BlackHartBlackHart
Scores/Instadapp

Instadapp

DAMASCUS

DeFi Automation · Ethereum + L2s · $2B+ TVL · 15 contracts

Official site: instadapp.io

781
3004756508251000
Confidence65%
Z-Factor0.85
Updated 2026-05-27Public score

Security Profile

Access Ctrl
75
Economic
78
Oracle
80
Compos.
55
Govern.
55
Maturity
82
Resilience
50
Supply Ch.
78
OpSec
51
Cascade
95
Min
50
Avg
70
Max
95

Audit History

Peckshield
2021-05
Statemind
2022-12

Bug Bounty Program

$500,000
Max payout on Immunefi
View Program

Assessment

Long-running DeFi middleware with clean track record. High maturity (Z=0.939) and no exploits help significantly. Compositional risk is inherently high (D4=55) because middleware composes everything by design. Good battle testing despite niche category.

Dimension Breakdown

Methodology
Access Control
Weight 18% · 72% confidence
75
+19DSA (DeFi Smart Account) owner-controlled
+19Authority delegation model for account management
+19Connector-based architecture with permissioned connectors
+19Multi-auth support for institutional users
Provenance
Economic Soundness
Weight 13% · 75% confidence
78
+20Middleware passes through underlying protocol economics
+20No direct economic model risk (fee-based on refinancing)
+20Vault products add yield-strategy economic surface
+20INST token governance but not core economic mechanism
Provenance
Oracle Integrity
Weight 13% · 75% confidence
80
+20Inherits oracle dependencies from underlying protocols
+20No proprietary oracle in core DSA architecture
+20Vault products may use price feeds for rebalancing
+20Clean pass-through for oracle risk
Provenance
Battle-Tested Maturity
Weight 12% · 78% confidence
82
+16Live since 2019 (one of the oldest DeFi middleware)
+16No direct protocol exploit on DSA architecture
+16Multiple iterations (V1, V2, current)
+16Audited by multiple firms over years
Provenance
Governance & Upgradeability
Weight 10% · 65% confidence
55
+14INST token governance for connector approval
+14Team retains significant operational control
+14Connector additions go through governance vote
+14Moderate governance participation
Provenance
Adversarial Resilienceredacted
Weight 10% · 30% confidence
50
  • No validated adversarial findings — score set to neutral baseline
Provenance
Operational Security
Weight 10% · 60% confidence
51
-24No branch protection detected
-24CI/CD present but unstable (0% success)
+17Strong PR review culture (80% reviewed)
+17Minimal development activity (0 commits/month)
Provenance
Compositional Risk
Weight 5% · 72% confidence
55
+18By design: composes EVERY major DeFi protocol
-45Connector architecture means attack surface = union of all connected protocols
+18Refinancing across protocols creates cross-protocol state dependency
+18DSA holds positions across multiple protocols simultaneously
Provenance
Cascade Exposure
Weight 5% · 50% confidence
95
+48No cross-protocol cascade exposure detected
+48Source: cross_protocol_composition.json dependency analysis
Provenance
Supply Chain
Weight 4% · 75% confidence
78
+20OpenZeppelin dependencies
+20Connector architecture means many integration points
+20Standard Solidity dependencies
+20Each connector is a potential supply chain entry point
Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Adversarial Resilience
50+34.5 potential
Operational Security
51+33.5 potential
No branch protection detected
Governance & Upgradeability
55+29.6 potential
INST token governance for connector approval
Access Control
75+25.6 potential
DSA (DeFi Smart Account) owner-controlled
Economic Soundness
78+15.8 potential
Middleware passes through underlying protocol economics

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2019-06-0110 dimensionsProvenance Ledger
methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:6...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug
"instadapp"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("instadapp")
Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View PlansMethodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public
Style
Theme
Format
Preview
Copy iframe code
<iframe
  src="https://blackhart.io/embed/oracle/instadapp?variant=card&theme=dark"
  title="BlackHart Risk Index: Instadapp"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>
Believe this score contains a factual error? Submit evidence for review