BlackHartBlackHart
Scores/USDC/Provenance/Access Control
D1

Access Control

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

Weight 18%88% confidence
45
Concerning
info

How This Score Is Built

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Scoring Tree

BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
733
Current BRI
D1Access Control
Weight 18%
45
(45/100)^0.18 = 0.8661
Contributing Factors
+9masterMinter (0xE982...de17) can configureMinter() any address with an effectively-unbounded mint allowance; minters mint to any address up to allowance — privileged keys can create supply
+9blacklister (0x0A06...78F9) can blacklist() ANY address, freezing its balance until unBlacklist() — a single role can freeze holder funds
+9pauser (0x4914...8566) can pause() and halt ALL transfers/mints/burns of the ~$52.46B token
+9RAISED from combined baseline 38 -> 45: ChainSecurity CCTP-V2 review confirms the codebase follows a 2-step pattern for transferring high-importance roles (reduces fat-finger/lockout risk), and the CCTP attestation mint-authority is no longer scored here (moved to circle-cctp)
+9Modifiers: onlyMinters, onlyMasterMinter, onlyPauser, onlyBlacklister, onlyOwner, whenNotPaused, notBlacklisted
-55Still scored well below a decentralized lending protocol: infinite-mint + freeze-any + instant-upgrade on a $52B base under a single corporate operator with no on-chain delay
0Upgradeable: proxy-admin 0x807a...95d2 can swap the implementation with NO timelock; legacy ZeppelinOS proxy (Solidity 0.4.24); current impl FiatTokenV2_2 0x4350...02dd
Evidence Sources
blackhart_analysisMay 30sha256:a2829c7ed31a....

Score Composition

-55

Still scored well below a decentralized lending protocol: infinite-mint + freeze-any + instant-upgrade on a $52B base under a single corporate operator with no on-chain delay

Strong negative
0

Upgradeable: proxy-admin 0x807a...95d2 can swap the implementation with NO timelock; legacy ZeppelinOS proxy (Solidity 0.4.24); current impl FiatTokenV2_2 0x4350...02dd

NeutralcodeView in source
+9

masterMinter (0xE982...de17) can configureMinter() any address with an effectively-unbounded mint allowance; minters mint to any address up to allowance — privileged keys can create supply

Strong positivecodeView in source
+9

blacklister (0x0A06...78F9) can blacklist() ANY address, freezing its balance until unBlacklist() — a single role can freeze holder funds

Strong positivecodeView in source
+9

pauser (0x4914...8566) can pause() and halt ALL transfers/mints/burns of the ~$52.46B token

Strong positivecodeView in source
+9

RAISED from combined baseline 38 -> 45: ChainSecurity CCTP-V2 review confirms the codebase follows a 2-step pattern for transferring high-importance roles (reduces fat-finger/lockout risk), and the CCTP attestation mint-authority is no longer scored here (moved to circle-cctp)

Strong positive
+9

Modifiers: onlyMinters, onlyMasterMinter, onlyPauser, onlyBlacklister, onlyOwner, whenNotPaused, notBlacklisted

Strong positivecodeView in source

Evidence Chain (1 files)

BlackHart AnalysisMay 30, 2026, 05:10 AM
sha256:a2829c7ed31a...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1
How is Access Control scored?← Back to Provenance Ledger