Scores/SushiSwap

SushiSwap

DAMASCUS

DEX / AMM · Multi-chain · $500M+ TVL · 25 contracts

Official site: sushi.com ↗

795

3004756508251000

Confidence62%

Z-Factor0.87

Updated 2026-05-27Public score

Security Profile

Access Control
72

Economic Soundness
78

Oracle Integrity
82

Compositional Risk
65

Governance
55

Maturity
82

Resilience
68

Supply Chain
75

Op Security
48

Cascade Exposure
100

Access Ctrl
72

Economic
78

Oracle
82

Compos.
65

Govern.
55

Maturity
82

Resilience
68

Supply Ch.
75

OpSec
48

Cascade
100

Min

Avg

Max

100

Audit History

Peckshield

2020-10

Quantstamp

2021-03

Trail of Bits

2023-01

Bug Bounty Program

$200,000

Max payout on Immunefi

View Program

Assessment

Uniswap V2 fork with 67+ months live and battle-tested core AMM. Historical governance turbulence and the 2023 RouteProcessor exploit on periphery contracts reduce confidence. BentoBox ecosystem adds significant composition complexity.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 75% confidence

+18Multisig admin control

+18Router contracts with broad permissions

+18BentoBox vault has complex access model

+18Historical governance turbulence

Provenance

Economic Soundness

Weight 13% · 78% confidence

+20Proven AMM model (Uniswap V2 fork)

+20xSUSHI staking model straightforward

+20Trident multi-pool architecture adds complexity

+20Fee distribution well-tested

Provenance

Oracle Integrity

Weight 13% · 80% confidence

+20TWAP oracle from Uniswap V2 model

+20No external oracle dependency in core

+20BentoBox strategies may use external oracles

+20Oracle manipulation resistant via time-weighting

Provenance

Battle-Tested Maturity

Weight 12% · 82% confidence

+20Live since September 2020 (67+ months)

+20Survived governance crises

+20Uniswap V2 fork means core AMM code is battle-tested

+20Multiple products have varying maturity levels

Provenance

Governance & Upgradeability

Weight 10% · 70% confidence

+18Historical governance instability (chef controversy)

+18Multisig controls significant parameters

+18SUSHI token governance maturing

-45No meaningful timelock on many operations

Provenance

Adversarial Resilienceredacted

Weight 10% · 72% confidence

RouteProcessor exploit in 2023 ($3.3M)
Active bug bounty program
Core AMM unaffected by exploits (periphery was hit)
Multiple audit firms across products

Provenance

Operational Security

Weight 10% · 60% confidence

-17No branch protection detected

-17CI/CD present but unstable (0% success)

+16Commit signing: 52% verified

-17Weak PR review coverage (8%)

Provenance

Compositional Risk

Weight 5% · 70% confidence

+22BentoBox adds deep composition surface

+22Kashi lending on BentoBox

+22Cross-chain deployments with varying security

-35Multiple product lines increase surface area

Provenance

Cascade Exposure

Weight 5% · 55% confidence

100

+33Appears in 1 cross-protocol cascade chain(s)

+33Member of 1 dependency cluster(s)

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 78% confidence

+19Standard Solidity

+19Fork of audited Uniswap V2 code

+19BentoBox adds dependencies

+19Verified on multiple chains

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Operational Security

48+37.7 potential

No branch protection detected

Governance & Upgradeability

55+30.5 potential

No meaningful timelock on many operations

Access Control

72+30.2 potential

Multisig admin control

Adversarial Resilience

68+19.5 potential

Economic Soundness

78+16.3 potential

Proven AMM model (Uniswap V2 fork)

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2020-09-0910 dimensionsProvenance Ledger

methodology v2.1formula v1.0weights v1.0evidence sha256:sha256:8...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "sushiswap"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("sushiswap")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/sushiswap?variant=card&theme=dark"
  title="BlackHart Risk Index: SushiSwap"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review