Risk rating model

In traditional finance, risk ratings rely on decades of historical data. Credit rating agencies like S&P or Moody’s can build models based on thousands of defaults. But in DeFi, that kind of data doesn’t exist. Most protocols are only a few years old. Big failures are rare, but when they happen, they’re often catastrophic (and fast).

That’s why Shift created its own risk rating model — one that works in a market with less history, faster evolution, and very different risks.

How the model was built

The Shift team designed its risk model from scratch, based on real-world experience and limited but growing DeFi data. It was backtested on over 150 protocols to check how it would have performed historically. Would it have flagged the right risks? Would it have caught the patterns behind past failures?

The model is still evolving. Each new exploit or market event is a chance to refine and improve it.

Ratings: from AAA to B

Each investment or component is assigned a letter rating, similar in format (but not in meaning) to traditional credit scores. These are internal classifications that help Shift rank risk in relative terms:

Note: these aren’t comparable to ratings used in bond markets. An "A" in DeFi means relatively low risk among DeFi opportunities, not that it matches a corporate bond "A".

Criteria, not false precision

There’s no formula that spits out a rating based on numbers alone. Instead, each rating level is defined by a checklist of qualitative criteria.

For example, to qualify as "AA", a protocol might need to be live for over a year with no major incidents, have audited code, strong adoption, and deep liquidity. If it fails even one of those checks, it might drop to "A" or lower.

This approach avoids false confidence in data that doesn’t yet exist — and favors a cautious, rule-based method instead.

Rating individual components — not just the strategy

Shift’s rating model looks at each piece of the strategy on its own. Every Asset and Protocol gets a separate risk rating.

Why does that matter? Because a weak token shouldn’t be hidden behind a strong protocol. For example, if a governance token has poor liquidity or high volatility, it might be rated “B” even if it's used inside a well-known protocol like Aave. That risk is flagged directly, not averaged out.

This level of detail lets Shift spot fragile components early and before they affect the broader strategy.

The lowest-rated block defines the strategy

After rating each Building Block, Shift applies a conservative rule: the overall strategy rating can’t be higher than its weakest part.

Think of it like this: a chain is only as strong as its weakest link. If a strategy includes blocks rated AA, A, and BBB, the entire strategy is rated BBB at best.

This avoids false confidence from averaging — and ensures that even one risky piece keeps the overall rating cautious.

Strategy-level red flags

Beyond the individual components, Shift also looks at how the whole strategy is put together. Certain features raise red flags — like using leverage, having too many moving parts, or locking up user funds for long periods.

These factors don’t get their own letter rating but can pull the final rating down.

For instance, two strategies with the same building block ratings might get different final scores if one is overly complex or exposes users to liquidation risk.

Stablecoins: a special case

Shift treats USDC and USDT differently from other tokens. These stablecoins are used so widely that they act as base currencies across DeFi. As a result, they don’t get rated like other assets.

That doesn’t mean their risks are ignored. Shift actively monitors potential issues (like depegs or centralization risk) and prefers USDC due to its stronger reserve transparency. But in practice, these tokens are assumed to hold their $1 value unless proven otherwise.

Other stablecoins (especially newer or algorithmic ones) are rated like any other asset, based on their stability and design.

A pragmatic, cautious model

Shift’s risk rating system is built for the real world of DeFi — where data is scarce, changes happen fast, and models must adapt.

Rather than rely on complex math or make false promises of precision, Shift uses a structured and transparent framework. It’s designed to compare risk across many types of strategies and highlight weak points early.

The result? A model that helps Shift stay within its risk appetite and protect user capital in an unpredictable market.

Be sure to read our article Why stablecoins aren't so stable to learn why Shift's risk model treats these assets differently from the rest of DeFi.