Is Scallop Safe?
Risk Grade: B- (28/100)
Scallop is rated as moderate risk — some novel mechanisms, generally well-understood.
Moderate risk — strong position on Sui, but single-chain concentration and immature security tooling on a young blockchain are real constraints
The top lending protocol on the Sui blockchain, where you deposit tokens to earn interest or borrow against them. It holds $200M in deposits and raised $3M. Its B- grade reflects that being the biggest lender on a young blockchain means absorbing all ecosystem-wide shocks, with fewer battle-tested security tools than Ethereum.
TVL
$22M
Mechanisms
8
Interactions
5
Value Grade
D+
Key Risks for Scallop Users
Everything runs on Sui. If SUI token crashes 50%, mass liquidations would overwhelm the thin trading liquidity on Sui's exchanges, creating bad debt
Sui's smart contract language (Move) has far fewer security researchers and audit tools than Ethereum's Solidity, meaning bugs are harder to catch
The protocol relies on three separate price feeds (Pyth, Switchboard, Supra) -- if they disagree during a volatile moment, interest rates and liquidations can misfire
Top Risk Factors
- •Single-ecosystem concentration: as Sui's top lending protocol, Scallop is fully exposed to Sui chain risk, bridge failures, and ecosystem-wide contagion
- •Multi-oracle dependency (Pyth, Switchboard, Supra) on a younger chain — oracle infrastructure is less battle-tested than Ethereum equivalents
- •Sui's Move-based smart contracts have a shorter audit history than Solidity, with fewer security tools and researchers available
How Scallop Compares to Peers
Scallop ranks #7 of 90 Lending protocols (top quartile — safer than most). At a risk score of 28/100, it's 9 points safer than the sector average of 37/100.
Adjacent peers: Kava Lend (B, 27/100) is ranked just safer, and Bonzo Finance (B-, 28/100) is ranked just riskier.
See the full Lending sector leaderboard or the Scallop vs Bonzo Finance comparison.
Common Questions about Scallop
Plain-English answers based on Scallop's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Vitality Risk (7/10).
Has Scallop ever been hacked or exploited?
Scallop has no recorded incidents in Hindenrank's track record dimension (scored 0/15). This is the strongest possible signal on this dimension, but the protocol may simply be too new or too small to have been stress-tested.
How much money is at stake in Scallop?
Scallop currently holds roughly $22M in user deposits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Scallop?
Hindenrank has identified specific collapse scenarios for Scallop. The most prominent: "Sui Oracle Manipulation and Cascade Liquidation". The trigger condition is Coordinated manipulation of Pyth/Switchboard/Supra oracle feeds on Sui, or a critical oracle downtime event during high market volatility. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Scallop regulated or insured?
Scallop has some regulatory exposure (5/10), typical of mid-sized DeFi protocols. There is no specific enforcement action on record, but the structure includes elements that regulators have flagged in similar protocols. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Scallop?
Hindenrank's retail-focused risk audit flagged: Everything runs on Sui. If SUI token crashes 50%, mass liquidations would overwhelm the thin trading liquidity on Sui's exchanges, creating bad debt Sui's smart contract language (Move) has far fewer security researchers and audit tools than Ethereum's Solidity, meaning bugs are harder to catch The protocol relies on three separate price feeds (Pyth, Switchboard, Supra) -- if they disagree during a volatile moment, interest rates and liquidations can misfire
Should beginners deposit into Scallop?
Scallop is rated B-, which is acceptable for users who understand the protocol's mechanism. Beginners should read the full risk breakdown and only deposit after they can articulate the top three failure modes. If you cannot explain how the protocol works, do not deposit.
How does Scallop compare to safer Lending alternatives?
Scallop is one protocol in Hindenrank's Lending coverage. The safest Lending protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Scallop against the full Lending ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Scallop risk report.
Read the Full Scallop Risk Report
This protocol has 2 collapse scenarios. 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.