BlackHartBlackHart
Scores/Beefy Finance/Provenance/Access Control
D1

Access Control

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

Weight 18%70% confidence
55
Moderate
info

How This Score Is Built

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Score Composition

-11

Owner-based ACL (no role separation: owner controls strategy migration, token rescue, fee config)

Strong negativeopen_in_newSource CodeMay 4, 2026
-11

No on-chain timelock for most admin functions (only strategy migration has approvalDelay)

Strong negativecodeView in sourceopen_in_newSource CodeMay 4, 2026
-11

Vault owner can call inCaseTokensGetStuck (rescue) but cannot touch want token

Strong negativecodeView in sourceopen_in_newSource CodeMay 4, 2026
-11

earn() is fully permissionless with no rate limiting

Strong negativeopen_in_newSource CodeMay 4, 2026
+55

Strategy has separate keeper/strategist/manager roles but all controlled by same Beefy team

Strong positiveopen_in_newSource CodeMay 4, 2026

Evidence Chain (2 files)

GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)
sha256:516b7d4fceaf...
BlackHart AnalysisMay 4, 2026, 11:30 PM
open_in_newAccess Control — Source Code
sha256:542f640ec0ed...

Score History

Automated pipeline dimension update
How is Access Controlscored? →← Back to Provenance Ledger