D1
Access Control
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
Weight 18%72% confidence
75
Good
info
How This Score Is Built
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Scoring Tree
BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
791
Current BRI
D1Access Control
Weight 16%
75
(75/100)^0.16 = 0.9550
Contributing Factors
+2519-guardian validator set (improved from 13 post-exploit)
+25Rate limiting and governor contracts added post-exploit
+25Threshold signature scheme requires 13/19 consensus
-25Guardian key management remains centralized risk
Score Composition
-25
Guardian key management remains centralized risk
+25
19-guardian validator set (improved from 13 post-exploit)
+25
Rate limiting and governor contracts added post-exploit
+25
Threshold signature scheme requires 13/19 consensus
Evidence Chain (5 files)
hack_forensicsMay 30, 2026, 12:00 AM
open_in_newPrecedent: Alephium exploit (analogous)exploit type: Bridge guardian-key compromise
loss usd: 815000
relation: analogous
match: Same bridge family and entry point: a forged approval message passed to completeTransfer minted wrapped tokens. There it was a signature-verification bug; here
GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)sha256:6d8e421de512...
Audit ReportJan 1, 2024, 12:00 AM
Audit ReportSep 1, 2023, 12:00 AM
Audit ReportFeb 1, 2022, 12:00 AM
Score History
No dimension-level score changes recorded yet.
Methodology: 2.1Formula: 1.1Weights: 1.1