Scores/Coinbase/Provenance/Access Control

Access Control

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

Weight 18%80% confidence

Concerning

info

How This Score Is Built

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

+23Strong positive

+12Positive

+5Slight positive

−15Strong negative

−8Negative

−3Slight negative

Score Composition

+11

Fully centralized admin (Coinbase controls minting, pausing, upgrades)

Strong positiveopen_in_newSource CodeMay 13, 2026

+11

cbETH has a minter role controlled by single entity

Strong positiveopen_in_newSource CodeMay 13, 2026

+11

Base sequencer is sole-operator

Strong positiveopen_in_newSource CodeMay 13, 2026

+11

Smart Wallet upgradeToAndCall is cross-chain replayable

Strong positivecodeView in source open_in_newSource CodeMay 13, 2026

+11

C-BASENAME-001: addr records persist through re-registration (access control gap)

Strong positiveopen_in_newSource CodeMay 13, 2026

Evidence Chain (2 files)

GitHub APIMay 17, 2026, 06:58 PM

open_in_newGitHub (/)

sha256:35dbc0a19938...

BlackHart AnalysisMay 13, 2026, 09:55 PM

open_in_newAccess Control — Source Code

sha256:6fe62a3ea03b...

Score History

—

Automated pipeline dimension update

—

Automated pipeline dimension update

—

Automated pipeline dimension update

—

Automated pipeline dimension update

—

D7 delta: +4 findings (1C/1H/2M) -> 48 total (23C/10H/15M). D7 46->42 (critical density 48%, highest in portfolio). D1 55->53 (C-BASENAME-001 access control gap). BRI recalculated.

How is Access Controlscored? →← Back to Provenance Ledger