Scores/Kelp DAO/Provenance/Access Control

Access Control

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

Weight 18%65% confidence

Moderate

info

How This Score Is Built

Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.

+23Strong positive

+12Positive

+5Slight positive

−15Strong negative

−8Negative

−3Slight negative

Scoring Tree

BRI Formula

300 + 700 × ∏(Dᵢ/100)^wᵢ

758

Current BRI

D1Access Control

Weight 18%

(68/100)^0.18 = 0.9329

Contributing Factors

+23Admin controls for deposits/withdrawals

+23Operator permissions

+23Multisig for emergency

-32Centralized parameter control

Evidence Sources

protocol_metadataJan 1

protocol_metadataMar 1

blackhart_analysisMay 17sha256:17faa3ae702e....View

blackhart_hacks_feedMay 27View

Score Composition

-32

Centralized parameter control

Strong negativeopen_in_newSource CodeMay 6, 2026

+23

Admin controls for deposits/withdrawals

Strong positiveopen_in_newSource CodeMay 6, 2026

+23

Operator permissions

Strong positiveopen_in_newSource CodeMay 6, 2026

+23

Multisig for emergency

Strong positiveopen_in_newSource CodeMay 6, 2026

Evidence Chain (4 files)

hack_forensicsMay 27, 2026, 12:00 AM

open_in_newPrecedent: StakeDAO exploit (analogous)

exploit type: Cross-chain trust binding hijack via private key compromise

loss usd: 91000

relation: analogous

match: Same cross-chain trust binding architecture, different compromise vector. Kelp was hit at the verifier infrastructure layer (poisoned RPC nodes feeding a single

GitHub APIMay 17, 2026, 06:58 PM

open_in_newGitHub (/)

sha256:17faa3ae702e...

Audit ReportMar 1, 2024, 12:00 AM

Audit ReportJan 1, 2024, 12:00 AM

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.0Weights: 1.0

How is Access Control scored?← Back to Provenance Ledger