D1
Access Control
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
Weight 18%75% confidence
72
Good
info
How This Score Is Built
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Scoring Tree
BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
776
Current BRI
D1Access Control
Weight 18%
72
(72/100)^0.18 = 0.9426
Contributing Factors
+14SpokePool admin is cross-domain (HubPool via bridge) - strong access control
+14proposeRootBundle is permissionless but requires bond
+14executeRootBundle is gated by liveness period + Merkle proof
+14Owner-only functions for critical configuration (adapters, routes)
+14Emergency delete provides admin safety valve
Evidence Sources
Score Composition
+14
SpokePool admin is cross-domain (HubPool via bridge) - strong access control
+14
proposeRootBundle is permissionless but requires bond
+14
executeRootBundle is gated by liveness period + Merkle proof
+14
Owner-only functions for critical configuration (adapters, routes)
+14
Emergency delete provides admin safety valve
Evidence Chain (3 files)
GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)sha256:febe91d03e73...
Audit ReportJan 1, 2024, 12:00 AM
Audit ReportOct 1, 2022, 12:00 AM
Score History
No dimension-level score changes recorded yet.
Methodology: 2.1Formula: 1.1Weights: 1.1