DeFi protocol token
DeXe DEXE
DeXe (DEXE) is a standard ERC-20/BEP-20 governance token for the DeXe Protocol DAO deployed on Ethereum and BNB Chain. Under QRI v3.1 Section 7.2 (Token Inheritance), DEXE inherently shares the base-layer quantum risk of its host chains. As of 2026-06-02, neither Ethereum nor BNB Chain has production post-quantum protection — all transactions use ECDSA and Ethereum consensus uses BLS signatures. Ethereum has active PQ research (dedicated EF Post-Quantum team formed January 2026, leanXMSS, leanVM, weekly interop devnets, structured fork milestones targeting ~2029) but this is development-stage work with no production protection. The DeXe project itself has published no cryptographic inventory, no quantum risk assessment, no mitigation roadmap, and no migration mechanism. The DeXe DAO governance relies on Snapshot (off-chain ECDSA signatures) and SafeSnap (on-chain execution), creating an additional quantum-vulnerable surface that controls a ~$1.7-2.8B+ treasury. 100% of DEXE value-at-risk is quantum-vulnerable. The QRI Score of 1 reflects the complete absence of quantum preparedness by the DeXe project, with the score derived from the minimum migration coverage threshold (1 out of 20 points for <25% protected value).
Inherits L1 Score [Ethereum/BNB Chain]No Quantum PreparednessToken InheritanceECDSA-Only Governance
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory or quantum threat model published by DeXe project
- All token spend authorization relies on ECDSA via host chains (Ethereum/BNB Chain) — neither has production PQC protection
- DeXe DAO governance (Snapshot + SafeSnap) uses ECDSA signatures exclusively; a quantum attacker could forge governance votes and potentially compromise the ~$1.7-2.8B+ treasury
- No quantum migration roadmap, mechanism, or mitigation design exists for the DEXE token or DeXe Protocol DAO
- All value-at-risk (100% of token supply and treasury) is quantum-vulnerable with no migration path
Key Risks
- Host-chain dependency: DEXE token security depends entirely on Ethereum and BNB Chain base-layer cryptography (ECDSA). Neither chain has production PQC protection. Ethereum targets ~2029 for core PQ infrastructure, but this is a planning target, not a guarantee.
- Governance compromise: An attacker with a cryptographically relevant quantum computer could recover ECDSA private keys of DEXE governance participants, forge Snapshot votes, and potentially execute malicious proposals through SafeSnap to drain the ~$1.7-2.8B+ DeXe DAO Treasury.
- Long-exposure keys: All Ethereum accounts that have sent DEXE transactions have exposed their public keys on-chain. These keys are vulnerable to 'harvest now, decrypt later' attacks.
- Validator and Council keys: The DeXe DAO's Validators and Council members hold governance authority. Compromise of these keys via quantum attack could allow unauthorized proposal approval and treasury fund extraction.
- No recovery mechanism: There is no emergency pause, freeze, or migration mechanism designed to protect the DeXe DAO Treasury or DEXE token holders in the event of a quantum breakthrough.
- Dormant and unmigratable assets: The DeXe Protocol has no policy for handling quantum-vulnerable dormant holdings, lost keys, or abandoned governance positions.
Assurance Notes
- DeXe is a standard ERC-20 (Ethereum) and BEP-20 (BNB Chain) token with DAO governance smart contracts. It inherits the base-layer quantum risk of Ethereum and BNB Chain per QRI Section 7.2 (Token Inheritance).
- Classical smart contract audits exist (Hacken, CertiK, Cyfrin, Ambisafe, 2023-era) but none address quantum threats, which is expected for standard EVM contracts.
- No public quantum risk assessment, cryptographic inventory, post-quantum roadmap, or migration plan has been published by the DeXe team.
- Governance relies on Snapshot (off-chain ECDSA-signed votes) and SafeSnap (on-chain execution via Gnosis Safe multisig), both of which depend on classical ECDSA signatures vulnerable to quantum key recovery.
- Ethereum Foundation formed a dedicated Post-Quantum team in January 2026 with active weekly devnets, structured fork milestones (I*, J*, L*, M*), and production PQ infrastructure target of approximately 2029. EIP-8141 (native account abstraction) is planned for Hegotá hard fork (H2 2026). No production PQ protection is live on Ethereum as of the evaluation date.
- DeXe DAO Treasury holds approximately $1.7-2.8B+ in assets controlled by governance keys secured only by ECDSA. No quantum migration path exists for these governance controls.
- No evidence of admin key rotation plans, PQ-multisig adoption, or quantum-specific incident response process.
Non-Scoring Caveats
- Audits from Hacken, CertiK, Cyfrin, and Ambisafe (2023) are classical smart-contract audits. Their age and scope limitations affect confidence but do not change the QRI Score since no quantum-critical property is claimed.
- DeXe Protocol documentation contains no mention of quantum resistance, post-quantum cryptography, or cryptographic migration — this is expected for a standard EVM smart-contract protocol.
- DeXe Protocol contracts include upgradeable components (Beacon Proxy pattern). While this could facilitate future quantum-security upgrades, no such upgrades are planned or proposed.
- Ethereum's active PQ research (dedicated team, weekly devnets, structured roadmap targeting ~2029) will eventually benefit DeXe as an Ethereum-hosted token, but no timeline for DeXe-specific governance migration exists.
- DeXe DAO governance uses Snapshot (off-chain) and SafeSnap (on-chain via Gnosis Safe). Snapshot governance is off-chain; a quantum adversary recovering signer keys could forge governance proposals if Ethereum does not upgrade.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: DeXe has published no cryptographic inventory, no quantum threat model, and no quantum risk assessment.
Coverage basis: Absence confirmed by search of GitHub (dexe-network/DeXe-Protocol), official website (dexe.network), whitepaper, technical documentation (docs.dexe.io), and DAO memorandum.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory — caps QRI at 10 under Readiness & Risk Cap
Assurance: Evidence of absence is strong across all DeXe public resources. No quantum-related content found in any primary source.
This subfactor receives 0.0 because DeXe has not published any quantum-specific assessment. The evaluation itself provides the first structured quantum risk assessment for this token.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment
Claim: No quantum-related evidence record exists from the DeXe project.
Coverage basis: No code references, specs, audits, transaction examples, or reproducible analytics related to quantum readiness exist in DeXe's public repositories or documentation.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Nothing to evaluate — no quantum evidence has been produced by the project.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: DEXE token transfers use standard ECDSA via Ethereum and BNB Chain. No PQ or hybrid-PQC signature support exists on either host chain as of 2026-06-02.
Coverage basis: Verified ERC-20 contract on Etherscan (0xde4EE8057785A7e8e800Db58F9784845A5C2Cbd6) uses standard transfer/approve mechanisms. Ethereum mainnet remains ECDSA-only for transaction signing.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely ECDSA-only
Assurance: Ethereum has active PQ development (dedicated EF Post-Quantum team, leanXMSS, leanVM, weekly interop devnets) but zero production PQ protection. EIP-8141 (native account abstraction for PQ signatures) is targeted for Hegotá hard fork (H2 2026) but is not yet deployed.
Inherited from host chains per QRI Section 7.2. DEXE has no independent cryptographic path.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: DEXE token holders use standard Ethereum EOAs. Any account that has sent DEXE has an exposed secp256k1 public key on-chain, creating long-exposure quantum-vulnerable ownership paths.
Coverage basis: Ethereum's account model exposes public keys on first transaction. No DeXe-specific key-derivation or address scheme exists to mitigate this.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, burn, recovery, or policy path
Inherited from host chains. DEXE adds no mitigation.
Production Cryptographic Protection
Consensus-critical authentication
Claim: DEXE is a token and has no independent consensus mechanism. Governance uses Snapshot/SafeSnap with ECDSA signatures.
Coverage basis: Token-level evaluation — consensus is provided by host chains. Governance is a token-specific authentication surface.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Governance authentication (Snapshot/SafeSnap) uses ECDSA; quantum compromise of signer keys could forge DAO decisions
Assurance: Governance is scored here as the token-specific equivalent of consensus-critical authentication. Snapshot/SafeSnap use standard ECDSA.
While DeXe has no validator consensus layer, its governance mechanism is a critical authentication surface that uses vulnerable ECDSA.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: DeXe Protocol smart contracts use standard Solidity storage with no custom cryptographic state-integrity mechanisms.
Coverage basis: Contracts use standard EVM storage. State integrity is provided by the host chain.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Privacy and proof layers
Claim: DeXe has no privacy layer, ZK proof system, shielded transactions, or stealth address mechanism.
Coverage basis: All DeXe Protocol transactions and governance are transparent on-chain.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: DeXe is a smart contract protocol, not a P2P network.
Coverage basis: No P2P layer exists at the token/protocol level.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows
Claim: DEXE tokens are held in standard Ethereum/BNB Chain wallets. No PQ wallet, custody, or HSM support exists for the DEXE token specifically. All governance signing uses standard ECDSA wallets.
Coverage basis: DEXE holders and governance participants use MetaMask, hardware wallets, and institutional custody — all ECDSA-based. No DeXe-specific PQ wallet path exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Governance participants including Validators and Council members use standard ECDSA wallets. The DeXe DAO Treasury (~$1.7-2.8B+) is controlled via these ECDSA-based governance paths.
Inherits host-chain wallet limitations. Governance key custody adds DeXe-specific quantum risk.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of DEXE value-at-risk is protected from quantum key-recovery attacks. All ~$1.7-2.8B+ in DeXe DAO Treasury and all circulating DEXE tokens are controlled by ECDSA keys.
Coverage basis: <25% coverage. No migration has occurred. No PQ-native design. All value is in standard ERC-20/BEP-20 tokens controlled by ECDSA accounts.
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All value-at-risk is quantum-vulnerable with no migration path
Assurance: Treasury balance of ~$1.7-2.8B+ is sourced from dexe.network/dao and CryptoNewsNavigator. This figure represents total treasury value, not solely DEXE. Exact composition of vulnerable vs. non-vulnerable assets cannot be determined from public sources but all governance control paths are ECDSA-based.
Coverage <25% maps to score 1 out of 20; Implementation Score = 1/20 = 0.05.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No DeXe treasury, governance, validator, council, or protocol-controlled wallets have been migrated to PQ protection.
Coverage basis: DeXe DAO Treasury and all governance roles (Validators, Council members, Experts) operate through standard ECDSA Ethereum accounts. No migration has been proposed or executed.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Major treasury (~$1.7-2.8B+) remains quantum-vulnerable with no migration path
The DeXe DAO Memorandum describes Council members as having 'the highest judicial authority' and being 'appointed and removed by the decision of a DAO.' All such governance actions use ECDSA signatures.
Migration Status & Value-at-Risk
Legacy vulnerable pools identified, measurable, deprecated, migrated, frozen, or proven not to exist
Claim: No identification, measurement, deprecation, or migration of quantum-vulnerable DEXE holdings has occurred.
Coverage basis: No documentation of vulnerable account identification, no freeze/deprecation policy, no migration tracking.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Dormant holdings, lost keys, and abandoned governance positions have no identified treatment path.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: No quantum migration or protection roadmap exists for DeXe.
Coverage basis: No roadmap, sequencing, activation criteria, or dependencies have been published for any quantum-related upgrade.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
DeXe will likely depend on Ethereum's PQ migration path (EIP-8141, account abstraction) for base-layer protection, but no DeXe-specific governance migration has been proposed.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ account creation, wallet tooling, transaction paths, custody paths, user warnings, education, or migration prompts exist for DEXE.
Coverage basis: No DeXe-specific tooling for quantum migration exists. Users would depend entirely on Ethereum ecosystem tools (not yet production-ready).
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms, deprecation schedules, legacy signing restrictions, withdrawal restrictions, or unsafe-path blocking exist for DeXe.
Coverage basis: No coordination with exchanges, custodians, bridges, wallets, or infrastructure providers for quantum migration has been documented.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities
Claim: No quantum-specific incident response, disclosure process, or emergency governance mechanism exists for DeXe.
Coverage basis: DeXe DAO governance has general proposal mechanisms but no quantum-specific emergency procedures.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The absence of a quantum-specific incident-response process does not by itself create a cap under QRI v3.1 Note-Only Caveat Rule, as it does not create or preserve a current quantum-vulnerable path beyond what already exists. It is recorded as an assurance note.
The DeXe DAO Memorandum describes a multi-step proposal circuit (Idea Incubation → Initiation → Members' Voting → Completion → Validators' Voting → DeXecution → Implementation) that could theoretically address quantum threats if initiated by the community, but no quantum-specific triggers or expedited paths exist.
Algorithm & Implementation Assurance
Uses NIST-standardized or broadly reviewed PQC/hybrid-PQC algorithms
Claim: DeXe does not use any PQC or hybrid-PQC algorithms. All cryptography is classical ECDSA (inherited from host chains).
Coverage basis: No PQC algorithms in use. Smart contracts contain no custom cryptographic logic.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
No PQC algorithms to evaluate. Score is 0.0 because no PQC implementation exists.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: DeXe smart contracts have been audited by Hacken, CertiK, Cyfrin, and Ambisafe (2023). None of these audits cover quantum resistance or PQC.
Coverage basis: Audits exist for classical smart contract security only. Quantum-critical scope is completely unaddressed.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Audits are from 2023 (stale) and scope-mismatched for quantum evaluation. They confirm classical smart contract security but provide zero assurance for quantum resistance. This affects confidence, not the QRI Score, per QRI v3.1 audit treatment rules.
The audits cover standard Solidity vulnerabilities (reentrancy, access control, etc.) and do not address quantum threats, which is expected for standard EVM contracts.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: No PQC implementation exists to be open-source. The DeXe Protocol classical smart contracts are open-source.
Coverage basis: Classical contracts are open-source on GitHub (MIT-licensed). No PQC code exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
No PQC implementation exists to evaluate for openness or reproducibility.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path documented
Claim: No PQC parameters or upgrade path exist to document.
Coverage basis: No parameter agility or cryptographic upgrade path has been documented for quantum migration.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
The DeXe Protocol uses a Beacon Proxy pattern for upgradeability, which could theoretically facilitate future PQC upgrades, but no such upgrade path has been specified.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, and custody implementation risks
Claim: No stateful signatures (XMSS/LMS) are used by DeXe. This subfactor is not applicable.
Coverage basis: No stateful PQC signatures in use.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Performance and resource-impact analysis
Claim: No PQC performance analysis exists for DeXe because no PQC is deployed or planned.
Coverage basis: No PQC deployment to analyze.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Not applicable until PQC is deployed. Recorded as note-only.
Report metadata