Instadapp
DAMASCUSDeFi Automation · Ethereum + L2s · $2B+ TVL · 15 contracts
Confidence 65%Z-Factor 0.85Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
781
BRI Score
3004756508251000
Security Profile
Access Control
75
75
Economic Soundness
78
78
Oracle Integrity
80
80
Compositional Risk
55
55
Governance
55
55
Maturity
82
82
Resilience
50
50
Supply Chain
78
78
Op Security
51
51
Cascade Exposure
95
95
Access Ctrl
75
75
Economic
78
78
Oracle
80
80
Compos.
55
55
Govern.
55
55
Maturity
82
82
Resilience
50
50
Supply Ch.
78
78
OpSec
51
51
Cascade
95
95
Min
50
Avg
70
Max
95
Audit History
Peckshield
2021-05
Statemind
2022-12
Bug Bounty Program
$250,000
Max payout on Immunefi
Assessment
Long-running DeFi middleware with clean track record. High maturity (Z=0.939) and no exploits help significantly. Compositional risk is inherently high (D4=55) because middleware composes everything by design. Good battle testing despite niche category.
Dimension Breakdown
How scores work →Access Control
Weight 18%72% conf
75
arrow_forwardGood
+19DSA (DeFi Smart Account) owner-controlled
+19Authority delegation model for account management
+19Connector-based architecture with permissioned connectors
+19Multi-auth support for institutional users
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%75% conf
78
arrow_forwardGood
+39Middleware passes through underlying protocol economics
-11No direct economic model risk (fee-based on refinancing)
+39Vault products add yield-strategy economic surface
-11INST token governance but not core economic mechanism
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%75% conf
80
arrow_forwardStrong
+40Inherits oracle dependencies from underlying protocols
-10No proprietary oracle in core DSA architecture
+40Vault products may use price feeds for rebalancing
-10Clean pass-through for oracle risk
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%78% conf
82
arrow_forwardStrong
+20Live since 2019 (one of the oldest DeFi middleware)
-18No direct protocol exploit on DSA architecture
+20Multiple iterations (V1, V2, current)
+20Audited by multiple firms over years
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%65% conf
55
arrow_forwardModerate
+14INST token governance for connector approval
+14Team retains significant operational control
+14Connector additions go through governance vote
+14Moderate governance participation
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%30% conf
50
Concerning
- No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%60% conf
51
arrow_forwardConcerning
-8No branch protection detected
-8CI/CD present but unstable (0% success)
+26Strong PR review culture (80% reviewed)
-8Minimal development activity (0 commits/month)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%72% conf
55
arrow_forwardModerate
+14By design: composes EVERY major DeFi protocol
+14Connector architecture means attack surface = union of all connected protocols
+14Refinancing across protocols creates cross-protocol state dependency
+14DSA holds positions across multiple protocols simultaneously
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
95
arrow_forwardExcellent
-2No cross-protocol cascade exposure detected
-2Score: 95/100 (higher = more isolated from systemic risk)
+95Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%75% conf
78
arrow_forwardGood
+20OpenZeppelin dependencies
+20Connector architecture means many integration points
+20Standard Solidity dependencies
+20Each connector is a potential supply chain entry point
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Resilience50
Operational Security51
Compositional Risk55
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "instadapp"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("instadapp")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.