BlackHartBlackHart
Scores/rhino.fi

rhino.fi

TEMPERED

DEX / Bridge · Ethereum + L2s · $100M+ TVL · 10 contracts

Official site: rhino.fi

739
3004756508251000
Confidence67%
Z-Factor0.76
Updated 2026-05-27Public score

Security Profile

Access Ctrl
55
Economic
68
Oracle
72
Compos.
52
Govern.
40
Maturity
70
Resilience
87
Supply Ch.
68
OpSec
50
Cascade
100
Min
40
Avg
66
Max
100

Audit History

Nethermind
2022-09
Peckshield
2023-02

Bug Bounty Program

$2,000,000
Max payout on Immunefi
View Program

Assessment

DeFi aggregator/bridge with 48-month track record (ex-DeversiFi). D5 very low (40) for fully centralized governance with single owner. D1 low (55) due to 5/10 contracts having zero access control modifiers. D4 low (52) due to multi-contract proxy composition with 971 call edges. StarkEx base provides cryptographic settlement security but does not compensate for centralization risk. Downgraded from DAMASCUS to TEMPERED based on deeper graph analysis revealing modifier coverage gaps.

Dimension Breakdown

Methodology
Access Control
Weight 18% · 62% confidence
55
+1433 modifiers total but 5/10 contracts have ZERO modifiers
+14Bridge: onlyOwner (single owner), _isAuthorized custom check
+14StarkExchange: onlyGovernance, notFinalized, notFrozen
+14DACommittee, GpsFactRegistryAdapter, MemoryPageFactRegistry, OrderRegistry, SHARPVerifier: 0 modifiers
Provenance
Economic Soundness
Weight 13% · 65% confidence
68
+14Bridge permissionless value operations: depositWithId, withdrawV2, swapWithData
+14StarkExchange: transfer, transferAll permissionless value moves
+14Bridge 160 CONSERVATION_BREAK reactions in structural analysis
+14StarkEx settlement provides trade finality via validity proofs
Provenance
Oracle Integrity
Weight 13% · 68% confidence
72
+14StarkEx validity proofs (cryptographic verification) - no external price oracle for core settlement
+14GpsFactRegistryAdapter mediates GPS contract proof verification (2 SVs, 0 writers)
+14MemoryPageFactRegistry: fact storage with 7 writing functions
+14Bridge pricing relies on DEX aggregation externally
Provenance
Battle-Tested Maturity
Weight 12% · 68% confidence
70
+18Live since 2021 as DeversiFi, rebranded to rhino.fi (~48 months total)
+18StarkEx technology well-tested across multiple deployments (dYdX, Immutable, Sorare)
+18Moderate TVL (~$700M in bridge)
+18Z-factor: 0.889
Provenance
Governance & Upgradeability
Weight 10% · 60% confidence
40
-30Centralized company governance (rhino.fi team)
+20Bridge: single onlyOwner controls all admin operations
+20StarkExchange: onlyGovernance (single governance address)
-30No on-chain governance mechanism or DAO
Provenance
Adversarial Resilienceredacted
Weight 10% · 95% confidence
87
  • Score derived from continuous adversarial security research
Provenance
Operational Security
Weight 10% · 50% confidence
50
-50No branch protection detected
+10No CI/CD pipeline detected
+10Commit signing: 62% verified
+10Minimal development activity (0 commits/month)
Provenance
Compositional Risk
Weight 5% · 60% confidence
52
+26971 call edges across 10 contracts
+26Cross-contract: StarkExchange -> DACommittee -> GpsFactRegistryAdapter -> MemoryPageFactRegistry
Provenance
Cascade Exposure
Weight 5% · 50% confidence
100
+33Member of 1 dependency cluster(s)
+33No cross-protocol cascade exposure detected
+33Source: cross_protocol_composition.json dependency analysis
Provenance
Supply Chain
Weight 4% · 65% confidence
68
+17StarkEx settlement layer (StarkWare proprietary dependency)
+17OpenZeppelin upgradeable contracts
+17Standard Solidity dependencies
+17StarkWare infrastructure dependency creates supply chain risk
Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Access Control
55+49.9 potential
33 modifiers total but 5/10 contracts have ZERO modifiers
Governance & Upgradeability
40+42.1 potential
Centralized company governance (rhino.fi team)
Operational Security
50+31.5 potential
No branch protection detected
Economic Soundness
68+22.6 potential
Bridge permissionless value operations: depositWithId, withdrawV2, swapWithData
Oracle Integrity
72+19.2 potential
StarkEx validity proofs (cryptographic verification) - no external price oracle for core settlement

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2021-04-0110 dimensionsProvenance Ledger
methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:b...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug
"rhinofi"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("rhinofi")
Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View PlansMethodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public
Style
Theme
Format
Preview
Copy iframe code
<iframe
  src="https://blackhart.io/embed/oracle/rhinofi?variant=card&theme=dark"
  title="BlackHart Risk Index: rhino.fi"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>
Believe this score contains a factual error? Submit evidence for review