Scores/CoW Protocol

CoW Protocol

DAMASCUS

DEX Aggregator · Ethereum + Gnosis · $500M+ TVL · 10 contracts

Official site: cow.fi ↗

839

3004756508251000

Confidence75%

Z-Factor0.82

Updated 2026-05-27Public score

Security Profile

Access Control
85

Economic Soundness
88

Oracle Integrity
82

Compositional Risk
75

Governance
80

Maturity
82

Resilience
50

Supply Chain
85

Op Security
59

Cascade Exposure
100

Access Ctrl
85

Economic
88

Oracle
82

Compos.
75

Govern.
80

Maturity
82

Resilience
50

Supply Ch.
85

OpSec
59

Cascade
100

Min

Avg

Max

100

Audit History

Ackee Blockchain

2022-03

G0 Group

2023-06

Bug Bounty Program

$1,000,000

Max payout on Immunefi

View Program

Assessment

Innovative batch auction DEX with native MEV protection. D4 penalized for deep multi-DEX dependency for settlement. Clean track record (36+ months, Gnosis heritage). Solver competition model is novel but less battle-tested.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 80% confidence

+21Solver competition with bonding requirements

+21Settlement contract with allow-listed solvers

+21Order signing via EIP-712 (user intent)

+21Pre-hooks and post-hooks add execution flexibility

Provenance

Economic Soundness

Weight 13% · 82% confidence

+22Batch auction model provides MEV protection

+22Surplus from CoW (Coincidence of Wants) returned to users

+22CoW AMM adds protocol-owned liquidity

+22Solver competition creates price improvement incentive

Provenance

Oracle Integrity

Weight 13% · 75% confidence

+20No external oracle in core - solver provides price discovery

+20Settlement must match or exceed user's limit price

+20Reference prices from DEX liquidity (indirect oracle)

+20Price quality enforced by solver competition

Provenance

Battle-Tested Maturity

Weight 12% · 80% confidence

+16GPv2 live since 2021, CoW Protocol since 2022 (36+ months)

+16Gnosis team heritage (ex-Gnosis Protocol)

+16No protocol-level exploit

+16Growing but still mid-maturity

Provenance

Governance & Upgradeability

Weight 10% · 75% confidence

+20CowDAO governance via vCOW token

+20Snapshot voting with on-chain execution

+20Solver whitelist managed by governance

+20Emerging governance maturity

Provenance

Adversarial Resilienceredacted

Weight 10% · 30% confidence

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Active bounty program incentivizes continuous scrutiny
No validated adversarial findings — score set to neutral baseline

Provenance

Operational Security

Weight 10% · 60% confidence

-41No branch protection detected

+12Active CI/CD (80% success rate)

+12Commit signing: 100% verified

+12Strong PR review culture (83% reviewed)

Provenance

Compositional Risk

Weight 5% · 72% confidence

+19Aggregates across Uniswap, Balancer, Curve, etc.

+19Deep external DEX dependency for settlement

+19Solver strategies compose across multiple protocols

+19Hook system adds new composition vectors

Provenance

Cascade Exposure

Weight 5% · 50% confidence

100

+33Member of 1 dependency cluster(s)

+33No cross-protocol cascade exposure detected

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 82% confidence

+21Standard Solidity settlement contracts

+21Rust-based solver infrastructure

+21Well-maintained dependency set

+21Verified on Ethereum mainnet

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Adversarial Resilience

50+38.7 potential

Operational Security

59+29.2 potential

No branch protection detected

Access Control

85+16 potential

Solver competition with bonding requirements

Oracle Integrity

82+14.1 potential

No external oracle in core - solver provides price discovery

Battle-Tested Maturity

82+13 potential

GPv2 live since 2021, CoW Protocol since 2022 (36+ months)

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-03-2810 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:a...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "cow-protocol"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("cow-protocol")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/cow-protocol?variant=card&theme=dark"
  title="BlackHart Risk Index: CoW Protocol"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review