Scores/Compound V3

Compound V3

DAMASCUS

Lending / Borrowing · Multi-chain · $2.5B TVL · 15 contracts

Official site: compound.finance ↗

825

3004756508251000

Confidence74%

Z-Factor0.86

Updated 2026-05-27Public score

Security Profile

Access Control
88

Economic Soundness
85

Oracle Integrity
82

Compositional Risk
75

Governance
72

Maturity
90

Resilience
50

Supply Chain
88

Op Security
47

Cascade Exposure
84

Access Ctrl
88

Economic
85

Oracle
82

Compos.
75

Govern.
72

Maturity
90

Resilience
50

Supply Ch.
88

OpSec
47

Cascade
84

Min

Avg

Max

Audit History

OpenZeppelin

2022-08Report

ChainSecurity

2022-07

Bug Bounty Program

$1,000,000

Max payout on Immunefi

View Program

Assessment

One of DeFi's most battle-tested lending protocols. V3 Comet architecture is simpler and safer than V2. Strong maturity (D6=90) and no exploits. Oracle single-source and governance centralization are the main drags.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 85% confidence

+22Comet single-asset design drastically reduces admin surface vs V2

+22Pause guardian for emergency response

+22Configurator pattern separates config from execution

+22No reentrancy exposure in core borrow/supply paths

Provenance

Economic Soundness

Weight 13% · 82% confidence

+28Conservative collateral factors, well-calibrated LTVs

+28Absorb mechanism for bad debt socialization is explicit

+28Single base asset per market simplifies liquidation math

Provenance

Oracle Integrity

Weight 13% · 80% confidence

+27Chainlink primary oracle with staleness checks

+27Custom price feeds per asset with governance control

+27No TWAP dependency, direct Chainlink consumption

-18Single oracle source per asset (no fallback chain)

Provenance

Battle-Tested Maturity

Weight 12% · 88% confidence

+18V3 live since Aug 2022 (~3.5 years), V2 since 2019 (org maturity 7+ years)

+18Survived multiple market stress events (LUNA, FTX, SVB)

+18Extensive audit history (OpenZeppelin, Trail of Bits, ChainSecurity)

+18No exploits in V3 lifetime

Provenance

Governance & Upgradeability

Weight 10% · 80% confidence

+18Governor Bravo with 2-day timelock

+18COMP token governance, active voter participation

+18Compound Labs retains outsized influence on proposals

+18Configurator upgrades require governance vote

Provenance

Adversarial Resilienceredacted

Weight 10% · 30% confidence

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Mature codebase with extensive battle testing
No validated adversarial findings — score set to neutral baseline

Provenance

Operational Security

Weight 10% · 60% confidence

-18No branch protection detected

-18CI/CD present but unstable (0% success)

+16Commit signing: 100% verified

-18Weak PR review coverage (13%)

Provenance

Compositional Risk

Weight 5% · 78% confidence

+25Widely integrated across DeFi (Instadapp, DeFi Saver, etc.)

+25Comet design limits cross-protocol re-entrancy surface

-25External reward claiming adds minor attack surface

+25Collateral asset risk delegated to governance

Provenance

Cascade Exposure

Weight 5% · 65% confidence

+28Appears in 3 cross-protocol cascade chain(s)

+28Member of 2 dependency cluster(s)

+28Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 85% confidence

+29Standard OpenZeppelin base libraries

+29Well-audited Solidity compiler versions

+29Clean dependency graph vs V2 complexity

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Operational Security

47+41.1 potential

No branch protection detected

Adversarial Resilience

50+37.7 potential

Governance & Upgradeability

72+17.5 potential

Governor Bravo with 2-day timelock

Oracle Integrity

82+13.7 potential

Chainlink primary oracle with staleness checks

Access Control

88+12.2 potential

Comet single-asset design drastically reduces admin surface vs V2

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-08-2610 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:c...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "compound-v3"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("compound-v3")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/compound-v3?variant=card&theme=dark"
  title="BlackHart Risk Index: Compound V3"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review