Immutable
DAMASCUSGaming / NFT L2 · Ethereum + zkEVM · $500M+ TVL · 20 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
75
80
85
78
50
78
97
78
75
100
75
80
85
78
50
78
97
78
75
100
Audit History
Bug Bounty Program
Assessment
Gaming L2 built on StarkEx with 49-month track record. D5 very low (50) due to fully centralized governance. D3 high (85) thanks to cryptographic validity proofs. Lower risk profile than DeFi but centralization concerns.
Dimension Breakdown
How scores work →- StarkEx operator controls sequencing and data availability
- Centralized sequencer with escape hatch mechanism
- NFT minting requires operator approval
- Withdrawal delay provides user protection window
- NFT marketplace economics (not DeFi lending/trading)
- IMX token for protocol fees (limited economic attack surface)
- No flash loan or price manipulation vectors in core
- Lower economic complexity than DeFi protocols
- StarkEx validity proofs (cryptographic, not oracle-based)
- No external price oracle dependency for core NFT operations
- L1 settlement provides price finality
- Minimal oracle surface compared to DeFi protocols
- Live since April 2021 (49 months)
- Processed millions of NFT transactions
- StarkEx technology well-tested (shared with dYdX)
- Z-factor: 0.891
- Centralized operator (Immutable X team)
- No on-chain governance mechanism
- Protocol upgrades controlled by team multisig
- Escape hatch is user protection, not governance
- Score derived from continuous adversarial security research
- Professional operations team (VC-backed)
- StarkEx operator infrastructure
- Centralized but professionally managed
- Incident response through central team
- Limited DeFi composability (gaming/NFT focus)
- StarkEx provides isolated execution environment
- Bridge to Ethereum L1 for deposits/withdrawals
- Lower composition risk than general-purpose L2
- Member of 1 dependency cluster(s)
- No cross-protocol cascade exposure detected
- Score: 100/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- StarkEx prover (proprietary StarkWare tech)
- Solidity contracts for L1 bridge
- Cairo programs for L2 logic
- Dependency on StarkWare infrastructure
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "immutable"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("immutable")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.