BlackHartBlackHart
Scores/Circle CCTP/Provenance/Governance & Upgradeability
D5

Governance & Upgradeability

Admin key concentration, timelock coverage, upgrade mechanisms, and Maximum Extractable Value by Admin (MEVA).

Weight 10%85% confidence
40
Concerning
info

How This Score Is Built

Admin key concentration, timelock coverage, upgrade mechanisms, and Maximum Extractable Value by Admin (MEVA).

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Scoring Tree

BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
680
Current BRI
D5Governance & Upgradeability
Weight 9%
40
(40/100)^0.09 = 0.9208
Contributing Factors
+40Mitigating (off-chain): Circle is a regulated, publicly-listed issuer; CCTP centralization is a deliberate design choice with a pauser kill-switch
-60Bug-bounty governance signal: Circle BBP (HackerOne, public mode) caps the CRITICAL payout at $5,000 (min $150); circlefin/evm-cctp-contracts IS a bounty-eligible smart-contract asset — a weak incentive relative to a bridge that can mint native USDC on dozens of chains
0Single corporate entity (Circle) controls all CCTP admin: owner, attesterManager, tokenController, pauser, rescuer (per-contract addresses confirmed on-chain) plus the upgradeable-proxy owner
0No on-chain DAO/timelock: attester-set rotations, signature-threshold changes, and proxy upgrades execute instantly (single-step), though high-importance role TRANSFERS use a 2-step accept pattern (ChainSecurity)
Evidence Sources
blackhart_analysisMay 30sha256:9e643422126e....

Score Composition

-60

Bug-bounty governance signal: Circle BBP (HackerOne, public mode) caps the CRITICAL payout at $5,000 (min $150); circlefin/evm-cctp-contracts IS a bounty-eligible smart-contract asset — a weak incentive relative to a bridge that can mint native USDC on dozens of chains

Negative
0

Single corporate entity (Circle) controls all CCTP admin: owner, attesterManager, tokenController, pauser, rescuer (per-contract addresses confirmed on-chain) plus the upgradeable-proxy owner

NeutralcodeView in source
0

No on-chain DAO/timelock: attester-set rotations, signature-threshold changes, and proxy upgrades execute instantly (single-step), though high-importance role TRANSFERS use a 2-step accept pattern (ChainSecurity)

NeutralcodeView in source
+40

Mitigating (off-chain): Circle is a regulated, publicly-listed issuer; CCTP centralization is a deliberate design choice with a pauser kill-switch

Positive

Evidence Chain (1 files)

BlackHart AnalysisMay 30, 2026, 05:10 AM
sha256:9e643422126e...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1
How is Governance & Upgradeability scored?← Back to Provenance Ledger