BlackHartBlackHart
Scores/dYdX

dYdX

DAMASCUS

Perps DEX · dYdX Chain (Cosmos) · $500M+ TVL · 10 contracts

Confidence 82%Z-Factor 0.82Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

807
BRI Score
3004756508251000

Security Profile

Access Ctrl
76
Economic
82
Oracle
75
Compos.
78
Govern.
72
Maturity
85
Resilience
46
Supply Ch.
82
OpSec
56
Cascade
95
Min
46
Avg
75
Max
95

Audit History

Trail of Bits
2021-02
Peckshield
2023-08
Informal Systems
2023-10

Bug Bounty Program

$500,000
Max payout on Immunefi
View Program →

Assessment

Downgraded from MITHRIL (859) after 26 adversarial findings including 8 Criticals. Chain halt vectors (OOM, Price=0, negative fee panic) demonstrate systemic fragility in consensus-layer validation. ClobPairIdFilter bypass is a direct access control failure enabling fund theft. D7 calibrated against euler_v2 (81 findings, D7=41), reserve (100 findings, D7=40), lido (38 findings, D7=44) using v1.1 severity-weighted formula.

Dimension Breakdown

How scores work →
Access Control
Weight 18%88% conf
76
Good
arrow_forward
+15Cosmos-based chain with validator set
+15Smart contract bridge to Ethereum
+15Governance controls protocol parameters
+15Operator permissions for market creation
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%80% conf
82
Strong
arrow_forward
+20Orderbook model proven at scale
+20Insurance fund for socialized losses
+20Liquidation engine well-tested
+20Fee structure transparent
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%72% conf
75
Good
arrow_forward
+19Custom oracle system for perpetual pricing
+19Multiple data sources aggregated
+19Oracle committee for price submission
+19Centralized oracle trust assumption
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%85% conf
85
Strong
arrow_forward
+21V3 live since April 2021, V4 since October 2023
+21Largest perpetual DEX by volume
+21Survived multiple market events
+21Chain migration demonstrates operational capability
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%72% conf
72
Good
arrow_forward
+18DYDX token governance via Cosmos chain
+18Foundation controls significant parameters
+18Governance participation growing
+18Migration from Ethereum added complexity
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
46
Concerning
  • 3 low-severity and 1 informational finding
  • Critical vectors: chain halt (OOM via MinNumVotesPerSample, Price=0 market creation, negative fee panic), ClobPairIdFilter bypass (full account drain)
  • Source: BlackHart adversarial sprint May 2026
Operational Security
Weight 10%60% conf
56
Moderate
arrow_forward
-9No branch protection detected
-9CI/CD present but unstable (40% success)
+19Commit signing: 100% verified
+19Strong PR review culture (97% reviewed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%75% conf
78
Good
arrow_forward
+26Standalone chain reduces external composition
-22Bridge to Ethereum adds cross-chain risk
+26Limited DeFi composability by design
+26Validator set dependency
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
95
Excellent
arrow_forward
-2No cross-protocol cascade exposure detected
-2Score: 95/100 (higher = more isolated from systemic risk)
+95Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%80% conf
82
Strong
arrow_forward
+20Cosmos SDK based
+20Standard Go/Solidity stack
+20Verified Ethereum contracts
+20Custom trading engine
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience46
Operational Security56
Governance & Upgradeability72

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2021-04-01Z-Factor 0.82010 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"dydx"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("dydx")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →