Compound V3
DAMASCUSLending / Borrowing · Multi-chain · $2.5B TVL · 15 contracts
Confidence 74%Z-Factor 0.86Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
825
BRI Score
3004756508251000
Security Profile
Access Control
88
88
Economic Soundness
85
85
Oracle Integrity
82
82
Compositional Risk
75
75
Governance
72
72
Maturity
90
90
Resilience
50
50
Supply Chain
88
88
Op Security
47
47
Cascade Exposure
84
84
Access Ctrl
88
88
Economic
85
85
Oracle
82
82
Compos.
75
75
Govern.
72
72
Maturity
90
90
Resilience
50
50
Supply Ch.
88
88
OpSec
47
47
Cascade
84
84
Min
47
Avg
76
Max
90
Audit History
OpenZeppelin
2022-08Report →
ChainSecurity
2022-07
Bug Bounty Program
$1,000,000
Max payout on Immunefi
Assessment
One of DeFi's most battle-tested lending protocols. V3 Comet architecture is simpler and safer than V2. Strong maturity (D6=90) and no exploits. Oracle single-source and governance centralization are the main drags.
Dimension Breakdown
How scores work →Access Control
Weight 18%85% conf
88
arrow_forwardStrong
+29Comet single-asset design drastically reduces admin surface vs V2
+29Pause guardian for emergency response
+29Configurator pattern separates config from execution
-12No reentrancy exposure in core borrow/supply paths
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%82% conf
85
arrow_forwardStrong
+28Conservative collateral factors, well-calibrated LTVs
+28Absorb mechanism for bad debt socialization is explicit
+28Single base asset per market simplifies liquidation math
-15Flash loan borrowing not available in Comet architecture
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%80% conf
82
arrow_forwardStrong
+41Chainlink primary oracle with staleness checks
+41Custom price feeds per asset with governance control
-9No TWAP dependency, direct Chainlink consumption
-9Single oracle source per asset (no fallback chain)
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%88% conf
90
arrow_forwardExcellent
+22V3 live since Aug 2022 (~3.5 years), V2 since 2019 (org maturity 7+ years)
+22Survived multiple market stress events (LUNA, FTX, SVB)
+22Extensive audit history (OpenZeppelin, Trail of Bits, ChainSecurity)
-10No exploits in V3 lifetime
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%80% conf
72
arrow_forwardGood
+18Governor Bravo with 2-day timelock
+18COMP token governance, active voter participation
+18Compound Labs retains outsized influence on proposals
+18Configurator upgrades require governance vote
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%30% conf
50
Concerning
- Maximum resilience under independent adversarial testing
- Comprehensive security coverage across all attack surfaces
- Mature codebase with extensive battle testing
- No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%60% conf
47
arrow_forwardConcerning
-8No branch protection detected
-8CI/CD present but unstable (0% success)
+47Commit signing: 100% verified
-8Weak PR review coverage (17%)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%78% conf
75
arrow_forwardGood
+25Widely integrated across DeFi (Instadapp, DeFi Saver, etc.)
+25Comet design limits cross-protocol re-entrancy surface
+25External reward claiming adds minor attack surface
-25Collateral asset risk delegated to governance
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%65% conf
84
arrow_forwardStrong
+28Appears in 3 cross-protocol cascade chain(s)
+28Member of 2 dependency cluster(s)
-16Score: 84/100 (higher = more isolated from systemic risk)
+28Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%85% conf
88
arrow_forwardStrong
+29Standard OpenZeppelin base libraries
-12Minimal proxy usage in V3 (non-upgradeable core)
+29Well-audited Solidity compiler versions
+29Clean dependency graph vs V2 complexity
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Operational Security47
Adversarial Resilience50
Governance & Upgradeability72
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "compound-v3"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("compound-v3")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.