Superform
FORGEDDeFi · Ethereum · Unknown TVL · 10 contracts
Confidence 82%Z-Factor 0.50Updated 2026-05-17Cross-chain assessedPublic Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
618
BRI Score
3004756508251000
Security Profile
Access Control
42
42
Economic Soundness
48
48
Oracle Integrity
52
52
Compositional Risk
35
35
Governance
55
55
Maturity
40
40
Resilience
25
25
Supply Chain
60
60
Liquidity & Market Structure
50
50
Cross-Chain Messaging
30
30
Op Security
60
60
Access Ctrl
42
42
Economic
48
48
Oracle
52
52
Compos.
35
35
Govern.
55
55
Maturity
40
40
Resilience
25
25
Supply Ch.
60
60
Liquidity
50
50
X-Chain
30
30
OpSec
60
60
Min
25
Avg
45
Max
60
Audit History
Bug Bounty Program
Unknown
Max payout on Unknown
Assessment
Cross-chain yield aggregator with 17 validated findings (3 Critical, 8 High) from 6 parallel analysis lenses. F1 class (inspect/build gap) is systemic across hooks — 10 lens cross-confirmations. Pre-mainnet v2 with 6 prior audits that missed these surfaces. BRI lands at low FORGED (602) due to extreme compositional and cross-chain risk partially offset by standard supply chain and governance structures.
Dimension Breakdown
How scores work →Access Control
Weight 19%88% conf
42
arrow_forwardConcerning
+10F1 class: inspect()-vs-build() systemic parameter binding gap across 6 hooks
+10Manager can substitute critical calldata (dstChainId, recipient, lltv, outputAmount)
+106 sub-findings (F1a-F1f) with validated PoCs — 10 lens hits across 4 agents
+10F1a composes with ACK'd H-3.1.2 for SuperPosition supply inflation (Critical)
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 14%82% conf
48
arrow_forwardConcerning
-52F2: maxStaleness has no upper bound — manager sets type(uint256).max to disable PPS gate
+16F3: updatePPSAfterSkim bypasses 14-property DOD oracle validation
+16F4: cancel-redeem silently overridden by fulfill — manager captures optionality value
+16PPS manipulation surfaces compose: F2+F3+Recon M-02 ACK'd PPS-sandwich
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 14%80% conf
52
arrow_forwardConcerning
-48F2: maxStaleness floor-only enforcement — no ceiling on oracle staleness
+13F3: skim path bypasses validator-network DOD (sets lastUpdateTimestamp directly)
+13F5: ECDSAPPSOracle uses abi.encodePacked instead of abi.encode for EIP-712
+13Standard signers produce wrong digest — silent ProofValidationFailed events
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 13%85% conf
40
arrow_forwardConcerning
-30v2 not yet deployed to mainnet (Cantina bounty active, pre-launch)
-30VaultBank still in test/draft — not yet promoted to src/
+20High velocity of changes across 193-contract surface
+206 prior audits (Spearbit, Recon, node.security, etc.) completed on earlier versions
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 11%75% conf
55
arrow_forwardModerate
+28SuperGovernor exists but manager role is over-trusted
-22maxStaleness floor-only enforcement (no ceiling — cosmology assumption #16)
-22No on-chain slashing for manager misbehavior (cosmology assumption #12)
+28Manager-as-strategist can keep staleness clock fresh without validator activity
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 7%92% conf
25
Critical
- 6 prior audits (Spearbit, Recon, node.security, etc.) missed these findings
- 17 validated findings including 3 Critical-class with 10 validated PoCs
- F1 class (10 lens cross-confirmation) exploits pattern noted but not enumerated by Spearbit M-5.3.10
- F7 is dual surface of node.security M-01 fix — new bug introduced by prior remediation
Compositional Risk
Weight 5%90% conf
35
arrow_forwardCritical
+7Extreme composition: hooks compose with cross-chain bridges (Across, DeBridge)
+7External protocol integrations: Morpho, Ethena, Centrifuge, Pendle, Spectra, Fluid, Gearbox
+7Internal SuperPosition system creates synthetic cross-chain positions
+7F1 class directly exploits composition boundary between inspect() and build()
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%70% conf
60
arrow_forwardModerate
+20Standard dependencies: OpenZeppelin, forge-std, solady
-40No exotic or unaudited supply chain dependencies
+20Substrate/Solidity mixed stack but standard patterns
+20Moderate dependency complexity from multi-protocol integrations
receipt_longView provenance chainarrow_forward
Cross-Chain Messaging
Weight 4%88% conf
30
arrow_forwardCritical
-70Cross-chain is CORE to SuperForm architecture — not optional
+8F1a/F1e/F1f directly exploit cross-chain bridge hook calldata binding gaps
+8Multiple bridge integrations: Across, DeBridge, Circle CCTP
+8SuperPositions create synthetic cross-chain receipt tokens
receipt_longView provenance chainarrow_forward
Liquidity & Market Structure
Weight 2%60% conf
50
arrow_forwardConcerning
-50Pre-mainnet: TVL not yet established for v2
+25v1 had moderate TVL but v2 is a complete redesign
+25Neutral score — insufficient on-chain data for liquidity assessment
receipt_longView provenance chainarrow_forward
Operational Security
Weight 2%60% conf
60
arrow_forwardModerate
-8No branch protection detected
-8CI/CD present but unstable (20% success)
+20Commit signing: 100% verified
+20SECURITY.md present (detailed)
receipt_longView provenance chainarrow_forward
Additional Dimensions
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Resilience25
Cross-Chain Messaging30
Compositional Risk35
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "superform"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("superform")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.