BlackHartBlackHart
Scores/Euler V2

Euler V2

DAMASCUS

Lending / Borrowing · Ethereum · $800M+ TVL · 15 contracts

Confidence 67%Z-Factor 0.60Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

757
BRI Score
3004756508251000

Security Profile

Access Ctrl
80
Economic
78
Oracle
78
Compos.
70
Govern.
62
Maturity
55
Resilience
41
Supply Ch.
82
OpSec
53
Cascade
62
Min
41
Avg
66
Max
82

Audit History

Spearbit
2024-06
Certora (Formal)
2024-07
Cantina Competition
2024-05

Bug Bounty Program

$200,000
Max payout on Cantina
View Program →

Assessment

Full 6-graph analysis confirms well-engineered protocol. 3183 nodes, 8062 edges, 22.4MB of graph data analyzed. 6/6 honest negatives on fork validation. V1 exploit history drags D6 (55), EVC structural complexity is high but intentional. Raised from prior 813/620 to calibrated 760 based on honest-negative-adjusted scoring: access control extractor limitation means structural findings are inflated, but protocol is genuinely complex. DAMASCUS = safe but complex, which matches.

Dimension Breakdown

How scores work →
Access Control
Weight 18%85% conf
80
Strong
arrow_forward
+20EVC operator/sub-account model with 12 modifiers across EVC contract
+20EVault authority_topology shows all public functions as permissionless (graph limitation: misses custom modifiers)
+20GenericFactory function_authorities has 96 entries covering all governance functions
+20ProtocolConfig has tau_star=0.75 with 1 bypass surface (admin-gated config setters)
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%78% conf
78
Good
arrow_forward
+16Isolated vault model limits contagion; each vault is independent contract
+16sv_totalShares written by 7 functions (well-defined write surface)
+16sv_cash written by 6 functions including skim and pullAssets/pushAssets
+16IRM modular and well-designed; interestAccumulator written by 4 functions
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%80% conf
78
Good
arrow_forward
+20Oracle-agnostic per vault (governor chooses oracle adapter)
+2012 oracle adapters supported (Chainlink, Pyth, RedStone, etc.)
+20QVC blueprint identifies 5 dangerous empty cells related to oracle composition
-22No protocol-level oracle manipulation protection beyond per-vault configuration
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%82% conf
55
Moderate
arrow_forward
+9V2 live since early 2024 (~2.3 years now)
+9V1 EXPLOITED for $197M in March 2023 (major credibility event, Z-factor drag)
+9V2 is complete rewrite (EVC architecture) but org carries V1 history
+9Audited by multiple firms, active Immunefi bounty ($250K)
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%78% conf
62
Moderate
arrow_forward
+12Governed vs Ungoverned perspectives (dual model)
+12GenericFactory function_authorities lists 96 governed functions with authority_level and authority_cost
+12Governor has significant config control per vault (setInterestFee, setMaxLiquidationDiscount, etc.)
+12ProtocolConfig has tau_star=0.75 and 1 absorbing violation (admin can modify)
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
41
Concerning
  • Score derived from continuous adversarial security research
Operational Security
Weight 10%60% conf
53
Concerning
arrow_forward
-9No branch protection detected
-9CI/CD present but unstable (0% success)
+18Commit signing: 60% verified
+18SECURITY.md present (detailed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%80% conf
70
Good
arrow_forward
+12EVC is the primary composition layer; all vault operations route through EVC authentication
+123 cross-contract compositions identified (EVC->EVault batch context, EVC->EVault permit, Factory->EVault delegatecall)
+12GenericFactory and EVault share implementation address (tight coupling)
+12EVC has 288 call edges to other functions; high compositional complexity
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%80% conf
62
Moderate
arrow_forward
+21Appears in 6 cross-protocol cascade chain(s)
+21Member of 6 dependency cluster(s)
-38Score: 62/100 (higher = more isolated from systemic risk)
+21Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%82% conf
82
Strong
arrow_forward
+27Solidity v0.8.24 (modern, overflow-safe)
+27EVC framework is novel but well-structured (776 nodes, clean edge structure)
+27Standard OpenZeppelin base libraries
-18SequenceRegistry is minimal (7 nodes, 3 edges) -- clean utility contract
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience41
Operational Security53
Battle-Tested Maturity55

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2024-09-01Z-Factor 0.60010 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"euler-v2"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("euler-v2")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →