Immutable
DAMASCUSGaming / NFT L2 · Ethereum + zkEVM · $500M+ TVL · 20 contracts
Confidence 75%Z-Factor 0.80Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
829
BRI Score
3004756508251000
Security Profile
Access Control
75
75
Economic Soundness
80
80
Oracle Integrity
85
85
Compositional Risk
78
78
Governance
50
50
Maturity
78
78
Resilience
97
97
Supply Chain
78
78
Op Security
59
59
Cascade Exposure
100
100
Access Ctrl
75
75
Economic
80
80
Oracle
85
85
Compos.
78
78
Govern.
50
50
Maturity
78
78
Resilience
97
97
Supply Ch.
78
78
OpSec
59
59
Cascade
100
100
Min
50
Avg
78
Max
100
Audit History
Trail of Bits
2022-09
NCC Group
2023-03
Bug Bounty Program
$1,000,000
Max payout on Immunefi
Assessment
Gaming L2 built on StarkEx with 49-month track record. D5 very low (50) due to fully centralized governance. D3 high (85) thanks to cryptographic validity proofs. Lower risk profile than DeFi but centralization concerns.
Dimension Breakdown
How scores work →Access Control
Weight 18%72% conf
75
arrow_forwardGood
+19StarkEx operator controls sequencing and data availability
+19Centralized sequencer with escape hatch mechanism
+19NFT minting requires operator approval
+19Withdrawal delay provides user protection window
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%75% conf
80
arrow_forwardStrong
-10NFT marketplace economics (not DeFi lending/trading)
+40IMX token for protocol fees (limited economic attack surface)
-10No flash loan or price manipulation vectors in core
+40Lower economic complexity than DeFi protocols
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%80% conf
85
arrow_forwardStrong
-5StarkEx validity proofs (cryptographic, not oracle-based)
-5No external price oracle dependency for core NFT operations
+85L1 settlement provides price finality
-5Minimal oracle surface compared to DeFi protocols
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%78% conf
78
arrow_forwardGood
+20Live since April 2021 (49 months)
+20Processed millions of NFT transactions
+20StarkEx technology well-tested (shared with dYdX)
+20Z-factor: 0.891
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%70% conf
50
arrow_forwardConcerning
+25Centralized operator (Immutable X team)
-25No on-chain governance mechanism
+25Protocol upgrades controlled by team multisig
-25Escape hatch is user protection, not governance
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
97
Excellent
- Score derived from continuous adversarial security research
Operational Security
Weight 10%60% conf
59
arrow_forwardModerate
-10No branch protection detected
-10CI/CD present but unstable (40% success)
+15Commit signing: 100% verified
+15Strong PR review culture (90% reviewed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%75% conf
78
arrow_forwardGood
+26Limited DeFi composability (gaming/NFT focus)
+26StarkEx provides isolated execution environment
+26Bridge to Ethereum L1 for deposits/withdrawals
-22Lower composition risk than general-purpose L2
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
100
arrow_forwardExcellent
+50Member of 1 dependency cluster(s)
0No cross-protocol cascade exposure detected
0Score: 100/100 (higher = more isolated from systemic risk)
+50Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%75% conf
78
arrow_forwardGood
+20StarkEx prover (proprietary StarkWare tech)
+20Solidity contracts for L1 bridge
+20Cairo programs for L2 logic
+20Dependency on StarkWare infrastructure
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Governance & Upgradeability50
Operational Security59
Access Control75
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "immutable"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("immutable")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.