D1
Access Control
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
Weight 18%85% confidence
50
Concerning
info
How This Score Is Built
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Scoring Tree
BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
646
Current BRI
D1Access Control
Weight 18%
50
(50/100)^0.18 = 0.8827
Contributing Factors
+17Admin controls market creation and resolution
+17User pause/unpause capability for admin
+17Operator/admin role separation in CTF
-17Centralized market resolution (UMA oracle + admin override)
-17DEGRADED post-HACK-POLYMARKET-2026-001: UMA CTF Adapter Admin is a single-EOA hot key with no multisig protecting privileged ops
-17No on-chain timelock on admin actions, no per-tx velocity cap, no auto-pause on outflow rate
Score Composition
-17
Centralized market resolution (UMA oracle + admin override)
Strong negativeopen_in_newSource Code
-17
DEGRADED post-HACK-POLYMARKET-2026-001: UMA CTF Adapter Admin is a single-EOA hot key with no multisig protecting privileged ops
Strong negativeopen_in_newSource Code
-17
No on-chain timelock on admin actions, no per-tx velocity cap, no auto-pause on outflow rate
Strong negativeopen_in_newSource Code
+17
Admin controls market creation and resolution
Strong positiveopen_in_newSource Code
+17
User pause/unpause capability for admin
Strong positiveopen_in_newSource Code
+17
Operator/admin role separation in CTF
Strong positiveopen_in_newSource Code
Evidence Chain (2 files)
BlackHart AnalysisMay 22, 2026, 11:37 AM
open_in_newAccess Control — Source Codesha256:5ebb3d36f03c...
GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)sha256:30570ae742e8...
Score History
No dimension-level score changes recorded yet.
Methodology: 2.1Formula: 1.1Weights: 1.1