D1
Access Control
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
Weight 18%75% confidence
72
Good
info
How This Score Is Built
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Score Composition
+14
SpokePool admin is cross-domain (HubPool via bridge) - strong access control
+14
proposeRootBundle is permissionless but requires bond
+14
executeRootBundle is gated by liveness period + Merkle proof
+14
Owner-only functions for critical configuration (adapters, routes)
+14
Emergency delete provides admin safety valve
Evidence Chain (2 files)
GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)sha256:febe91d03e73...
BlackHart AnalysisMay 4, 2026, 11:30 PM
open_in_newAccess Control — Source Codesha256:1b79535b90f9...
Score History
—
Automated pipeline dimension update—
Automated pipeline dimension update—
Automated pipeline dimension update