Risk Assessments

Comprehensive Risk Assessments

Creed performs detailed risk assessments for DeFi protocols, NFT platforms, DAOs, and the entire Web3 ecosystem using a newly standardized methodology based on the NIST Capability Maturity Model (CMM), Cybersecurity Framework v2.0 (CSF), and Secure Controls Framework (SCF). Our assessments evaluate projects across six critical functions: Govern, Identify, Protect, Detect, Respond, and Recover - providing a comprehensive view of an organization's cybersecurity posture and maturity.

Structured Process

We follow a thorough, transparent assessment methodology:

  1. Pre-Interview Questionnaire - Initial risk profile information
  2. Detailed Interview - One-hour session with project stakeholders
  3. Documentation - Recording and comprehensive note-taking
  4. Analysis & Reporting - Complete evaluation across all functions
  5. Peer Review - Secondary review for accuracy and objectivity

Benefits for Projects and Investors

Creed's risk assessments provide projects with comprehensive analysis of their security maturity and actionable improvement roadmaps. The standardized approach helps teams prioritize security initiatives, while investors and users can leverage these assessments to make informed decisions about protocol reliability and risk management capabilities.

Partners

Turtle Club

Schedule Your Assessment

Schedule a comprehensive risk assessment for your project. Complete our quick form below and we will contact you to discuss your assessment.

Contact Us

Risk Assessment Results

  • Turtle Club

    May 2025
    In progress

    Turtle is a web3 distribution protocol that helps monetize the activities of users by bringing off chain rewards onchain to encourage a much more transparent, accessible, and efficient capital market structure.

  • Euler

    April 2025
    Tier 5

    Euler is a non-custodial permissionless lending protocol on Ethereum that helps users to earn interest on their crypto assets or hedge against volatile markets.

  • Noon

    February 2025
    In progress

    Noon aims to be the most intelligent and fair yield-generating stablecoin in web3

  • InceptionLRT

    October 2024
    Tier 3

    InceptionLRT is the Modular Aggregation Layer for Restaking, designed to address the growing complexity and fragmentation of the restaking ecosystem

  • Ramses

    September 2024
    Tier 2

    Ramses is a next-generation AMM designed to serve as Arbitrum's central liquidity hub, combining the secure and battle-tested superiority of Uniswap v3 with a custom incentive engine, vote-lock governance model, and streamlined user experience.

  • Silo

    TBD
    Tier 0Pending

    The Silo Protocol is a non-custodial lending primitive that creates programable risk-isolated markets known as silos. Any user with a wallet can lend or borrow in a silo in a non-custodial manner. Silo markets use the peer-to-pool, overcollateralized model where the value of a borrower's collateral always exceeds the value of their loan.

Understanding Risk Maturity Tiers

These tiers draw upon the high-level structure of the Capability Maturity Model (CMM) and Secure Controls Framework (SCF). The Tiers characterize the rigor of an organization's cybersecurity risk governance practices (GOVERN) and cybersecurity risk management practices (IDENTIFY, PROTECT, DETECT, RESPOND, and RECOVER).

Tier 0No security measures

Risk governance is not defined and risk management is not performed.

Tier 1Ad-hoc, reactive security

Risk strategy is managed in an ad-hoc manner. Limited awareness of cybersecurity risks with case-by-case implementation.

Tier 2Basic security practices

Practices are approved but not organization-wide. Cybersecurity information is shared informally.

Tier 3Documented procedures

Formal governance structure with standardized, documented policies. Organization-wide approach to security management.

Tier 4Measured security

Quantitatively controlled practices with metrics-driven governance. Cybersecurity information is routinely shared.

Tier 5Continuously improved

World-class practices with continuous improvement. Security is part of organizational culture with real-time adaptation.