BlackHartBlackHart

Your protocol's
red team.

Continuous adversarial research with working exploits and deployable patches. Every finding is proven on a mainnet fork and ships with a staged fix.

47,000+

Attack Surfaces Analyzed

95%

Coverage Per Protocol

100%

Fork-Validated PoCs

106

Zero-Day Chains Mapped

24/7

Continuous Monitoring

<24h

Response Time

01 //
Why Continuous
sync

DeFi protocols ship continuously. Security research should too.

Every commit, every governance proposal, every new integration changes a protocol's attack surface. Continuous coverage means every change is analyzed, every interaction path is scored, and every new risk is flagged as it appears.

02 //
Platform Capabilities
deployed_code

BlackHart Deploy

Every validated finding comes with a tested Solidity patch, staged as a draft PR on your repo. Accept the finding, merge the fix. Remediation in minutes, not weeks.

checkTested Solidity patches staged as draft PRs
checkOne-click merge to remediate in minutes
checkFull test suite validates each patch
blackhart-deploy
PR #47 staged
contracts/modules/EToken.sol
donateToReserves()
  function donateToReserves(uint amount)
    external nonReentrant {
-   // no validation
+   require(amount <= reserves,
+     "donate exceeds reserves");
    reserves -= amount;
  }
Merge Fix
+2 -1 · tests passing
hub

Threat Map

Interactive contract topology with severity overlays and function-level vulnerability tracking. See your entire protocol's security posture at a glance.

checkFull contract topology with interaction paths
checkSeverity-colored overlays on every node
checkFunction-level vulnerability tracking
threat-map · euler-v1
Contract topology
Critical
High
Cleared
Attack
flash loanself-liquidationEuler0x2718...25d3* dispatch()1EToken0xE025...d36b* mint()* liquidate()2Liquidation0xf43c...0b34* liquidate()1RiskManager0x55B5...44bEgetPrice()Aave V2external* flashLoan()1
rss_feed

Intelligence Feed

Real-time notifications on new findings, pipeline scans, and validated PoCs. Your security team stays informed continuously.

checkReal-time finding notifications with severity
checkPipeline scan status and PoC validation events
checkChronological audit trail of all activity
intelligence-feed
23 totalverified9 validated4 PRs pushed
Validated PoCCriticalBH-EU-00114:23 UTC
Unbounded mint leverage in EToken.mint() reproduced on mainnet fork.
Validated PoCCriticalBH-EU-00212:07 UTC
donateToReserves() solvency-check bypass confirmed.
Validated PoCHighBH-EU-00309:41 UTC
Self-liquidation at manipulated discount confirmed.
ResearchMedium08:15 UTC
Stale price feed in RiskManager.getPrice() under investigation.
verified

Validated PoCs

Every finding backed by a working proof-of-concept on mainnet fork. 100% external calls. If it works, you know it's real.

checkWorking exploits on mainnet fork state
check100% external calls, zero mocks
checkExact value-at-risk quantified per finding
findings · euler-v1
CriticalBH-EU-001verifiedPoC passing
Unbounded mint leverage enables self-liquidation drain
Contract
EToken
Terminal state
Theft
Value at risk
$197.5M
Validation
Mainnet fork
codeProof of conceptEulerExploit.t.sol
function test_euler_self_liquidation() public {
vm.createSelectFork(MAINNET_RPC, 16_817_995);
uint256 loan = aave.flashLoan(DAI, 30_000_000e18);
eToken.mint(/* leverage */ 19, loan);
eToken.donateToReserves(xxxxxxxxxx);
liq.liquidate(victim, xxxx, xxxxxxxx);
aave.repay(loan + premium);
lockFull PoC in report
}
check_circle[PASS] · attacker profit +$197,568,0421 passed · 0.42s

Abbreviated for this preview. Full working PoC and step-by-step trace are released with the engagement report.

radar

Continuous Monitoring

Our pipeline runs continuously against your protocol. New attack surfaces are flagged as they appear, and analysis restarts automatically when conditions change.

check24/7 automated scanning against live state
checkNew attack surfaces flagged as they appear
checkAutomatic re-scan on dependency changes
monitoring · euler-v1
Always On
Mar 7
Mar 8
Mar 9
Mar 10
Mar 11
Mar 12
Mar 13
Scan complete
New finding
Re-scan triggered
Critical alert
Mar 13 06:12
Critical chain detected - 3 primitives composed
Mar 11 14:33
New finding: unbounded mint leverage
Mar 10 09:00
Re-scan triggered by dependency update
science

Proprietary Algorithms

Purpose-built detection systems that identify compositional vulnerability patterns across cross-contract interaction surfaces. Multi-step exploit chains, economic attack paths, and state-dependent edge cases.

checkMulti-step exploit chain composition
checkCross-contract interaction path analysis
checkCompositional vulnerability detection across interaction surfaces
attack-chain-composer
volunteer_activism
donate
100M eDAI to reserves
arrow_forwardcompose
local_fire_department
self-liquidate
at 2x discount
arrow_forwardcompose
payments
profit
$197M extracted
link3-step chain · atomic execution
Critical
shield

Patch Verification

When you fix a finding, we re-run the PoC against your patch. If the fix is incomplete, we flag it before it hits production.

checkPoC re-run against every proposed patch
checkIncomplete fixes caught before production
checkCryptographic verification of patch integrity
patch-verification
Before PatchVULNERABLE
[PASS] exploit()
Attacker profit:
+197,568,042 DAI
After PatchSECURED
[FAIL] exploit()
Revert reason:
"donate exceeds reserves"
verifiedPatch verified
0xa3f7...c912Mar 14 09:22 UTC
03 //
How It Works
hub
01

We Map Your Protocol

Every contract, every interaction path, every trust boundary. Our systems build a complete threat topology of your protocol's architecture.

radar
02

Proprietary Technology Protects You 24/7

Our detection systems run continuously against your protocol, probing from every angle. When conditions change, analysis restarts automatically.

verified
03

We Prove What We Find

Every finding gets a working exploit on a mainnet fork. Real contracts, real state, real value at risk. If we can't prove it, you don't pay.

shield
04

You Stay Protected

Validated findings appear in your feed. Your threat map updates. You unlock the full report and remediation. We verify your patches. The cycle continues.

04 //
Field Report
CriticalEuler Finance — $197M Hack, March 2023

$197M drained in a single transaction.
Our system flagged it with 100% confidence.

Our systems identified all 3 critical vulnerabilities in the Euler V1 exploit: unbounded mint leverage, reserves donation without solvency check, and self-liquidation at manipulated discount. The full multi-step exploit path was detected and validated before the attack occurred.

$197M

Funds Drained

6

Primitives Found

1.00

Detection Confidence

1 TX

Atomic Exploit

Historical analysis of the Euler Finance V1 hack (March 13, 2023). All data is from a publicly-known incident.

05 //
Coverage Tiers

Your protocol's persistent red team.

Choose the depth of intelligence and response cadence that matches your risk profile. You only pay for validated findings that work.

Free

Always-on baseline visibility into your protocol's risk posture. Live Critical / funds-at-risk findings are always disclosed free and immediately through your existing channel.

checkHacks feed + live threat map
checkPer-protocol BRI score + Shield rating
checkRedacted previews of lower-severity findings
checkCritical findings always disclosed free and immediately
checkResearch signals in feed
Recommended

Direct Engagement

A private, outcome-based security engagement with a direct line to BlackHart. Free to start — you pay only for results.

checkEverything in Free
checkDirect working channel (Discord or your preferred channel)
checkOutcome-based — you pay only for validated results
checkFull findings, not redacted previews
checkNo access fee, no commitment

Vanguard

Enterprise

Your protocol's persistent red team: a dedicated researcher with continuous adversarial monitoring and merge-ready remediation, scoped to your TVL and surface.

checkDedicated researcher + continuous adversarial monitoring
checkCadence meetings + pre-release QC + surge red-team
checkRemediation delivered as merge-ready pull requests your team reviews and merges
checkBlackHart never holds your deploy or merge keys
checkScoped to your protocol's TVL and surface
rss_feedFor Protocol Teams

Protocol already in the Oracle?

If your protocol is already scored by the Oracle, you can request access to your threat intelligence feed. Get real-time visibility into findings, validated PoCs, and your live threat map. Requires a verified protocol team email.

06 //
FAQ

Frequently Asked Questions

How is BlackHart different from a traditional audit?

BlackHart Monitoring is continuous adversarial coverage. We actively hunt for vulnerabilities on an ongoing basis, with every commit analyzed and every new integration scored.

Does subscribing improve our public risk score?

Not directly. Subscribing gives you continuous vulnerability discovery and remediation support. Your public BRI score only improves when the underlying risks are actually addressed and we verify the changes.

How do you coordinate disclosure?

All vulnerability findings are disclosed through official bounty programs or responsible disclosure channels. Each report includes enough detail for the protocol team to validate and fix the issue. The timeline follows industry-standard coordinated disclosure practices.

Ready to get started?

Working exploits, staged patches, and continuous coverage. Every finding is proven on a mainnet fork and ships with a fix.