Notional Finance
DAMASCUSFixed Rate Lending · Ethereum + Arbitrum · $200M+ TVL · 10 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
75
70
78
68
60
72
50
80
75
100
75
70
78
68
60
72
50
80
75
100
Audit History
Bug Bounty Program
Assessment
Specialized fixed-rate lending with unique fCash instrument. V1 issues led to proper V2 redesign (shows learning). Moderate maturity for current version. Novel economics (D2=70) and complexity are the main drags.
Dimension Breakdown
How scores work →- Lending market with admin-controlled parameters
- fCash (fixed-rate) positions managed through protocol
- Liquidation permissionless and well-defined
- V2 had global settlement capability (emergency admin)
- Fixed-rate lending via fCash instrument is novel
- Interest rate curve and settlement mechanics are complex
- V1 had economic design issues (migrated to V2 redesign)
- Prime lending (V3) adds variable-rate with different model
- Chainlink oracle dependency for collateral pricing
- fCash valuation uses internal interest rate model
- Time-dependent valuation adds oracle timing sensitivity
- Settlement price is critical trust point
- V1 live 2021, V2 2022, V3 (Prime) 2023
- V1 had issues leading to redesign (good: learned and fixed)
- ~36 months for V2+, continuous evolution
- Audited by multiple firms (Sherlock contest, Code4rena)
- Z-factor: 0.862 (from V2)
- NOTE token governance with active proposals
- Governance controls market parameters and listings
- Timelock on governance actions
- Moderate participation rate
- No validated adversarial findings — score set to neutral baseline
- Small but experienced team
- V1->V2 migration managed well operationally
- Market settlement requires operational attention
- Monitoring infrastructure adequate
- fCash tokens composed in DeFi (limited adoption)
- Leveraged vault strategy composes external protocols
- Cross-currency lending creates composition surface
- More bounded than general lending protocols
- Member of 2 dependency cluster(s)
- No cross-protocol cascade exposure detected
- Score: 100/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- OpenZeppelin dependencies
- Standard Solidity stack
- Verified on Etherscan
- Moderate dependency complexity
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "notional"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("notional")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.