Abracadabra
TEMPEREDLending / Stablecoin · Multi-chain · $200M+ TVL · 15 contracts
Confidence 75%Z-Factor 0.80Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
740
BRI Score
3004756508251000
Security Profile
Access Control
62
62
Economic Soundness
54
54
Oracle Integrity
48
48
Compositional Risk
58
58
Governance
65
65
Maturity
72
72
Resilience
98
98
Supply Chain
68
68
Op Security
47
47
Cascade Exposure
100
100
Access Ctrl
62
62
Economic
54
54
Oracle
48
48
Compos.
58
58
Govern.
65
65
Maturity
72
72
Resilience
98
98
Supply Ch.
68
68
OpSec
47
47
Cascade
100
100
Min
47
Avg
67
Max
100
Audit History
Certik
2021-08
Guardian Audits
2023-05
Bug Bounty Program
$100,000
Max payout on Immunefi
Assessment
ENRICHED_FROM_ARCHITECTURE: Mature CDP protocol with significant oracle manipulation surface and cook() multicall complexity. Comparable to MakerDAO (BRI ~750) but lower due to single oracle, no governance module, and historical incidents.
Dimension Breakdown
How scores work →Access Control
Weight 18%70% conf
62
arrow_forwardModerate
+16DegenBox masterContractApproved pattern provides adequate access control
+16cook() is permissionless but deferred solvency check provides post-hoc guard
+16MIM mint is operator-only (single address)
+16Strategy management is owner-only with timelock
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%60% conf
54
arrow_forwardConcerning
+18CDP model with collateralization ratio provides solvency margin
-23DegenBox elastic/base (Rebase) math introduces rounding risk on small amounts
+18Liquidation multiplier creates economic incentive for timely liquidation
+18Historical MIM depeg events indicate fragile peg mechanism
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%65% conf
48
arrow_forwardConcerning
+12Single oracle source per Cauldron (IOracle interface)
+12exchangeRate stored and used for solvency - oracle manipulation directly impacts liquidation
+12updateExchangeRate() is permissionless
-52No TWAP or multi-oracle aggregation in base CauldronV4
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%80% conf
72
arrow_forwardGood
+14Live since January 2021 (3+ years)
+14Survived multiple market stress events
+14Multiple prior audits
+14Open source codebase
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%60% conf
65
arrow_forwardModerate
+32Owner controls strategy deployment and new cauldron creation
+32Strategy changes have timelock (2-week delay)
-18No on-chain governance - team-controlled multisig
-18blacklistedCallees provides cook() callee restriction
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
98
Excellent
- Score derived from continuous adversarial security research
Operational Security
Weight 10%60% conf
47
arrow_forwardConcerning
-8No branch protection detected
-8CI/CD present but unstable (0% success)
+47Commit signing: 66% verified
-8Minimal development activity (0 commits/month)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%55% conf
58
arrow_forwardModerate
+14Deep integration with DegenBox (BentoBox fork) for all token custody
+14External swapper calls during liquidation
+14Cross-protocol oracle dependencies (Chainlink, Curve pools)
+14cook() multicall can compose arbitrary action sequences
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
100
arrow_forwardExcellent
+50Member of 2 dependency cluster(s)
0No cross-protocol cascade exposure detected
0Score: 100/100 (higher = more isolated from systemic risk)
+50Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%50% conf
68
arrow_forwardModerate
+34BentoBox fork (SushiSwap origin) - well-understood codebase
+34Standard Solidity dependencies (OpenZeppelin base)
-32No exotic compiler versions
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Operational Security47
Oracle Integrity48
Economic Soundness54
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "abracadabra"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("abracadabra")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.