Scores/Across Protocol/Provenance/Supply Chain

Supply Chain

Compiler version CVEs, library dependencies, build reproducibility, and proxy pattern risk.

Weight 4%55% confidence

Moderate

info

How This Score Is Built

Compiler version CVEs, library dependencies, build reproducibility, and proxy pattern risk.

+23Strong positive

+12Positive

+5Slight positive

−15Strong negative

−8Negative

−3Slight negative

Scoring Tree

BRI Formula

300 + 700 × ∏(Dᵢ/100)^wᵢ

776

Current BRI

D8Supply Chain

Weight 4%

(69/100)^0.04 = 0.9853

Contributing Factors

+23Standard Solidity + OpenZeppelin base

+23MerkleLib is custom but well-audited

+23UMA SDK dependency is external but mature

Evidence Sources

blackhart_analysisMay 4sha256:d5d53911c8bd....View

blackhart_analysisMay 17sha256:5599ecdc6b55....View

Score Composition

+23

Standard Solidity + OpenZeppelin base

Positiveopen_in_newGitHub Supply ChainMay 4, 2026

+23

MerkleLib is custom but well-audited

Positiveopen_in_newGitHub Supply ChainMay 4, 2026

+23

UMA SDK dependency is external but mature

Positiveopen_in_newGitHub Supply ChainMay 4, 2026

Evidence Chain (2 files)

GitHub APIMay 17, 2026, 06:58 PM

open_in_newGitHub (/)

sha256:5599ecdc6b55...

BlackHart AnalysisMay 4, 2026, 11:30 PM

open_in_newSupply Chain — GitHub Supply Chain

sha256:d5d53911c8bd...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1

How is Supply Chain scored?← Back to Provenance Ledger