Scores/Immutable

Immutable

DAMASCUS

Gaming / NFT L2 · Ethereum + zkEVM · $500M+ TVL · 20 contracts

Official site: www.immutable.com ↗

829

3004756508251000

Confidence75%

Z-Factor0.80

Updated 2026-05-27Public score

Security Profile

Access Control
75

Economic Soundness
80

Oracle Integrity
85

Compositional Risk
78

Governance
50

Maturity
78

Resilience
97

Supply Chain
78

Op Security
59

Cascade Exposure
100

Access Ctrl
75

Economic
80

Oracle
85

Compos.
78

Govern.
50

Maturity
78

Resilience
97

Supply Ch.
78

OpSec
59

Cascade
100

Min

Avg

Max

100

Audit History

Trail of Bits

2022-09

NCC Group

2023-03

Bug Bounty Program

$1,000,000

Max payout on Immunefi

View Program

Assessment

Gaming L2 built on StarkEx with 49-month track record. D5 very low (50) due to fully centralized governance. D3 high (85) thanks to cryptographic validity proofs. Lower risk profile than DeFi but centralization concerns.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 72% confidence

+25StarkEx operator controls sequencing and data availability

-25Centralized sequencer with escape hatch mechanism

+25NFT minting requires operator approval

+25Withdrawal delay provides user protection window

Provenance

Economic Soundness

Weight 13% · 75% confidence

+20NFT marketplace economics (not DeFi lending/trading)

+20IMX token for protocol fees (limited economic attack surface)

+20No flash loan or price manipulation vectors in core

+20Lower economic complexity than DeFi protocols

Provenance

Oracle Integrity

Weight 13% · 80% confidence

+21StarkEx validity proofs (cryptographic, not oracle-based)

+21No external price oracle dependency for core NFT operations

+21L1 settlement provides price finality

+21Minimal oracle surface compared to DeFi protocols

Provenance

Battle-Tested Maturity

Weight 12% · 78% confidence

+20Live since April 2021 (49 months)

+20Processed millions of NFT transactions

+20StarkEx technology well-tested (shared with dYdX)

+20Z-factor: 0.891

Provenance

Governance & Upgradeability

Weight 10% · 70% confidence

-25Centralized operator (Immutable X team)

-25No on-chain governance mechanism

+25Protocol upgrades controlled by team multisig

+25Escape hatch is user protection, not governance

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Score derived from continuous adversarial security research

Provenance

Operational Security

Weight 10% · 60% confidence

-20No branch protection detected

-20CI/CD present but unstable (40% success)

+12Commit signing: 100% verified

+12Strong PR review culture (90% reviewed)

Provenance

Compositional Risk

Weight 5% · 75% confidence

+20Limited DeFi composability (gaming/NFT focus)

+20StarkEx provides isolated execution environment

+20Bridge to Ethereum L1 for deposits/withdrawals

+20Lower composition risk than general-purpose L2

Provenance

Cascade Exposure

Weight 5% · 50% confidence

100

+33Member of 1 dependency cluster(s)

+33No cross-protocol cascade exposure detected

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 75% confidence

+20StarkEx prover (proprietary StarkWare tech)

+20Solidity contracts for L1 bridge

+20Cairo programs for L2 logic

+20Dependency on StarkWare infrastructure

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Governance & Upgradeability

50+38 potential

Centralized operator (Immutable X team)

Operational Security

59+28.7 potential

No branch protection detected

Access Control

75+28.1 potential

StarkEx operator controls sequencing and data availability

Battle-Tested Maturity

78+16 potential

Live since April 2021 (49 months)

Economic Soundness

80+15.6 potential

NFT marketplace economics (not DeFi lending/trading)

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2021-04-0110 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:7...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "immutable"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("immutable")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/immutable?variant=card&theme=dark"
  title="BlackHart Risk Index: Immutable"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review