Orca
DAMASCUSDEX / AMM · Solana · $500M+ TVL · 5 contracts
Confidence 69%Z-Factor 0.82Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
798
BRI Score
3004756508251000
Security Profile
Access Control
78
78
Economic Soundness
80
80
Oracle Integrity
85
85
Compositional Risk
72
72
Governance
52
52
Maturity
80
80
Resilience
50
50
Supply Chain
78
78
Op Security
58
58
Cascade Exposure
95
95
Access Ctrl
78
78
Economic
80
80
Oracle
85
85
Compos.
72
72
Govern.
52
52
Maturity
80
80
Resilience
50
50
Supply Ch.
78
78
OpSec
58
58
Cascade
95
95
Min
50
Avg
73
Max
95
Audit History
Kudelski Security
2022-03
Neodyme
2023-02
Bug Bounty Program
$500,000
Max payout on Immunefi
Assessment
Dominant Solana CLMM DEX. Proven AMM model adapted to Solana runtime. Clean security record. Governance centralization (D5=52) is the main weakness. Good maturity for Solana ecosystem.
Dimension Breakdown
How scores work →Access Control
Weight 18%72% conf
78
arrow_forwardGood
+20Permissionless pool creation (Whirlpools)
+20Fee tier and tick spacing parameters controlled by protocol
+20Admin authority for protocol fee collection
+20Position management is user-controlled (NFT-based)
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%78% conf
80
arrow_forwardStrong
+27Concentrated liquidity model (Uniswap V3-inspired)
+27Well-understood AMM economics, adapted for Solana
+27Fee tiers provide economic flexibility
-20No inflationary token incentive distortions in AMM core
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%82% conf
85
arrow_forwardStrong
+28AMM prices derived from pool state (TWAP available)
-15No external oracle dependency in core DEX
+28Manipulation resistance from concentrated liquidity depth
+28Price observations stored on-chain
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%78% conf
80
arrow_forwardStrong
+20Original Orca DEX since 2021, Whirlpools since mid-2022
-20No protocol exploit on Whirlpools
+20Dominant Solana DEX for concentrated liquidity
+20Multiple audits (Kudelski, Neodyme)
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%65% conf
52
arrow_forwardConcerning
+17ORCA token exists but governance is limited
+17Protocol decisions largely made by Orca team
-48No visible on-chain governance mechanism
+17Centralized fee parameter control
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%30% conf
50
Concerning
- No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%60% conf
58
arrow_forwardModerate
-7No branch protection detected
-7CI/CD present but unstable (40% success)
+29Commit signing: 76% verified
+29Dependabot enabled
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%70% conf
72
arrow_forwardGood
+24Widely composed in Solana DeFi (Jupiter aggregation)
-28Single-chain limits cross-chain risk
+24LP positions used as collateral in lending protocols
+24Whirlpool composability is well-bounded
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
95
arrow_forwardExcellent
-2No cross-protocol cascade exposure detected
-2Score: 95/100 (higher = more isolated from systemic risk)
+95Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%75% conf
78
arrow_forwardGood
+20Rust/Anchor framework
+20SPL token standards
+20Limited external dependencies in core AMM
+20Math libraries are protocol-internal
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Resilience50
Governance & Upgradeability52
Operational Security58
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "orca"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("orca")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.