Dimension 6: Battle-Tested Maturity
Actuarial credibility model: Z-weighted deployment history, TVL-days, audit depth, bounty coverage, and incident history.
What We Measure
We apply an actuarial credibility model to assess how much evidence exists that a protocol is safe. Time without exploit is evidence — but only when combined with meaningful TVL exposure and diverse usage patterns. We measure deployment duration (days live on mainnet), TVL-days (cumulative value-at-risk over time), audit depth and coverage (number of firms, formal verification), bug bounty program coverage and responsiveness, incident history and remediation quality, Z-factor relationship (confidence coefficient), and codebase stability (frequency and scope of changes).
What Raises This Score
Multi-year deployment with zero code-level exploits
High TVL-days indicating sustained value at risk without incident
Multiple independent audit firms with overlapping coverage
Formal verification of core invariants
Active, well-funded bug bounty program running for years
Frozen core contracts (no changes = no new bugs)
Survival through multiple market stress events (Black Thursday, Terra, FTX)
What Lowers This Score
Recent deployment with limited production history
Rapidly evolving codebase with frequent upgrades
Single audit from a single firm
No bug bounty program or one with minimal payouts
Previous exploit incidents, especially if root cause was design-level
Low TVL-days relative to protocol age
Unaudited code deployed to mainnet
Why This Weight
At 12%, Battle-Tested Maturity is the third-highest weight because deployment history is the strongest predictor of future safety. A protocol that has held billions for years without exploit has demonstrated safety through exposure — a form of evidence that no audit can replicate. The Z-factor (T_deploy / (T_deploy + 180)) provides the mathematical framework for how confidence accumulates over time.