Scores/Abracadabra

Abracadabra

TEMPERED

Lending / Stablecoin · Multi-chain · $200M+ TVL · 15 contracts

Official site: abracadabra.money ↗

740

3004756508251000

Confidence75%

Z-Factor0.80

Updated 2026-05-27Public score

Security Profile

Access Control
62

Economic Soundness
54

Oracle Integrity
48

Compositional Risk
58

Governance
65

Maturity
72

Resilience
98

Supply Chain
68

Op Security
47

Cascade Exposure
100

Access Ctrl
62

Economic
54

Oracle
48

Compos.
58

Govern.
65

Maturity
72

Resilience
98

Supply Ch.
68

OpSec
47

Cascade
100

Min

Avg

Max

100

Audit History

Certik

2021-08

Guardian Audits

2023-05

Bug Bounty Program

$100,000

Max payout on Immunefi

Assessment

ENRICHED_FROM_ARCHITECTURE: Mature CDP protocol with significant oracle manipulation surface and cook() multicall complexity. Comparable to MakerDAO (BRI ~750) but lower due to single oracle, no governance module, and historical incidents.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 70% confidence

+16DegenBox masterContractApproved pattern provides adequate access control

+16cook() is permissionless but deferred solvency check provides post-hoc guard

+16MIM mint is operator-only (single address)

+16Strategy management is owner-only with timelock

Provenance

Economic Soundness

Weight 13% · 60% confidence

+18CDP model with collateralization ratio provides solvency margin

-23DegenBox elastic/base (Rebase) math introduces rounding risk on small amounts

+18Liquidation multiplier creates economic incentive for timely liquidation

-23Historical MIM depeg events indicate fragile peg mechanism

Provenance

Oracle Integrity

Weight 13% · 65% confidence

-26Single oracle source per Cauldron (IOracle interface)

+16exchangeRate stored and used for solvency - oracle manipulation directly impacts liquidation

+16updateExchangeRate() is permissionless

+16No TWAP or multi-oracle aggregation in base CauldronV4

Provenance

Battle-Tested Maturity

Weight 12% · 80% confidence

+18Live since January 2021 (3+ years)

+18Survived multiple market stress events

+18Multiple prior audits

+18Open source codebase

Provenance

Governance & Upgradeability

Weight 10% · 60% confidence

+22Owner controls strategy deployment and new cauldron creation

+22Strategy changes have timelock (2-week delay)

-35No on-chain governance - team-controlled multisig

+22blacklistedCallees provides cook() callee restriction

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Score derived from continuous adversarial security research

Provenance

Operational Security

Weight 10% · 60% confidence

-26No branch protection detected

-26CI/CD present but unstable (0% success)

+16Commit signing: 66% verified

+16Minimal development activity (0 commits/month)

Provenance

Compositional Risk

Weight 5% · 55% confidence

+14Deep integration with DegenBox (BentoBox fork) for all token custody

+14External swapper calls during liquidation

+14Cross-protocol oracle dependencies (Chainlink, Curve pools)

+14cook() multicall can compose arbitrary action sequences

Provenance

Cascade Exposure

Weight 5% · 50% confidence

100

+33Member of 2 dependency cluster(s)

+33No cross-protocol cascade exposure detected

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 50% confidence

+23BentoBox fork (SushiSwap origin) - well-understood codebase

+23Standard Solidity dependencies (OpenZeppelin base)

+23No exotic compiler versions

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Oracle Integrity

48+44.1 potential

Single oracle source per Cauldron (IOracle interface)

Access Control

62+39.5 potential

DegenBox masterContractApproved pattern provides adequate access control

Economic Soundness

54+36.7 potential

DegenBox elastic/base (Rebase) math introduces rounding risk on small amounts

Operational Security

47+34.5 potential

No branch protection detected

Governance & Upgradeability

65+19.4 potential

No on-chain governance - team-controlled multisig

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2021-05-0110 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:b...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "abracadabra"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("abracadabra")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/abracadabra?variant=card&theme=dark"
  title="BlackHart Risk Index: Abracadabra"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review