Sablier
MITHRILToken Streaming · Multi-chain · $100M+ TVL · 10 contracts
Confidence 78%Z-Factor 0.88Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
874
BRI Score
3004756508251000
Security Profile
Access Control
90
90
Economic Soundness
92
92
Oracle Integrity
95
95
Compositional Risk
85
85
Governance
82
82
Maturity
85
85
Resilience
50
50
Supply Chain
90
90
Op Security
66
66
Cascade Exposure
100
100
Access Ctrl
90
90
Economic
92
92
Oracle
95
95
Compos.
85
85
Govern.
82
82
Maturity
85
85
Resilience
50
50
Supply Ch.
90
90
OpSec
66
66
Cascade
100
100
Min
50
Avg
84
Max
100
Audit History
Cantina
2024-05
Codehawks
2023-11
Bug Bounty Program
$100,000
Max payout on Cantina
Assessment
Clean, focused token streaming protocol. Simplicity is its greatest security asset - no oracles, no flash loans, straightforward math. D5 penalized for lack of formal governance, D6 for V2's relative youth. V1's 7-year org history helps.
Dimension Breakdown
How scores work →Access Control
Weight 18%88% conf
90
arrow_forwardExcellent
-5Minimal admin surface - stream creation is permissionless
+45Cancel/withdraw controls per-stream by sender/recipient
+45NFT representation of streams (ERC-721)
-5No global admin or pause mechanism in V2
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%90% conf
92
arrow_forwardExcellent
+31Linear, cliff, and dynamic streaming curves
+31Math is straightforward (time-proportional release)
-8No flash loan surface, no yield generation
+31Economic model is simple and well-understood
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%95% conf
95
arrow_forwardExcellent
-2No external oracle dependency whatsoever
+48Time-based streaming uses block.timestamp only
-2No price feeds, no TWAP, no external data
+48Simplest possible temporal model
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%78% conf
85
arrow_forwardStrong
+17V2 live since mid-2023 (24 months)
+17V1 live since 2019 (7 years org history)
+17Zero exploits across any version
+17Multiple audits (Cantina, CodeHawks)
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%72% conf
82
arrow_forwardStrong
-6Small team governance, no token, no DAO
-6Multisig for protocol admin (minimal admin needed)
+82Deployment decisions by core team
-6No formal governance framework
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%30% conf
50
Concerning
- Maximum resilience under independent adversarial testing
- Comprehensive security coverage across all attack surfaces
- Mature codebase with extensive battle testing
- No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%60% conf
66
arrow_forwardModerate
-17No branch protection detected
+11Active CI/CD (100% success rate)
+11Commit signing: 100% verified
+11Strong PR review culture (77% reviewed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%82% conf
85
arrow_forwardStrong
+85Limited composability - NFT streams can be traded
-5No deep external protocol dependencies
-5Minimal integration surface by design
-5Lockup and Flow contracts are self-contained
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%50% conf
100
arrow_forwardExcellent
+50Member of 1 dependency cluster(s)
0No cross-protocol cascade exposure detected
0Score: 100/100 (higher = more isolated from systemic risk)
+50Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%88% conf
90
arrow_forwardExcellent
-10Minimal dependencies (PRBMath, OpenZeppelin)
+30Clean Solidity codebase
+30Verified on all deployment chains
+30Professional build and test pipeline
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Resilience50
Operational Security66
Governance & Upgradeability82
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "sablier"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("sablier")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.