BlackHartBlackHart
Scores/Kinetiq/Provenance/Operational Security
D11

Operational Security

Incident response speed, deployment hygiene, key management, monitoring infrastructure, and emergency history.

Weight 10%72% confidence
60
Moderate
info

How This Score Is Built

Incident response speed, deployment hygiene, key management, monitoring infrastructure, and emergency history.

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Scoring Tree

BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
688
Current BRI
D11Operational Security
Weight 9%
60
(60/100)^0.093 = 0.9536
Sub-Scores
Development Practices
50
Incident Response
55
Deployment Hygiene
60
Key Management
72
Monitoring
50
Emergency History
65
Contributing Factors
+20GitHub (real signals via API): the PRODUCTION contracts repo is PRIVATE (only the frozen Code4rena contest mirror code-423n4/2025-04-kinetiq is public; no public branch-protection/CI visibility for the live repo). A public kinetiq-research org (created 2025-01-20) has 2 active repos (hl-rs Rust pushed 2026-05-28, f1rewall TS) — active engineering presence. 7/10 recent commits on the public mirror are GPG-signed.
+20PROCESS is strong: continuous $5M Cantina bug-bounty (live since 2025-09-15, 369+ submissions) + 8 external audits from Pashov/Zenith/C4/Spearbit — a top-tier external-review posture
+20Confidence raised to 72: key-management and process sub-scores are now evidence-backed; the private-repo dev-practices sub-score remains inferred
-40RESIDUAL: OPERATOR_ROLE is a single EOA (0x23A4..4038) driving generatePerformance and L1 ops — an operational single point; no on-chain timelock; incident-response/monitoring infra not independently verified
0ON-CHAIN key management is STRONG: 4-of-8 Gnosis Safe v1.3.0 holds DEFAULT_ADMIN + MANAGER + all pause roles across all 6 cores (verified via cast). Multi-party control of the most dangerous powers. This replaced the guessed single-key D11 and is the main reason D11 rose from 50 to 60.
Evidence Sources
blackhart_analysisMay 30sha256:0655c9e74c50....

Sub-Score Breakdown

Development Practices
50
Incident Response
55
Deployment Hygiene
60
Key Management
72
Monitoring
50
Emergency History
65

Score Composition

-40

RESIDUAL: OPERATOR_ROLE is a single EOA (0x23A4..4038) driving generatePerformance and L1 ops — an operational single point; no on-chain timelock; incident-response/monitoring infra not independently verified

Negative
0

ON-CHAIN key management is STRONG: 4-of-8 Gnosis Safe v1.3.0 holds DEFAULT_ADMIN + MANAGER + all pause roles across all 6 cores (verified via cast). Multi-party control of the most dangerous powers. This replaced the guessed single-key D11 and is the main reason D11 rose from 50 to 60.

Neutral
+20

GitHub (real signals via API): the PRODUCTION contracts repo is PRIVATE (only the frozen Code4rena contest mirror code-423n4/2025-04-kinetiq is public; no public branch-protection/CI visibility for the live repo). A public kinetiq-research org (created 2025-01-20) has 2 active repos (hl-rs Rust pushed 2026-05-28, f1rewall TS) — active engineering presence. 7/10 recent commits on the public mirror are GPG-signed.

Positive
+20

PROCESS is strong: continuous $5M Cantina bug-bounty (live since 2025-09-15, 369+ submissions) + 8 external audits from Pashov/Zenith/C4/Spearbit — a top-tier external-review posture

Positive
+20

Confidence raised to 72: key-management and process sub-scores are now evidence-backed; the private-repo dev-practices sub-score remains inferred

Positive

Evidence Chain (1 files)

BlackHart AnalysisMay 30, 2026, 12:00 AM
development practices: 50
incident response: 55
deployment hygiene: 60
key management: 72
monitoring: 50
emergency history: 65
sha256:0655c9e74c50...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1
How is Operational Security scored?← Back to Provenance Ledger