Scores/Sky (MakerDAO)

Sky (MakerDAO)

MITHRIL

Stablecoin / Lending · Ethereum · $12.7B TVL · 50 contracts

Official site: sky.money ↗

862

3004756508251000

Confidence90%

Z-Factor0.93

Updated 2026-05-27Public score

Security Profile

Access Control
92

Economic Soundness
90

Oracle Integrity
94

Compositional Risk
87

Governance
85

Maturity
97

Resilience
54

Supply Chain
82

Op Security
44

Cascade Exposure
93

Access Ctrl
92

Economic
90

Oracle
94

Compos.
87

Govern.
85

Maturity
97

Resilience
54

Supply Ch.
82

OpSec
44

Cascade
93

Min

Avg

Max

Audit History

Trail of Bits

2019-08Report

Runtime Verification (Formal)

2019-12Report

Peckshield

2020-03

Trail of Bits (Liquidations 2.0)

2021-04

Bug Bounty Program

$10,000,000

Max payout on Immunefi

View Program

Assessment

One of the oldest and most battle-tested DeFi protocols. 78 months, zero code exploits, formal verification. Near-ADAMANTINE but D8 (old compiler) and D5 (governance complexity) prevent top tier.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 90% confidence

+23Wards/auth pattern battle-proven across all modules

+23ESM provides credible emergency shutdown (50K MKR threshold)

+23Every module uses rely/deny for fine-grained authorization

+23GSM 48h delay on governance execution

Provenance

Economic Soundness

Weight 13% · 88% confidence

+22Dutch auction liquidation (Liq 2.0 / Dog+Clipper) proven

+22Surplus Buffer absorbs bad debt before MKR dilution

+22Flash mint exists but rate-limited

+22$12.7B TVL with overcollateralization, survived Black Thursday

Provenance

Oracle Integrity

Weight 13% · 92% confidence

+24OSM enforces 1-hour price update delay (best-in-class)

+24Medianizer aggregates multiple Chronicle feeds

+24Purpose-built oracle architecture to prevent manipulation

+24Governance can freeze oracles in emergency

Provenance

Battle-Tested Maturity

Weight 12% · 95% confidence

+1678 months live (6.5 years) — one of oldest DeFi protocols

+16Survived Black Thursday, Terra/Luna, FTX collapse

+16Core dss contracts frozen since 2022

+16Zero code-level exploits in entire history

Provenance

Governance & Upgradeability

Weight 10% · 88% confidence

+28MKR/SKY voting with executive spells (well-understood)

+28GSM adds 48h delay before spell execution

+28ESM can block malicious governance attacks

-15Deduction: governance fatigue risk, flash loan attack surface (mitigated by GSM)

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Score derived from continuous adversarial security research

Provenance

Operational Security

Weight 10% · 50% confidence

-28No branch protection detected

+11No CI/CD pipeline detected

-28Weak PR review coverage (27%)

+11Minimal development activity (0 commits/month)

Provenance

Compositional Risk

Weight 5% · 85% confidence

+22Core dss is remarkably self-contained (no external deps)

+22Modular internal architecture (Vat/Dog/Spot/Flap/Flop)

+22RWA modules introduce some external dependency

+22PSM has stablecoin counterparty risk

Provenance

Cascade Exposure

Weight 5% · 60% confidence

+31Appears in 2 cross-protocol cascade chain(s)

+31Member of 2 dependency cluster(s)

+31Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 88% confidence

+27Core Vat uses Solidity 0.5.12 (old but formally verified)

+27Newer modules use 0.6.12

+27Minimal dependencies — dss is remarkably self-contained

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Operational Security

44+48.1 potential

No branch protection detected

Adversarial Resilience

54+35.7 potential

Governance & Upgradeability

85+9.2 potential

MKR/SKY voting with executive spells (well-understood)

Access Control

92+8.5 potential

Wards/auth pattern battle-proven across all modules

Economic Soundness

90+7.8 potential

Dutch auction liquidation (Liq 2.0 / Dog+Clipper) proven

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2019-11-1810 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:e...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "sky"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("sky")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/sky?variant=card&theme=dark"
  title="BlackHart Risk Index: Sky (MakerDAO)"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review