Dimension 4: Compositional Risk
Protocol-intrinsic composition: external dependencies, cross-contract interactions, and integration surface area.
What We Measure
We measure the protocol's exposure to failures in external systems it depends on or interacts with. DeFi's composability is both its strength and its Achilles heel — when protocols compose, their risk profiles multiply. We analyze external protocol dependencies and integration surfaces, cross-contract interaction patterns and trust assumptions, recursive or re-entrant interaction paths across protocol boundaries, shared state exposure between composing protocols, blast radius analysis (if dependency X fails, what breaks here), and whether composition risk is sandboxed or system-wide.
What Raises This Score
Zero external dependencies in core logic (self-contained architecture)
Risk sandboxing — bad integrations affect only their own scope, not the whole protocol
Well-bounded integration interfaces with minimal trust surface
No direct cross-protocol calls in core paths
Dependency failures that degrade gracefully rather than cascade
Composition surface area explicitly documented and monitored
No shared mutable state with external protocols
What Lowers This Score
Deep dependency chains where multiple external failures can cascade
Shared security models where one bad actor affects all participants
Cross-protocol calls in critical paths without failure handling
Recursive interaction patterns that compound across protocol boundaries
System-wide blast radius when any single integration fails
Implicit trust assumptions about the behavior of external protocols
No isolation between integrator-introduced risk and core protocol risk
Why This Weight
At 5%, Compositional Risk captures protocol-intrinsic integration surface — the complexity of a protocol's own external dependencies and cross-contract interactions. The complementary D12 (Cascade Exposure) captures extrinsic systemic risk from the broader dependency graph. Together, D4 + D12 carry 10% combined weight, reflecting the full composition picture: how complex are your integrations (D4) and how exposed are you to cascading failures in DeFi's dependency graph (D12).