D1
Access Control
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
Weight 18%80% confidence
78
Good
info
How This Score Is Built
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Scoring Tree
BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
780
Current BRI
D1Access Control
Weight 18%
78
(78/100)^0.18 = 0.9563
Contributing Factors
+20Two-tier access: onlyGovernor (full power) + onlyGuardian (ops/fees)
+20Minter role pattern on AgToken restricts supply inflation
+20Guardian can set fees and pause without timelock -- ops flexibility vs risk tradeoff
+20No granular per-collateral admin roles (single Guardian controls all)
0ProxyAdmin owned by Governor timelock -- upgrade path gated
Score Composition
0
ProxyAdmin owned by Governor timelock -- upgrade path gated
+20
Two-tier access: onlyGovernor (full power) + onlyGuardian (ops/fees)
+20
Minter role pattern on AgToken restricts supply inflation
+20
Guardian can set fees and pause without timelock -- ops flexibility vs risk tradeoff
+20
No granular per-collateral admin roles (single Guardian controls all)
Evidence Chain (2 files)
GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)sha256:5f6764238b92...
BlackHart AnalysisMay 4, 2026, 09:00 PM
open_in_newAccess Control — Source Codesha256:ff51777c4839...
Score History
No dimension-level score changes recorded yet.
Methodology: 2.1Formula: 1.1Weights: 1.1