Ondo Finance
DAMASCUSRWA / Tokenization · Ethereum · $500M+ TVL · 10 contracts
Confidence 63%Z-Factor 0.70Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
815
BRI Score
3004756508251000
Security Profile
Access Control
80
80
Economic Soundness
88
88
Oracle Integrity
85
85
Compositional Risk
65
65
Governance
40
40
Maturity
72
72
Resilience
98
98
Supply Chain
85
85
Op Security
52
52
Cascade Exposure
95
95
Access Ctrl
80
80
Economic
88
88
Oracle
85
85
Compos.
65
65
Govern.
40
40
Maturity
72
72
Resilience
98
98
Supply Ch.
85
85
OpSec
52
52
Cascade
95
95
Min
40
Avg
76
Max
98
Audit History
C4 Competition
2023-01
Peckshield
2023-03
Bug Bounty Program
$250,000
Max payout on Immunefi
Assessment
RWA protocol with strongest economic soundness (D2=88) in batch due to Treasury backing. Extreme centralization (D5=40) is the major drag but is by design for regulatory compliance. BRI penalizes centralization regardless of intent.
Dimension Breakdown
How scores work →Access Control
Weight 18%82% conf
80
arrow_forwardStrong
+40KYC-gated whitelist provides strong access control
-10Admin keys are a feature for RWA compliance, not a bug
-10Freeze/blacklist/pause capabilities by design
+40Role-based admin with multi-sig
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%82% conf
88
arrow_forwardStrong
+29US Treasury backing provides strong economic foundation
+29NAV tied to real-world assets with daily attestation
-12Minimal DeFi-native economic risk (no AMM, no leverage)
+29Redemption mechanism backed by real custodied assets
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%78% conf
85
arrow_forwardStrong
+28NAV oracle from institutional custodian
-15Off-chain asset pricing with minimal on-chain manipulation surface
+28Trusted party model (acceptable for RWA)
+28Daily NAV updates with attestation
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%76% conf
72
arrow_forwardGood
+18Live since 2023 (~2 years)
-28Clean operational record, no exploits
+18Institutional backing provides credibility
+18Audited by Code4rena, Halborn
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%85% conf
40
arrow_forwardConcerning
-30Extremely centralized: admin controls mint, burn, freeze, blacklist
-30No on-chain governance mechanism
+20Regulatory compliance requires centralization (by design)
+20Token holders have zero protocol governance power
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
98
Excellent
- Score derived from continuous adversarial security research
Operational Security
Weight 10%35% conf
52
arrow_forwardConcerning
-10No branch protection detected
+17Active CI/CD (100% success rate)
+17Commit signing: 50% verified
-10Minimal development activity (0 commits/month)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%74% conf
65
arrow_forwardModerate
+32Limited DeFi composition by design (whitelist restrictions)
+32Growing integrations (Flux, Morpho) expand composition surface
-18Custodian failure is the primary compositional risk
-18Regulatory dependency adds systemic risk dimension
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
95
arrow_forwardExcellent
-2No cross-protocol cascade exposure detected
-2Score: 95/100 (higher = more isolated from systemic risk)
+95Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%82% conf
85
arrow_forwardStrong
+42Simple ERC-20 with access control extensions
-8Minimal dependency chain
+42Standard OpenZeppelin libraries
-8No complex proxy patterns needed
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Governance & Upgradeability40
Operational Security52
Compositional Risk65
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "ondo"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("ondo")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.