BlackHartBlackHart
Scores/Superform/Provenance/Access Control
D1

Access Control

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

Weight 18%88% confidence
42
Concerning
info

How This Score Is Built

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Score Composition

-58

Manager-as-strategist trust boundary is load-bearing with no on-chain enforcement

Strong negativeopen_in_newSource CodeMay 13, 2026
+10

F1 class: inspect()-vs-build() systemic parameter binding gap across 6 hooks

Strong positiveopen_in_newSource CodeMay 13, 2026
+10

Manager can substitute critical calldata (dstChainId, recipient, lltv, outputAmount)

Strong positivecodeView in sourceopen_in_newSource CodeMay 13, 2026
+10

6 sub-findings (F1a-F1f) with validated PoCs — 10 lens hits across 4 agents

Strong positiveopen_in_newSource CodeMay 13, 2026
+10

F1a composes with ACK'd H-3.1.2 for SuperPosition supply inflation (Critical)

Strong positiveopen_in_newSource CodeMay 13, 2026

Evidence Chain (2 files)

GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)
sha256:9a5a6974bc2e...
BlackHart AnalysisMay 13, 2026, 11:45 PM
open_in_newAccess Control — Source Code
sha256:d2dd55c42db0...

Score History

Initial BRI baseline from SuperForm sprint data: 17 validated findings (3C/8H/6M), 10 PoCs, 108 enriched graphs, 6 parallel analysis lenses
How is Access Controlscored? →← Back to Provenance Ledger