BlackHartBlackHart
Scores/USDC/Provenance/Governance & Upgradeability
D5

Governance & Upgradeability

Admin key concentration, timelock coverage, upgrade mechanisms, and Maximum Extractable Value by Admin (MEVA).

Weight 10%88% confidence
38
Critical
info

How This Score Is Built

Admin key concentration, timelock coverage, upgrade mechanisms, and Maximum Extractable Value by Admin (MEVA).

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Scoring Tree

BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
733
Current BRI
D5Governance & Upgradeability
Weight 10%
38
(38/100)^0.1 = 0.9078
Contributing Factors
+38Mitigating (off-chain, not a contract safety property): Circle is a regulated US money-transmitter / NYDFS-licensed, publicly listed (CRCL), with monthly reserve attestations — centralization is deliberate compliance design
-62Bug-bounty governance signal: Circle BBP (HackerOne, public mode) caps the CRITICAL payout at $5,000 (min $150) for a $52B+ issuer — the circlefin/stablecoin-evm repo IS in scope as a bounty-eligible smart-contract asset; the low cap drew public criticism (LlamaRisk called it 'vastly insufficient')
0Single corporate entity (Circle) controls ALL admin: owner, masterMinter, blacklister, pauser, rescuer, and proxy-admin — confirmed on-chain 2026-05-30
0No on-chain DAO, no token voting, no timelock anywhere — proxy implementation upgrades and role rotations execute instantly (single-step)
Evidence Sources
blackhart_analysisMay 30sha256:dca55c679fef....

Score Composition

-62

Bug-bounty governance signal: Circle BBP (HackerOne, public mode) caps the CRITICAL payout at $5,000 (min $150) for a $52B+ issuer — the circlefin/stablecoin-evm repo IS in scope as a bounty-eligible smart-contract asset; the low cap drew public criticism (LlamaRisk called it 'vastly insufficient')

Negative
0

Single corporate entity (Circle) controls ALL admin: owner, masterMinter, blacklister, pauser, rescuer, and proxy-admin — confirmed on-chain 2026-05-30

NeutralcodeView in source
0

No on-chain DAO, no token voting, no timelock anywhere — proxy implementation upgrades and role rotations execute instantly (single-step)

NeutralcodeView in source
+38

Mitigating (off-chain, not a contract safety property): Circle is a regulated US money-transmitter / NYDFS-licensed, publicly listed (CRCL), with monthly reserve attestations — centralization is deliberate compliance design

Positive

Evidence Chain (1 files)

BlackHart AnalysisMay 30, 2026, 05:10 AM
sha256:dca55c679fef...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1
How is Governance & Upgradeability scored?← Back to Provenance Ledger