and Game Theoretical Risks: Smart contract protocols often rely on specific economic assumptions and game theoretical incentives to function optimally. However, the assumptions made during the design might fail in real-world scenarios, leading to security vulnerabilities.

Governance Risks: Smart contracts are typically decentralized and governed by consensus mechanisms. However, disagreements or disputes within the community can lead to forks or contentious changes, potentially impacting the stability and integrity of the contract.

Upgradability Risks: Some smart contracts may have upgradability features to fix issues or introduce new functionalities. However, this introduces the risk of unintended consequences or malicious changes if the upgrade process is not carefully managed.