Reserve Protocol
DAMASCUSStablecoin Framework · Ethereum + Base · $300M+ TVL · 100 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
72
68
70
55
70
62
40
75
68
100
72
68
70
55
70
62
40
75
68
100
Audit History
Bug Bounty Program
Assessment
Complex basket stablecoin with 100+ contracts and active Cantina bounty ($10M max). D4 very low (55) due to extreme compositional complexity. D6 moderate (62) for 24-month V3 history. Active BlackHart research target.
Dimension Breakdown
How scores work →- Governor-based ACL with timelocked execution
- BackingManager controls basket rebalancing
- StRSR staking for governance participation
- Complex role hierarchy across 100+ contracts
- Basket stablecoin with diversified collateral
- Revenue distribution and RSR overcollateralization
- Dutch auction trading for basket rebalancing
- Complex economic interactions between RToken, RSR, and revenue
- Chainlink feeds with fallback mechanisms
- Per-collateral oracle configuration
- Oracle staleness checks with configurable windows
- Multiple oracle dependencies across collateral basket
- V3 live since mid-2023 (~24 months), V1 concepts since 2021
- eUSD and other RTokens deployed
- No protocol-level exploit on V3
- Z-factor: 0.8
- Governor Alexios with timelocked execution
- StRSR staking for voting power
- Emergency mechanisms (freezing, pausing)
- Governance delay provides safety window
- Score derived from continuous adversarial security research
- Reserve Foundation operations
- Complex deployment across multiple RTokens
- Active bug bounty program (Cantina)
- Monitoring for basket health and rebalancing
- Extreme compositional complexity: 100+ contracts
- RToken composes basket of arbitrary ERC-20 collateral
- BackingManager, Broker, Distributor, Furnace interactions
- Each collateral plugin adds composition risk
- Appears in 1 cross-protocol cascade chain(s)
- Member of 2 dependency cluster(s)
- Score: 100/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- Modern Solidity (0.8.x) with OpenZeppelin
- Plugin architecture means varied dependency quality
- Verified contracts on Etherscan
- Large codebase increases supply chain surface
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "reserve"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("reserve")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.