BlackHartBlackHart
Scores/rhino.fi

rhino.fi

TEMPERED

DEX / Bridge · Ethereum + L2s · $100M+ TVL · 10 contracts

Confidence 67%Z-Factor 0.76Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

746
BRI Score
3004756508251000

Security Profile

Access Ctrl
55
Economic
68
Oracle
72
Compos.
52
Govern.
40
Maturity
70
Resilience
87
Supply Ch.
68
OpSec
58
Cascade
100
Min
40
Avg
67
Max
100

Audit History

Nethermind
2022-09
Peckshield
2023-02

Bug Bounty Program

$100,000
Max payout on Immunefi
View Program →

Assessment

DeFi aggregator/bridge with 48-month track record (ex-DeversiFi). D5 very low (40) for fully centralized governance with single owner. D1 low (55) due to 5/10 contracts having zero access control modifiers. D4 low (52) due to multi-contract proxy composition with 971 call edges. StarkEx base provides cryptographic settlement security but does not compensate for centralization risk. Downgraded from DAMASCUS to TEMPERED based on deeper graph analysis revealing modifier coverage gaps.

Dimension Breakdown

How scores work →
Access Control
Weight 18%62% conf
55
Moderate
  • 33 modifiers total but 5/10 contracts have ZERO modifiers
  • Bridge: onlyOwner (single owner), _isAuthorized custom check
  • StarkExchange: onlyGovernance, notFinalized, notFrozen
  • SHARPVerifierCallProxy: 13 modifiers (comprehensive RBAC)
  • DACommittee, GpsFactRegistryAdapter, MemoryPageFactRegistry, OrderRegistry, SHARPVerifier: 0 modifiers
Economic Soundness
Weight 13%65% conf
68
Moderate
  • Bridge permissionless value operations: depositWithId, withdrawV2, swapWithData
  • StarkExchange: transfer, transferAll permissionless value moves
  • Bridge 160 CONSERVATION_BREAK reactions in structural analysis
  • StarkEx settlement provides trade finality via validity proofs
  • Lower economic complexity than lending protocols
Oracle Integrity
Weight 13%68% conf
72
Good
  • StarkEx validity proofs (cryptographic verification) - no external price oracle for core settlement
  • GpsFactRegistryAdapter mediates GPS contract proof verification (2 SVs, 0 writers)
  • MemoryPageFactRegistry: fact storage with 7 writing functions
  • Bridge pricing relies on DEX aggregation externally
  • DACommittee verifyAvailabilityProof for data availability checks
Battle-Tested Maturity
Weight 12%68% conf
70
Good
  • Live since 2021 as DeversiFi, rebranded to rhino.fi (~48 months total)
  • StarkEx technology well-tested across multiple deployments (dYdX, Immutable, Sorare)
  • Moderate TVL (~$700M in bridge)
  • Z-factor: 0.889
Governance & Upgradeability
Weight 10%60% conf
40
Concerning
  • Centralized company governance (rhino.fi team)
  • Bridge: single onlyOwner controls all admin operations
  • StarkExchange: onlyGovernance (single governance address)
  • No on-chain governance mechanism or DAO
  • Proxy upgradeable by admin without timelock
  • SHARPVerifierCallProxy has role separation but controlled by StarkWare
Adversarial Resilience
Weight 10%95% conf
87
Strong
  • Score derived from continuous adversarial security research
Operational Security
Weight 10%58% conf
58
Moderate
  • Small operational team
  • Multi-chain bridge operations complexity
  • StarkEx operational dependency on StarkWare
  • Limited public incident documentation
  • 24 events total but 4/10 contracts have 0 events (monitoring gaps)
Compositional Risk
Weight 5%60% conf
52
Concerning
  • 971 call edges across 10 contracts
  • 3 delegatecall proxy patterns: Bridge, StarkEx, SHARPVerifier
  • Cross-contract: StarkExchange -> DACommittee -> GpsFactRegistryAdapter -> MemoryPageFactRegistry
  • SHARPVerifierCallProxy 260 calls + 336 reads (highest complexity)
  • Bridge_2_Proxy 251 calls (second highest)
Cascade Exposure
Weight 5%50% conf
100
Excellent
  • Member of 1 dependency cluster(s)
  • No cross-protocol cascade exposure detected
  • Score: 100/100 (higher = more isolated from systemic risk)
  • Source: cross_protocol_composition.json dependency analysis
Supply Chain
Weight 4%65% conf
68
Moderate
  • StarkEx settlement layer (StarkWare proprietary dependency)
  • OpenZeppelin upgradeable contracts
  • Standard Solidity dependencies
  • StarkWare infrastructure dependency creates supply chain risk

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Governance & Upgradeability40
Compositional Risk52
Access Control55

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2021-04-01Z-Factor 0.76010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug
"rhinofi"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("rhinofi")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →