Residual risk is the risk that remains in a token model after every mitigation has been applied and documented. No mitigation eliminates risk; it relocates or reduces it. Stating the residual explicitly is what separates a diligence-ready design from one that claims zero risk.
A project that cannot state its residual risk has either skipped the analysis or is hiding the result, and the investor reprices for the worst case either way.
How it is calculated
Residual risk comes straight out of the adversarial risk pass. Each threat vector starts with a gross rating: likelihood times impact before mitigations. After mitigations are applied, the team re-rates likelihood and impact to produce a net residual.
The gap between gross and residual is the proof that mitigations are doing real work. If the residual looks identical to the gross, the mitigation was cosmetic.
Why it matters
For investors and legal counsel, residual risk is the number that matters most. A project that can say "our largest residual risk is oracle latency in low-liquidity conditions, which we manage with a 15-minute TWAP and a circuit breaker at X% deviation" is investable. A project that says "we have mitigated all risks" is not.
Example
A staking mechanism with slashing enforced by a 3-of-5 multisig has mitigated centralized slashing authority but keeps a residual risk of multisig collusion or key compromise. That residual should be stated, sized, and paired with a plan: an insurance fund, an on-chain dispute period, or a key rotation cadence.
Common mistake
Treating residual risk as a legal disclaimer rather than a design input. Residual risk stated in plain language inside the tokenomics document drives the next round of design changes. Residual risk buried in a legal annex goes unread and unmitigated.
See Tokenomics Audit Services for how this applies in practice.
Know the terms but not sure how they apply to your project? That is what an engagement is for. We design, document, and stress-test the whole token economy inside the Tokenomics Data Room.
80+ projects advised. Complete tokenomics in 4 to 6 weeks.