D1
Access Control
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
Weight 18%85% confidence
80
Strong
info
How This Score Is Built
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Score Composition
-20
EVC bypass_surfaces=99 is concerning but reflects complex internal permission model, not lack of access control
+20
EVC operator/sub-account model with 12 modifiers across EVC contract
+20
EVault authority_topology shows all public functions as permissionless (graph limitation: misses custom modifiers)
+20
GenericFactory function_authorities has 96 entries covering all governance functions
+20
ProtocolConfig has tau_star=0.75 with 1 bypass surface (admin-gated config setters)
Evidence Chain (2 files)
GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)sha256:536e185e0f9e...
BlackHart AnalysisMay 4, 2026, 10:30 PM
open_in_newAccess Control — Source Codesha256:c17152707d9e...
Score History
—
Automated pipeline dimension update