BlackHartBlackHart
Scores/Euler V2

Euler V2

DAMASCUS

Lending / Borrowing · Ethereum · $800M+ TVL · 15 contracts

Official site: www.euler.finance

757
3004756508251000
Confidence67%
Z-Factor0.60
Updated 2026-05-27Public score

Security Profile

Access Ctrl
80
Economic
78
Oracle
78
Compos.
70
Govern.
62
Maturity
55
Resilience
41
Supply Ch.
82
OpSec
53
Cascade
62
Min
41
Avg
66
Max
82

Audit History

Spearbit
2024-06
Certora (Formal)
2024-07
Cantina Competition
2024-05

Bug Bounty Program

$7,500,000
Max payout on Cantina
View Program

Assessment

Full 6-graph analysis confirms well-engineered protocol. 3183 nodes, 8062 edges, 22.4MB of graph data analyzed. 6/6 honest negatives on fork validation. V1 exploit history drags D6 (55), EVC structural complexity is high but intentional. Raised from prior 813/620 to calibrated 760 based on honest-negative-adjusted scoring: access control extractor limitation means structural findings are inflated, but protocol is genuinely complex. DAMASCUS = safe but complex, which matches.

Dimension Breakdown

Methodology
Access Control
Weight 18% · 85% confidence
80
+20EVC operator/sub-account model with 12 modifiers across EVC contract
+20EVault authority_topology shows all public functions as permissionless (graph limitation: misses custom modifiers)
+20GenericFactory function_authorities has 96 entries covering all governance functions
+20ProtocolConfig has tau_star=0.75 with 1 bypass surface (admin-gated config setters)
Provenance
Economic Soundness
Weight 13% · 78% confidence
78
+13Isolated vault model limits contagion; each vault is independent contract
+13sv_totalShares written by 7 functions (well-defined write surface)
+13sv_cash written by 6 functions including skim and pullAssets/pushAssets
+13IRM modular and well-designed; interestAccumulator written by 4 functions
Provenance
Oracle Integrity
Weight 13% · 80% confidence
78
+16Oracle-agnostic per vault (governor chooses oracle adapter)
+1612 oracle adapters supported (Chainlink, Pyth, RedStone, etc.)
+16QVC blueprint identifies 5 dangerous empty cells related to oracle composition
+16No protocol-level oracle manipulation protection beyond per-vault configuration
Provenance
Battle-Tested Maturity
Weight 12% · 82% confidence
55
+9V2 live since early 2024 (~2.3 years now)
+9V1 EXPLOITED for $197M in March 2023 (major credibility event, Z-factor drag)
+9V2 is complete rewrite (EVC architecture) but org carries V1 history
+9Audited by multiple firms, active Immunefi bounty ($250K)
Provenance
Governance & Upgradeability
Weight 10% · 78% confidence
62
+12Governed vs Ungoverned perspectives (dual model)
+12GenericFactory function_authorities lists 96 governed functions with authority_level and authority_cost
+12Governor has significant config control per vault (setInterestFee, setMaxLiquidationDiscount, etc.)
+12ProtocolConfig has tau_star=0.75 and 1 absorbing violation (admin can modify)
Provenance
Adversarial Resilienceredacted
Weight 10% · 95% confidence
41
  • Score derived from continuous adversarial security research
Provenance
Operational Security
Weight 10% · 60% confidence
53
-24No branch protection detected
-24CI/CD present but unstable (0% success)
+13Commit signing: 60% verified
+13SECURITY.md present (detailed)
Provenance
Compositional Risk
Weight 5% · 80% confidence
70
+12EVC is the primary composition layer; all vault operations route through EVC authentication
+123 cross-contract compositions identified (EVC->EVault batch context, EVC->EVault permit, Factory->EVault delegatecall)
+12GenericFactory and EVault share implementation address (tight coupling)
+12EVC has 288 call edges to other functions; high compositional complexity
Provenance
Cascade Exposure
Weight 5% · 80% confidence
62
+21Appears in 6 cross-protocol cascade chain(s)
+21Member of 6 dependency cluster(s)
+21Source: cross_protocol_composition.json dependency analysis
Provenance
Supply Chain
Weight 4% · 82% confidence
82
+20Solidity v0.8.24 (modern, overflow-safe)
+20EVC framework is novel but well-structured (776 nodes, clean edge structure)
+20Standard OpenZeppelin base libraries
+20SequenceRegistry is minimal (7 nodes, 3 edges) -- clean utility contract
Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Adversarial Resilience
41+42.6 potential
Battle-Tested Maturity
55+34 potential
V2 live since early 2024 (~2.3 years now)
Operational Security
53+29.9 potential
No branch protection detected
Governance & Upgradeability
62+22.4 potential
Governed vs Ungoverned perspectives (dual model)
Access Control
80+18.7 potential
EVC operator/sub-account model with 12 modifiers across EVC contract

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2024-09-0110 dimensionsProvenance Ledger
methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:e...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug
"euler-v2"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("euler-v2")
Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View PlansMethodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public
Style
Theme
Format
Preview
Copy iframe code
<iframe
  src="https://blackhart.io/embed/oracle/euler-v2?variant=card&theme=dark"
  title="BlackHart Risk Index: Euler V2"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>
Believe this score contains a factual error? Submit evidence for review