BlackHartBlackHart
Scores/Uniswap V4

Uniswap V4

MITHRIL

DEX / AMM · Multi-chain · $3.5B TVL · 8 contracts

Confidence 93%Z-Factor 0.74Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

856
BRI Score
3004756508251000

Security Profile

Access Ctrl
92
Economic
88
Oracle
98
Compos.
88
Govern.
92
Maturity
89
Resilience
39
Supply Ch.
88
OpSec
51
Cascade
100
Min
39
Avg
83
Max
100

Audit History

OpenZeppelin
2024-09Report →
Trail of Bits
2024-08
Spearbit
2024-10
ABDK
2024-07
Cantina Competition
2024-06

Bug Bounty Program

$15,500,000
Max payout on Cantina
View Program →

Assessment

Best-in-class DEX architecture. Immutable core, transient storage reentrancy guard, flash accounting, zero oracle deps. D7 pulls score from ADAMANTINE due to 81 validated findings (13 Critical) from deep adversarial research. TRIB-SETTLE-001 (permissionless fund theft via Tribunal composition) is the most severe finding to date, additionally impacting D4. Below ADAMANTINE due to deployment age (18mo), hook extensibility model, and now-demonstrated periphery composition risks.

Dimension Breakdown

How scores work →
Access Control
Weight 18%92% conf
92
Excellent
arrow_forward
-8Minimal admin surface (fee setting only, capped)
+23Transient storage lock eliminates reentrancy class
+23Flash accounting enforces within-tx balance invariants
+2358 access control checks across 246 total checks (23.6% check density)
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%90% conf
88
Strong
arrow_forward
-4Flash accounting IS the primitive, not a vulnerability
-4No share-inflation attack surface in singleton design
+4498 state writes but concentrated in ERC6909 token ops (balanceOf, allowance, isOperator)
-4MEV is user-side (sandwich), not protocol-level
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%95% conf
98
Excellent
arrow_forward
+33Zero external oracle dependencies in core
+33Self-sovereign pricing via AMM math
-2Protocol is oracle SOURCE, not consumer
+332 price_feed edges are hook-level, sandboxed per-pool
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%92% conf
89
Strong
arrow_forward
+15Deployed 2024-11-27 (~18 months live)
+15Uniswap org active since 2018 (8 years)
+15V3 never had a protocol-level exploit
+154 audit firms (ToB, OZ, Spearbit, C4)
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%92% conf
92
Excellent
arrow_forward
-4PoolManager is IMMUTABLE (no proxy, no upgrade path)
+46Owner = 2-day Timelock controlled by GovernorBravo
+46Admin can ONLY set protocol fee controller (capped at 0.1%)
-4Cannot drain funds, modify logic, or upgrade contract
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
39
Critical
  • 2 low-severity validated findings
Operational Security
Weight 10%60% conf
51
Concerning
arrow_forward
-8No branch protection detected
-8CI/CD present but unstable (0% success)
+26Commit signing: 100% verified
+26Strong PR review culture (73% reviewed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%88% conf
88
Strong
arrow_forward
+29Zero external dependencies in core PoolManager
-6Hook risk sandboxed per-pool, not protocol-wide
+2914 trust_dependency edges all hook-related
-6Bad hook affects one pool, not all of Uniswap
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%55% conf
100
Excellent
arrow_forward
+33Appears in 1 cross-protocol cascade chain (XPC-014)
+33Member of 2 dependency clusters
+33Zero downstream protocol dependencies
0Fully isolated architecture — no systemic contagion risk
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%95% conf
88
Strong
arrow_forward
-4Solidity 0.8.26 (stable, no critical known bugs)
-4Minimal external dependencies (custom libs)
+44Fully verified on Etherscan
-4Immutable deployment (no proxy risk)
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience39
Operational Security51
Economic Soundness88

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2024-11-27Z-Factor 0.74410 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"uniswap-v4"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("uniswap-v4")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →