Orca
DAMASCUSDEX / AMM · Solana · $500M+ TVL · 5 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
78
80
85
72
52
80
50
78
78
95
78
80
85
72
52
80
50
78
78
95
Audit History
Bug Bounty Program
Assessment
Dominant Solana CLMM DEX. Proven AMM model adapted to Solana runtime. Clean security record. Governance centralization (D5=52) is the main weakness. Good maturity for Solana ecosystem.
Dimension Breakdown
How scores work →- Permissionless pool creation (Whirlpools)
- Fee tier and tick spacing parameters controlled by protocol
- Admin authority for protocol fee collection
- Position management is user-controlled (NFT-based)
- Concentrated liquidity model (Uniswap V3-inspired)
- Well-understood AMM economics, adapted for Solana
- Fee tiers provide economic flexibility
- No inflationary token incentive distortions in AMM core
- AMM prices derived from pool state (TWAP available)
- No external oracle dependency in core DEX
- Manipulation resistance from concentrated liquidity depth
- Price observations stored on-chain
- Original Orca DEX since 2021, Whirlpools since mid-2022
- No protocol exploit on Whirlpools
- Dominant Solana DEX for concentrated liquidity
- Multiple audits (Kudelski, Neodyme)
- Z-factor: 0.893 (from 2022)
- ORCA token exists but governance is limited
- Protocol decisions largely made by Orca team
- No visible on-chain governance mechanism
- Centralized fee parameter control
- No validated adversarial findings — score set to neutral baseline
- Orca team maintains active operations
- Solana-native monitoring
- Pool creation permissionless (reduces ops burden)
- Regular program upgrades managed responsibly
- Widely composed in Solana DeFi (Jupiter aggregation)
- Single-chain limits cross-chain risk
- LP positions used as collateral in lending protocols
- Whirlpool composability is well-bounded
- No cross-protocol cascade exposure detected
- Score: 95/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- Rust/Anchor framework
- SPL token standards
- Limited external dependencies in core AMM
- Math libraries are protocol-internal
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "orca"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("orca")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.