Scores/Sky (MakerDAO)

Sky (MakerDAO)

MITHRIL

Stablecoin / Lending · Ethereum · $12.7B TVL · 50 contracts

Confidence 90%Z-Factor 0.93Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

903

BRI Score

3004756508251000

Security Profile

Access Control
92

Economic Soundness
90

Oracle Integrity
94

Compositional Risk
87

Governance
85

Maturity
97

Resilience
54

Supply Chain
82

Op Security
88

Cascade Exposure
93

Access Ctrl
92

Economic
90

Oracle
94

Compos.
87

Govern.
85

Maturity
97

Resilience
54

Supply Ch.
82

OpSec
88

Cascade
93

Min

Avg

Max

Audit History

Trail of Bits

2019-08Report →

Runtime Verification (Formal)

2019-12Report →

Peckshield

2020-03

Trail of Bits (Liquidations 2.0)

2021-04

Bug Bounty Program

$10,000,000

Max payout on Immunefi

View Program →

Assessment

One of the oldest and most battle-tested DeFi protocols. 78 months, zero code exploits, formal verification. Near-ADAMANTINE but D8 (old compiler) and D5 (governance complexity) prevent top tier.

Dimension Breakdown

How scores work →

Access Control

Weight 18%90% conf

Excellent

Wards/auth pattern battle-proven across all modules
ESM provides credible emergency shutdown (50K MKR threshold)
Every module uses rely/deny for fine-grained authorization
GSM 48h delay on governance execution

Economic Soundness

Weight 13%88% conf

Excellent

Dutch auction liquidation (Liq 2.0 / Dog+Clipper) proven
Surplus Buffer absorbs bad debt before MKR dilution
Flash mint exists but rate-limited
$12.7B TVL with overcollateralization, survived Black Thursday

Oracle Integrity

Weight 13%92% conf

Excellent

OSM enforces 1-hour price update delay (best-in-class)
Medianizer aggregates multiple Chronicle feeds
Purpose-built oracle architecture to prevent manipulation
Governance can freeze oracles in emergency

Battle-Tested Maturity

Weight 12%95% conf

Excellent

78 months live (6.5 years) — one of oldest DeFi protocols
Survived Black Thursday, Terra/Luna, FTX collapse
Core dss contracts frozen since 2022
Zero code-level exploits in entire history
Formal verification by Runtime Verification
Z-factor: 0.929

Governance & Upgradeability

Weight 10%88% conf

Strong

MKR/SKY voting with executive spells (well-understood)
GSM adds 48h delay before spell execution
ESM can block malicious governance attacks
Deduction: governance fatigue risk, flash loan attack surface (mitigated by GSM)

Adversarial Resilience

Weight 10%95% conf

Concerning

Score derived from continuous adversarial security research

Operational Security

Weight 10%85% conf

Strong

Chronicle operates oracle feeds professionally
Multiple keeper networks for liquidations
SubDAO structure distributes operational risk
GSM delay provides operational response window

Compositional Risk

Weight 5%85% conf

Strong

Core dss is remarkably self-contained (no external deps)
Modular internal architecture (Vat/Dog/Spot/Flap/Flop)
RWA modules introduce some external dependency
PSM has stablecoin counterparty risk

Cascade Exposure

Weight 5%60% conf

Excellent

Appears in 2 cross-protocol cascade chain(s)
Member of 2 dependency cluster(s)
Score: 93/100 (higher = more isolated from systemic risk)
Source: cross_protocol_composition.json dependency analysis

Supply Chain

Weight 4%88% conf

Strong

Core Vat uses Solidity 0.5.12 (old but formally verified)
Newer modules use 0.6.12
No proxy pattern on core (immutable)
Minimal dependencies — dss is remarkably self-contained

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience54

Supply Chain82

Governance & Upgradeability85

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2019-11-18Z-Factor 0.92910 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "sky"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("sky")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →