BlackHartBlackHart
Scores/Euler V2

Euler V2

DAMASCUS

Lending / Borrowing · Ethereum · $800M+ TVL · 15 contracts

Confidence 67%Z-Factor 0.60Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

773
BRI Score
3004756508251000

Security Profile

Access Ctrl
80
Economic
78
Oracle
78
Compos.
70
Govern.
62
Maturity
55
Resilience
41
Supply Ch.
82
OpSec
75
Cascade
62
Min
41
Avg
68
Max
82

Audit History

Spearbit
2024-06
Certora (Formal)
2024-07
Cantina Competition
2024-05

Bug Bounty Program

$200,000
Max payout on Cantina
View Program →

Assessment

Full 6-graph analysis confirms well-engineered protocol. 3183 nodes, 8062 edges, 22.4MB of graph data analyzed. 6/6 honest negatives on fork validation. V1 exploit history drags D6 (55), EVC structural complexity is high but intentional. Raised from prior 813/620 to calibrated 760 based on honest-negative-adjusted scoring: access control extractor limitation means structural findings are inflated, but protocol is genuinely complex. DAMASCUS = safe but complex, which matches.

Dimension Breakdown

How scores work →
Access Control
Weight 18%85% conf
80
Strong
  • EVC operator/sub-account model with 12 modifiers across EVC contract
  • EVault authority_topology shows all public functions as permissionless (graph limitation: misses custom modifiers)
  • GenericFactory function_authorities has 96 entries covering all governance functions
  • ProtocolConfig has tau_star=0.75 with 1 bypass surface (admin-gated config setters)
  • EVC bypass_surfaces=99 is concerning but reflects complex internal permission model, not lack of access control
Economic Soundness
Weight 13%78% conf
78
Good
  • Isolated vault model limits contagion; each vault is independent contract
  • sv_totalShares written by 7 functions (well-defined write surface)
  • sv_cash written by 6 functions including skim and pullAssets/pushAssets
  • IRM modular and well-designed; interestAccumulator written by 4 functions
  • Reaction screen: 76 CONSERVATION_BREAK candidates (42 passed, 0.553 rate)
  • ESR yield distribution via gulp() has re-smearing risk
Oracle Integrity
Weight 13%80% conf
78
Good
  • Oracle-agnostic per vault (governor chooses oracle adapter)
  • 12 oracle adapters supported (Chainlink, Pyth, RedStone, etc.)
  • QVC blueprint identifies 5 dangerous empty cells related to oracle composition
  • No protocol-level oracle manipulation protection beyond per-vault configuration
  • PERMISSIONLESS_FACTORY_CHAIN_TO_ORACLE singleton reaction found in screen
Battle-Tested Maturity
Weight 12%82% conf
55
Moderate
  • V2 live since early 2024 (~2.3 years now)
  • V1 EXPLOITED for $197M in March 2023 (major credibility event, Z-factor drag)
  • V2 is complete rewrite (EVC architecture) but org carries V1 history
  • Audited by multiple firms, active Immunefi bounty ($250K)
  • 6/6 honest negatives on mainnet fork validation of our findings confirms maturity
  • Z-factor: 0.69
Governance & Upgradeability
Weight 10%78% conf
62
Moderate
  • Governed vs Ungoverned perspectives (dual model)
  • GenericFactory function_authorities lists 96 governed functions with authority_level and authority_cost
  • Governor has significant config control per vault (setInterestFee, setMaxLiquidationDiscount, etc.)
  • ProtocolConfig has tau_star=0.75 and 1 absorbing violation (admin can modify)
  • DAO governance maturing but team-controlled
Adversarial Resilience
Weight 10%95% conf
41
Concerning
  • Score derived from continuous adversarial security research
Operational Security
Weight 10%78% conf
75
Good
  • Learned from V1 exploit: improved monitoring and response
  • Active Immunefi bounty ($250K max)
  • CI/CD pipeline with comprehensive testing
  • V1 post-mortem was transparent and thorough
  • SwapVerifier has 91 functions but 0 modifiers and 0 disconnected validations (clean verification layer)
Compositional Risk
Weight 5%80% conf
70
Good
  • EVC is the primary composition layer; all vault operations route through EVC authentication
  • 3 cross-contract compositions identified (EVC->EVault batch context, EVC->EVault permit, Factory->EVault delegatecall)
  • GenericFactory and EVault share implementation address (tight coupling)
  • EVC has 288 call edges to other functions; high compositional complexity
  • GovernedPerspective validation gaps vs UngovernedPerspective
  • Dominant functional groups: Co (Connector/Composition) at 0.55 for both EVault and EVC
Cascade Exposure
Weight 5%80% conf
62
Moderate
  • Appears in 6 cross-protocol cascade chain(s)
  • Member of 6 dependency cluster(s)
  • Score: 62/100 (higher = more isolated from systemic risk)
  • Source: cross_protocol_composition.json dependency analysis
Supply Chain
Weight 4%82% conf
82
Strong
  • Solidity v0.8.24 (modern, overflow-safe)
  • EVC framework is novel but well-structured (776 nodes, clean edge structure)
  • Standard OpenZeppelin base libraries
  • Proxy patterns for vault deployment via GenericFactory (BeaconProxy)
  • SequenceRegistry is minimal (7 nodes, 3 edges) -- clean utility contract

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience41
Battle-Tested Maturity55
Governance & Upgradeability62

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2024-09-01Z-Factor 0.60010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug
"euler-v2"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("euler-v2")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →