BlackHartBlackHart
Scores/CoW Protocol

CoW Protocol

DAMASCUS

DEX Aggregator · Ethereum + Gnosis · $500M+ TVL · 10 contracts

Confidence 75%Z-Factor 0.82Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

835
BRI Score
3004756508251000

Security Profile

Access Ctrl
85
Economic
88
Oracle
82
Compos.
75
Govern.
80
Maturity
82
Resilience
50
Supply Ch.
85
OpSec
54
Cascade
100
Min
50
Avg
78
Max
100

Audit History

Ackee Blockchain
2022-03
G0 Group
2023-06

Bug Bounty Program

$1,000,000
Max payout on Immunefi
View Program →

Assessment

Innovative batch auction DEX with native MEV protection. D4 penalized for deep multi-DEX dependency for settlement. Clean track record (36+ months, Gnosis heritage). Solver competition model is novel but less battle-tested.

Dimension Breakdown

How scores work →
Access Control
Weight 18%80% conf
85
Strong
arrow_forward
+21Solver competition with bonding requirements
+21Settlement contract with allow-listed solvers
+21Order signing via EIP-712 (user intent)
+21Pre-hooks and post-hooks add execution flexibility
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%82% conf
88
Strong
arrow_forward
+22Batch auction model provides MEV protection
+22Surplus from CoW (Coincidence of Wants) returned to users
+22CoW AMM adds protocol-owned liquidity
+22Solver competition creates price improvement incentive
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%75% conf
82
Strong
arrow_forward
-18No external oracle in core - solver provides price discovery
+27Settlement must match or exceed user's limit price
+27Reference prices from DEX liquidity (indirect oracle)
+27Price quality enforced by solver competition
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%80% conf
82
Strong
arrow_forward
+20GPv2 live since 2021, CoW Protocol since 2022 (36+ months)
+20Gnosis team heritage (ex-Gnosis Protocol)
-18No protocol-level exploit
+20Growing but still mid-maturity
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%75% conf
80
Strong
arrow_forward
+20CowDAO governance via vCOW token
+20Snapshot voting with on-chain execution
+20Solver whitelist managed by governance
+20Emerging governance maturity
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%30% conf
50
Concerning
  • Maximum resilience under independent adversarial testing
  • Comprehensive security coverage across all attack surfaces
  • Active bounty program incentivizes continuous scrutiny
  • No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%60% conf
54
Concerning
arrow_forward
-9No branch protection detected
-9CI/CD present but unstable (0% success)
+18Commit signing: 100% verified
+18Strong PR review culture (83% reviewed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%72% conf
75
Good
arrow_forward
+19Aggregates across Uniswap, Balancer, Curve, etc.
+19Deep external DEX dependency for settlement
+19Solver strategies compose across multiple protocols
+19Hook system adds new composition vectors
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
100
Excellent
arrow_forward
+50Member of 1 dependency cluster(s)
0No cross-protocol cascade exposure detected
0Score: 100/100 (higher = more isolated from systemic risk)
+50Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%82% conf
85
Strong
arrow_forward
+21Standard Solidity settlement contracts
+21Rust-based solver infrastructure
+21Well-maintained dependency set
+21Verified on Ethereum mainnet
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience50
Operational Security54
Compositional Risk75

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2022-03-28Z-Factor 0.82010 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"cow-protocol"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("cow-protocol")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →