BlackHartBlackHart
Scores/Kinetiq/Provenance/Supply Chain
D8

Supply Chain

Compiler version CVEs, library dependencies, build reproducibility, and proxy pattern risk.

Weight 4%65% confidence
80
Strong
info

How This Score Is Built

Compiler version CVEs, library dependencies, build reproducibility, and proxy pattern risk.

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Scoring Tree

BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
688
Current BRI
D8Supply Chain
Weight 4%
80
(80/100)^0.0372 = 0.9917
Contributing Factors
+27Standard OpenZeppelin upgradeable libraries (AccessControlEnumerableUpgradeable, Initializable, Math, EnumerableSet/Map); pinned via git submodules (forge-std, openzeppelin-contracts, openzeppelin-contracts-upgradeable)
+27Modern Solidity ^0.8.20 (built-in overflow checks; the one notable unchecked subtraction is the L200-207 economic bug, not a library issue); built with via_ir=true, optimizer 200 runs
+27DATA GAP: exact compiler-version reproducibility / lockfile-pin commit not independently verified against deployed bytecode
-20Custom in-house L1Write / L1Read precompile lib (0x3333 / 0x2222 / 0x1111 endpoints) is bespoke Hyperliquid integration code — non-standard, less-audited surface (slight deduction)
Evidence Sources
blackhart_analysisMay 30sha256:83bcc0a77011....

Score Composition

-20

Custom in-house L1Write / L1Read precompile lib (0x3333 / 0x2222 / 0x1111 endpoints) is bespoke Hyperliquid integration code — non-standard, less-audited surface (slight deduction)

Negative
+27

Standard OpenZeppelin upgradeable libraries (AccessControlEnumerableUpgradeable, Initializable, Math, EnumerableSet/Map); pinned via git submodules (forge-std, openzeppelin-contracts, openzeppelin-contracts-upgradeable)

Positive
+27

Modern Solidity ^0.8.20 (built-in overflow checks; the one notable unchecked subtraction is the L200-207 economic bug, not a library issue); built with via_ir=true, optimizer 200 runs

Positive
+27

DATA GAP: exact compiler-version reproducibility / lockfile-pin commit not independently verified against deployed bytecode

Positive

Evidence Chain (1 files)

BlackHart AnalysisMay 30, 2026, 12:00 AM
sha256:83bcc0a77011...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1
How is Supply Chain scored?← Back to Provenance Ledger