Scores/Sky (MakerDAO)/Provenance/Supply Chain

Supply Chain

Compiler version CVEs, library dependencies, build reproducibility, and proxy pattern risk.

Weight 4%88% confidence

Strong

info

How This Score Is Built

Compiler version CVEs, library dependencies, build reproducibility, and proxy pattern risk.

+23Strong positive

+12Positive

+5Slight positive

−15Strong negative

−8Negative

−3Slight negative

Scoring Tree

BRI Formula

300 + 700 × ∏(Dᵢ/100)^wᵢ

862

Current BRI

D8Supply Chain

Weight 4%

(82/100)^0.04 = 0.9921

Contributing Factors

+27Core Vat uses Solidity 0.5.12 (old but formally verified)

+27Newer modules use 0.6.12

+27Minimal dependencies — dss is remarkably self-contained

0No proxy pattern on core (immutable)

Evidence Sources

blackhart_analysisMay 4sha256:4f0f97210397....View

blackhart_analysisMay 17sha256:37fcedcc1cb4....View

Score Composition

No proxy pattern on core (immutable)

Neutralopen_in_newGitHub Supply ChainMay 4, 2026

+27

Core Vat uses Solidity 0.5.12 (old but formally verified)

Positiveopen_in_newGitHub Supply ChainMay 4, 2026

+27

Newer modules use 0.6.12

Positiveopen_in_newGitHub Supply ChainMay 4, 2026

+27

Minimal dependencies — dss is remarkably self-contained

Positiveopen_in_newGitHub Supply ChainMay 4, 2026

Evidence Chain (2 files)

GitHub APIMay 17, 2026, 06:58 PM

open_in_newGitHub (/)

sha256:37fcedcc1cb4...

BlackHart AnalysisMay 4, 2026, 02:00 PM

open_in_newSupply Chain — GitHub Supply Chain

sha256:4f0f97210397...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1

How is Supply Chain scored?← Back to Provenance Ledger