Scores/Coinbase

Coinbase

TEMPERED

L2 / Staking / Wallet · Ethereum + Base · $11B+ TVL · 15 contracts

Official site: www.coinbase.com ↗

730

3004756508251000

Confidence77%

Z-Factor0.85

Updated 2026-05-27Public score

Security Profile

Access Control
53

Economic Soundness
82

Oracle Integrity
68

Compositional Risk
78

Governance
40

Maturity
88

Resilience
44

Supply Chain
85

Cross-Chain Messaging
60

Op Security
66

Cascade Exposure
95

Access Ctrl
53

Economic
82

Oracle
68

Compos.
78

Govern.
40

Maturity
88

Resilience
44

Supply Ch.
85

X-Chain
60

OpSec
66

Cascade
95

Min

Avg

Max

Audit History

OpenZeppelin (cbETH)

2022-08Report

Sherlock (OP Stack/Bedrock)

2023-01

Coinbase Internal Security

2022-07

Bug Bounty Program

$5,000,000

Max payout on Cantina

View Program

Assessment

Institutional-grade OpSec and maturity offset by extreme centralization (D5=40) and 48 validated findings (23C+10H+15M). Highest critical ratio (48%) in tracked portfolio. C-BASENAME-001 (addr persistence through re-registration) further degrades access control.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 80% confidence

-47Fully centralized admin (Coinbase controls minting, pausing, upgrades)

+13cbETH has a minter role controlled by single entity

+13Base sequencer is sole-operator

+13Smart Wallet upgradeToAndCall is cross-chain replayable

Provenance

Economic Soundness

Weight 13% · 82% confidence

+27cbETH exchange-rate model (not rebasing) is simple and safe

+27Minimal MEV surface on staking derivative

+27No flash loan exposure on cbETH

-18Coinbase controls exchange rate oracle unilaterally

Provenance

Oracle Integrity

Weight 13% · 75% confidence

+34cbETH exchange rate set by Coinbase internal oracle

-16No Chainlink, no TWAP, no on-chain verification

+34Base uses standard OP Stack state root oracle

-16Centralized oracle is trust assumption, not safety property

Provenance

Battle-Tested Maturity

Weight 12% · 88% confidence

+18cbETH 33 months, Base 26 months, Coinbase Inc 12+ years

+18Zero exploits on any Coinbase on-chain component

+18Same FiatToken pattern as USDC (battle-tested)

+18OP Stack (Bedrock) underpins $50B+ in L2 TVL

Provenance

Governance & Upgradeability

Weight 10% · 85% confidence

-20Single corporate entity (NASDAQ:COIN) controls ALL admin functions

-20No on-chain governance, no DAO, no token voting, no timelock

-20Any upgrade can be executed instantly

+40Mitigating: publicly-traded with SEC reporting obligations

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Continuous adversarial sweep adds new findings on a recurring cadence

Provenance

Operational Security

Weight 10% · 60% confidence

-34No branch protection detected

+11Active CI/CD (100% success rate)

+11Commit signing: 100% verified

+11Strong PR review culture (80% reviewed)

Provenance

Cross-Chain Messaging

Weight 9% · 78% confidence

+15Base: single sequencer (Coinbase) — liveness SPOF

+157-day withdrawal delay (standard OP Stack)

+15No fraud proof system live yet

+15PRIM-001 cross-chain replay is confirmed finding

Provenance

Compositional Risk

Weight 5% · 78% confidence

+20cbETH is standalone ERC-20 with minimal external deps

+20Base inherits OP Stack (Bedrock) — well-audited

+20Smart Wallet has ERC-4337 + WebAuthn dependencies

+20Cross-chain replay risk on Smart Wallet (PRIM-001)

Provenance

Cascade Exposure

Weight 5% · 50% confidence

+48No cross-protocol cascade exposure detected

+48Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 90% confidence

+21FiatToken pattern (same as USDC) — extremely well-audited

+21OP Stack (Bedrock) audited by Sherlock, Spearbit, OZ

+21Standard Solidity, OpenZeppelin libraries

+21No exotic dependencies

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Access Control

53+52 potential

Fully centralized admin (Coinbase controls minting, pausing, upgrades)

Governance & Upgradeability

40+41.2 potential

Mitigating: publicly-traded with SEC reporting obligations

Adversarial Resilience

44+36.8 potential

Oracle Integrity

68+22.1 potential

cbETH exchange rate set by Coinbase internal oracle

Cross-Chain Messaging

60+20.2 potential

Base: single sequencer (Coinbase) — liveness SPOF

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-08-2511 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:0...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "coinbase"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("coinbase")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/coinbase?variant=card&theme=dark"
  title="BlackHart Risk Index: Coinbase"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review