D1
Access Control
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
Weight 18%80% confidence
62
Moderate
info
How This Score Is Built
Permission models, admin surface, reentrancy protection, and authorization boundaries. #1 exploit vector by dollar loss in DeFi history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Scoring Tree
BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
722
Current BRI
D1Access Control
Weight 20%
62
(62/100)^0.2 = 0.9088
Contributing Factors
+1218 permissionless state-mutating functions out of 75 external
+12roleRegistry.hasRole() provides runtime defense invisible to static analysis
+128/8 fork-validated redemption chains are HONEST_NEGATIVE (safeTransferFrom msg.sender pattern)
+12Lone-sink heuristic false positives inflate raw cell count
+12deposit() is the only payable function
Score Composition
+12
18 permissionless state-mutating functions out of 75 external
+12
roleRegistry.hasRole() provides runtime defense invisible to static analysis
+12
8/8 fork-validated redemption chains are HONEST_NEGATIVE (safeTransferFrom msg.sender pattern)
+12
Lone-sink heuristic false positives inflate raw cell count
+12
deposit() is the only payable function
Evidence Chain (2 files)
GitHub APIMay 17, 2026, 06:58 PM
open_in_newGitHub (/)sha256:160a70884ede...
BlackHart AnalysisMay 4, 2026, 09:00 PM
open_in_newAccess Control — Source Codesha256:e3dae6f81059...
Score History
No dimension-level score changes recorded yet.
Methodology: 2.1Formula: 1.1Weights: 1.1