Scores/Ondo Finance

Ondo Finance

DAMASCUS

RWA / Tokenization · Ethereum · $500M+ TVL · 10 contracts

Official site: ondo.finance ↗

815

3004756508251000

Confidence63%

Z-Factor0.70

Updated 2026-05-27Public score

Security Profile

Access Control
80

Economic Soundness
88

Oracle Integrity
85

Compositional Risk
65

Governance
40

Maturity
72

Resilience
98

Supply Chain
85

Op Security
52

Cascade Exposure
95

Access Ctrl
80

Economic
88

Oracle
85

Compos.
65

Govern.
40

Maturity
72

Resilience
98

Supply Ch.
85

OpSec
52

Cascade
95

Min

Avg

Max

Audit History

C4 Competition

2023-01

Peckshield

2023-03

Bug Bounty Program

$1,000,000

Max payout on Immunefi

View Program

Assessment

RWA protocol with strongest economic soundness (D2=88) in batch due to Treasury backing. Extreme centralization (D5=40) is the major drag but is by design for regulatory compliance. BRI penalizes centralization regardless of intent.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 82% confidence

+20KYC-gated whitelist provides strong access control

+20Admin keys are a feature for RWA compliance, not a bug

+20Freeze/blacklist/pause capabilities by design

+20Role-based admin with multi-sig

Provenance

Economic Soundness

Weight 13% · 82% confidence

+22US Treasury backing provides strong economic foundation

+22NAV tied to real-world assets with daily attestation

+22Minimal DeFi-native economic risk (no AMM, no leverage)

+22Redemption mechanism backed by real custodied assets

Provenance

Oracle Integrity

Weight 13% · 78% confidence

+21NAV oracle from institutional custodian

+21Off-chain asset pricing with minimal on-chain manipulation surface

+21Trusted party model (acceptable for RWA)

+21Daily NAV updates with attestation

Provenance

Battle-Tested Maturity

Weight 12% · 76% confidence

+14Live since 2023 (~2 years)

+14Clean operational record, no exploits

+14Institutional backing provides credibility

+14Audited by Code4rena, Halborn

Provenance

Governance & Upgradeability

Weight 10% · 85% confidence

-30Extremely centralized: admin controls mint, burn, freeze, blacklist

-30No on-chain governance mechanism

+20Regulatory compliance requires centralization (by design)

+20Token holders have zero protocol governance power

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Score derived from continuous adversarial security research

Provenance

Operational Security

Weight 10% · 35% confidence

-48No branch protection detected

+10Active CI/CD (100% success rate)

+10Commit signing: 50% verified

+10Minimal development activity (0 commits/month)

Provenance

Compositional Risk

Weight 5% · 74% confidence

+22Limited DeFi composition by design (whitelist restrictions)

+22Growing integrations (Flux, Morpho) expand composition surface

+22Custodian failure is the primary compositional risk

-35Regulatory dependency adds systemic risk dimension

Provenance

Cascade Exposure

Weight 5% · 50% confidence

+48No cross-protocol cascade exposure detected

+48Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 82% confidence

+28Simple ERC-20 with access control extensions

+28Minimal dependency chain

+28Standard OpenZeppelin libraries

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Governance & Upgradeability

40+49.4 potential

Extremely centralized: admin controls mint, burn, freeze, blacklist

Operational Security

52+34.8 potential

No branch protection detected

Access Control

80+21.1 potential

KYC-gated whitelist provides strong access control

Battle-Tested Maturity

72+20.7 potential

Live since 2023 (~2 years)

Compositional Risk

65+11.2 potential

Regulatory dependency adds systemic risk dimension

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2023-01-1810 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:6...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "ondo"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("ondo")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/ondo?variant=card&theme=dark"
  title="BlackHart Risk Index: Ondo Finance"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review