BlackHartBlackHart
Scores/rhino.fi

rhino.fi

TEMPERED

DEX / Bridge · Ethereum + L2s · $100M+ TVL · 10 contracts

Confidence 67%Z-Factor 0.76Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

739
BRI Score
3004756508251000

Security Profile

Access Ctrl
55
Economic
68
Oracle
72
Compos.
52
Govern.
40
Maturity
70
Resilience
87
Supply Ch.
68
OpSec
50
Cascade
100
Min
40
Avg
66
Max
100

Audit History

Nethermind
2022-09
Peckshield
2023-02

Bug Bounty Program

$100,000
Max payout on Immunefi
View Program →

Assessment

DeFi aggregator/bridge with 48-month track record (ex-DeversiFi). D5 very low (40) for fully centralized governance with single owner. D1 low (55) due to 5/10 contracts having zero access control modifiers. D4 low (52) due to multi-contract proxy composition with 971 call edges. StarkEx base provides cryptographic settlement security but does not compensate for centralization risk. Downgraded from DAMASCUS to TEMPERED based on deeper graph analysis revealing modifier coverage gaps.

Dimension Breakdown

How scores work →
Access Control
Weight 18%62% conf
55
Moderate
arrow_forward
+1433 modifiers total but 5/10 contracts have ZERO modifiers
+14Bridge: onlyOwner (single owner), _isAuthorized custom check
+14StarkExchange: onlyGovernance, notFinalized, notFrozen
+14DACommittee, GpsFactRegistryAdapter, MemoryPageFactRegistry, OrderRegistry, SHARPVerifier: 0 modifiers
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%65% conf
68
Moderate
arrow_forward
+14Bridge permissionless value operations: depositWithId, withdrawV2, swapWithData
+14StarkExchange: transfer, transferAll permissionless value moves
+14Bridge 160 CONSERVATION_BREAK reactions in structural analysis
+14StarkEx settlement provides trade finality via validity proofs
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%68% conf
72
Good
arrow_forward
-28StarkEx validity proofs (cryptographic verification) - no external price oracle for core settlement
+18GpsFactRegistryAdapter mediates GPS contract proof verification (2 SVs, 0 writers)
+18MemoryPageFactRegistry: fact storage with 7 writing functions
+18Bridge pricing relies on DEX aggregation externally
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%68% conf
70
Good
arrow_forward
+18Live since 2021 as DeversiFi, rebranded to rhino.fi (~48 months total)
+18StarkEx technology well-tested across multiple deployments (dYdX, Immutable, Sorare)
+18Moderate TVL (~$700M in bridge)
+18Z-factor: 0.889
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%60% conf
40
Concerning
arrow_forward
+13Centralized company governance (rhino.fi team)
+13Bridge: single onlyOwner controls all admin operations
+13StarkExchange: onlyGovernance (single governance address)
-60No on-chain governance mechanism or DAO
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
87
Strong
  • Score derived from continuous adversarial security research
Operational Security
Weight 10%50% conf
50
Concerning
arrow_forward
-8No branch protection detected
-8No CI/CD pipeline detected
+25Commit signing: 62% verified
-8Minimal development activity (0 commits/month)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%60% conf
52
Concerning
arrow_forward
+26971 call edges across 10 contracts
+26Cross-contract: StarkExchange -> DACommittee -> GpsFactRegistryAdapter -> MemoryPageFactRegistry
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
100
Excellent
arrow_forward
+50Member of 1 dependency cluster(s)
0No cross-protocol cascade exposure detected
0Score: 100/100 (higher = more isolated from systemic risk)
+50Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%65% conf
68
Moderate
arrow_forward
+23StarkEx settlement layer (StarkWare proprietary dependency)
+23OpenZeppelin upgradeable contracts
+23Standard Solidity dependencies
-32StarkWare infrastructure dependency creates supply chain risk
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Governance & Upgradeability40
Operational Security50
Compositional Risk52

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2021-04-01Z-Factor 0.76010 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"rhinofi"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("rhinofi")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →