BlackHartBlackHart
Scores/SushiSwap

SushiSwap

DAMASCUS

DEX / AMM · Multi-chain · $500M+ TVL · 25 contracts

Confidence 62%Z-Factor 0.87Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

802
BRI Score
3004756508251000

Security Profile

Access Ctrl
72
Economic
78
Oracle
82
Compos.
65
Govern.
55
Maturity
82
Resilience
68
Supply Ch.
75
OpSec
65
Min
55
Avg
71
Max
82

Audit History

Peckshield
2020-10
Quantstamp
2021-03
Trail of Bits
2023-01

Bug Bounty Program

$250,000
Max payout on Immunefi
View Program →

Assessment

Uniswap V2 fork with 67+ months live and battle-tested core AMM. Historical governance turbulence and the 2023 RouteProcessor exploit on periphery contracts reduce confidence. BentoBox ecosystem adds significant composition complexity.

Dimension Breakdown

How scores work →
Access Control
Weight 19%75% conf
72
Good
  • Multisig admin control
  • Router contracts with broad permissions
  • BentoBox vault has complex access model
  • Historical governance turbulence
Economic Soundness
Weight 14%78% conf
78
Good
  • Proven AMM model (Uniswap V2 fork)
  • xSUSHI staking model straightforward
  • Trident multi-pool architecture adds complexity
  • Fee distribution well-tested
Oracle Integrity
Weight 14%80% conf
82
Strong
  • TWAP oracle from Uniswap V2 model
  • No external oracle dependency in core
  • BentoBox strategies may use external oracles
  • Oracle manipulation resistant via time-weighting
Battle-Tested Maturity
Weight 13%82% conf
82
Strong
  • Live since September 2020 (67+ months)
  • Survived governance crises
  • Uniswap V2 fork means core AMM code is battle-tested
  • Multiple products have varying maturity levels
Governance & Upgradeability
Weight 11%70% conf
55
Moderate
  • Historical governance instability (chef controversy)
  • Multisig controls significant parameters
  • SUSHI token governance maturing
  • No meaningful timelock on many operations
Adversarial Resilience
Weight 11%72% conf
68
Moderate
  • RouteProcessor exploit in 2023 ($3.3M)
  • Active bug bounty program
  • Core AMM unaffected by exploits (periphery was hit)
  • Multiple audit firms across products
Operational Security
Weight 11%68% conf
65
Moderate
  • Team restructuring affected ops continuity
  • Multi-chain deployments increase ops surface
  • Incident response demonstrated in RouteProcessor exploit
  • Community-driven monitoring
Compositional Risk
Weight 5%70% conf
65
Moderate
  • BentoBox adds deep composition surface
  • Kashi lending on BentoBox
  • Cross-chain deployments with varying security
  • Multiple product lines increase surface area
Supply Chain
Weight 4%78% conf
75
Good
  • Standard Solidity
  • Fork of audited Uniswap V2 code
  • BentoBox adds dependencies
  • Verified on multiple chains

Additional Dimensions

Cascade Exposure
Weight conditional0% conf
-1
Critical
  • Not assessed — excluded from BRI computation

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Governance & Upgradeability55
Compositional Risk65
Operational Security65

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2020-09-09Z-Factor 0.8709 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug
"sushiswap"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("sushiswap")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →