Scores/Centrifuge

Centrifuge

DAMASCUS

RWA / Tokenization · Ethereum · $300M+ TVL · 15 contracts

Official site: centrifuge.io ↗

759

3004756508251000

Confidence70%

Z-Factor0.80

Updated 2026-05-27Public score

Security Profile

Access Control
70

Economic Soundness
65

Oracle Integrity
55

Compositional Risk
72

Governance
65

Maturity
75

Resilience
50

Supply Chain
72

Op Security
62

Cascade Exposure
100

Access Ctrl
70

Economic
65

Oracle
55

Compos.
72

Govern.
65

Maturity
75

Resilience
50

Supply Ch.
72

OpSec
62

Cascade
100

Min

Avg

Max

100

Audit History

Trail of Bits

2022-06

Code4rena

2023-09

Bug Bounty Program

$250,000

Max payout on Cantina

View Program

Assessment

RWA tokenization protocol with 72-month Tinlake history. D3 low (55) due to off-chain oracle dependency for RWA valuations. D2 reflects inherent RWA illiquidity risk. Niche protocol with moderate security coverage.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 72% confidence

+23Pool admin controls asset onboarding and configuration

+23Epoch-based tranche investment/redemption model

+23Restricted token transfers (compliance whitelist)

-30Centralized asset originator trust dependency

Provenance

Economic Soundness

Weight 13% · 68% confidence

+22RWA collateral valuation depends on off-chain assets

+22Senior/Junior tranche waterfall model

+22NAV calculation relies on off-chain asset pricing

-35Liquidity risk: RWA assets are illiquid by nature

Provenance

Oracle Integrity

Weight 13% · 60% confidence

+14NAV oracle depends on off-chain asset valuations

+14Asset originator self-reports collateral values

+14Limited on-chain price verification for RWA

+14Trust assumption: originator honest reporting

Provenance

Battle-Tested Maturity

Weight 12% · 75% confidence

+19Tinlake live since mid-2020 (72 months), new Centrifuge since 2023

+19~$250M TVL across pools

+19No protocol-level exploit

+19Z-factor: 0.923

Provenance

Governance & Upgradeability

Weight 10% · 68% confidence

+16CFG token governance on Centrifuge Chain

+16Council and democracy modules (Substrate-based)

+16Pool-level governance by asset originators

+16Limited on-chain governance maturity

Provenance

Adversarial Resilienceredacted

Weight 10% · 30% confidence

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Active bounty program incentivizes continuous scrutiny
No validated adversarial findings — score set to neutral baseline

Provenance

Operational Security

Weight 10% · 60% confidence

-19No branch protection detected

-19CI/CD present but unstable (60% success)

+16Commit signing: 100% verified

+16Strong PR review culture (90% reviewed)

Provenance

Compositional Risk

Weight 5% · 70% confidence

+18Tinlake/Centrifuge Chain integration

+18Limited DeFi composability (restricted tokens)

+18MakerDAO integration for DAI lending against RWA

+18Moderate external dependency footprint

Provenance

Cascade Exposure

Weight 5% · 50% confidence

100

+33Member of 2 dependency cluster(s)

+33No cross-protocol cascade exposure detected

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 70% confidence

+18Substrate-based chain (Centrifuge Chain)

+18Solidity contracts on Ethereum (Tinlake)

+18Moderate dependency complexity

+18Mixed tech stack (Rust + Solidity)

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Oracle Integrity

55+37.1 potential

NAV oracle depends on off-chain asset valuations

Adversarial Resilience

50+32.9 potential

Access Control

70+30.4 potential

Centralized asset originator trust dependency

Economic Soundness

65+26.4 potential

Liquidity risk: RWA assets are illiquid by nature

Operational Security

62+22.5 potential

No branch protection detected

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2021-05-0110 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:e...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "centrifuge"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("centrifuge")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/centrifuge?variant=card&theme=dark"
  title="BlackHart Risk Index: Centrifuge"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review