BlackHartBlackHart

Your protocol's
red team.

Continuous adversarial research with working exploits and deployable patches. Every finding is proven on a mainnet fork and ships with a staged fix.

rocket_launchCreate Your Accountplay_circleView Demo
47,000+

Attack Surfaces Analyzed

95%

Coverage Per Protocol

100%

Fork-Validated PoCs

56

Zero-Day Chains Mapped

24/7

Continuous Monitoring

<24h

Response Time

01 //
Why Continuous
sync

DeFi protocols ship continuously. Security research should too.

Every commit, every governance proposal, every new integration changes a protocol's attack surface. Continuous coverage means every change is analyzed, every interaction path is scored, and every new risk is flagged as it appears.

02 //
Platform Capabilities
deployed_code

BlackHart Deploy

Every validated finding comes with a tested Solidity patch, staged as a draft PR on your repo. Accept the finding, merge the fix. Remediation in minutes, not weeks.

checkTested Solidity patches staged as draft PRs
checkOne-click merge to remediate in minutes
checkFull test suite validates each patch
blackhart-deploy
PR #47 staged
contracts/modules/EToken.sol
donateToReserves()
  function donateToReserves(uint amount)
    external nonReentrant {
-   // no validation
+   require(amount <= reserves,
+     "donate exceeds reserves");
    reserves -= amount;
  }
Merge Fix
+2 -1 · tests passing
hub

Threat Map

Interactive contract topology with severity overlays and function-level vulnerability tracking. See your entire protocol's security posture at a glance.

checkFull contract topology with interaction paths
checkSeverity-colored overlays on every node
checkFunction-level vulnerability tracking
threat-map · euler-v1
contract
EToken
contract
DToken
contract
Euler
contract
RiskManager
contract
Liquidation
Critical
High
Medium
Low
rss_feed

Intelligence Feed

Real-time notifications on new findings, pipeline scans, and validated PoCs. Your security team stays informed continuously.

checkReal-time finding notifications with severity
checkPipeline scan status and PoC validation events
checkChronological audit trail of all activity
intelligence-feed
Critical14:23 UTC
PoC passing
Unbounded mint leverage in EToken.mint()
Critical12:07 UTC
Validated
donateToReserves() lacks solvency check
High09:41 UTC
Validated
Self-liquidation at manipulated discount
Medium08:15 UTC
Investigating
Stale price feed in RiskManager.getPrice()
verified

Validated PoCs

Every finding backed by a working proof-of-concept on mainnet fork. 100% external calls. If it works, you know it's real.

checkWorking exploits on mainnet fork state
check100% external calls, zero mocks
checkExact value-at-risk quantified per finding
forge test --fork-url mainnet
Running 1 test for test/EulerExploit.t.sol
[PASS] test_euler_unbounded_mint_exploit()
Logs:
Attacker balance before: 0 DAI
Flash loan: 30,000,000 DAI
Mint leverage: 19x (unbounded)
Donate to reserves: 100,000,000 eDAI
Self-liquidation profit: $197,568,042
Attacker balance after: 197,568,042 DAI
Test result: ok. 1 passed0.42s
radar

Continuous Monitoring

Our pipeline runs continuously against your protocol. New attack surfaces are flagged as they appear, and analysis restarts automatically when conditions change.

check24/7 automated scanning against live state
checkNew attack surfaces flagged as they appear
checkAutomatic re-scan on dependency changes
monitoring · euler-v1
Always On
Mar 7
Mar 8
Mar 9
Mar 10
Mar 11
Mar 12
Mar 13
Scan complete
New finding
Re-scan triggered
Critical alert
Mar 13 06:12
Critical chain detected - 3 primitives composed
Mar 11 14:33
New finding: unbounded mint leverage
Mar 10 09:00
Re-scan triggered by dependency update
science

Proprietary Algorithms

Purpose-built detection systems that identify compositional vulnerability patterns across cross-contract interaction surfaces. Multi-step exploit chains, economic attack paths, and state-dependent edge cases.

checkMulti-step exploit chain composition
checkCross-contract interaction path analysis
checkCompositional vulnerability detection across interaction surfaces
attack-chain-composer
volunteer_activism
donate
100M eDAI to reserves
arrow_forwardcompose
local_fire_department
self-liquidate
at 2x discount
arrow_forwardcompose
payments
profit
$197M extracted
link3-step chain · atomic execution
Critical
shield

Patch Verification

When you fix a finding, we re-run the PoC against your patch. If the fix is incomplete, we flag it before it hits production.

checkPoC re-run against every proposed patch
checkIncomplete fixes caught before production
checkCryptographic verification of patch integrity
patch-verification
Before PatchVULNERABLE
[PASS] exploit()
Attacker profit:
+197,568,042 DAI
After PatchSECURED
[FAIL] exploit()
Revert reason:
"donate exceeds reserves"
verifiedPatch verified
0xa3f7...c912Mar 14 09:22 UTC
03 //
How It Works
hub
01

We Map Your Protocol

Every contract, every interaction path, every trust boundary. Our systems build a complete threat topology of your protocol's architecture.

radar
02

Proprietary Technology Protects You 24/7

Our detection systems run continuously against your protocol, probing from every angle. When conditions change, analysis restarts automatically.

verified
03

We Prove What We Find

Every finding gets a working exploit on a mainnet fork. Real contracts, real state, real value at risk. If we can't prove it, you don't pay.

shield
04

You Stay Protected

Validated findings appear in your feed. Your threat map updates. You unlock the full report and remediation. We verify your patches. The cycle continues.

04 //
Field Report
CriticalEuler Finance — $197M Hack, March 2023

$197M drained in a single transaction.
Our system flagged it with 100% confidence.

Our systems identified all 3 critical vulnerabilities in the Euler V1 exploit: unbounded mint leverage, reserves donation without solvency check, and self-liquidation at manipulated discount. The full multi-step exploit path was detected and validated before the attack occurred.

play_circleView Demo Dashboard
$197M

Funds Drained

6

Primitives Found

1.00

Detection Confidence

1 TX

Atomic Exploit

Historical analysis of the Euler Finance V1 hack (March 13, 2023). All data is from a publicly-known incident.

05 //
Coverage Tiers

Your protocol's persistent red team.

Choose the depth of intelligence and response cadence that matches your risk profile. You only pay for validated findings that work.

Scout

Continuous security monitoring with real-time visibility into your protocol's risk posture.

checkContinuous adversarial monitoring
checkLive threat map + event feed
checkShield rating + BRI score
checkResearch signals in feed
checkQuarterly security review
checkFix recommendations on every finding
Create Your Account
Recommended

Vanguard

Proactive security with dedicated research, validated PoCs, and direct remediation support.

checkEverything in Scout
checkAll validated PoCs included
checkWeekly security calls
checkPriority pipeline analysis
checkDedicated researcher assigned
checkStaged Git PRs for Critical + High findings
Create Your Account

Citadel

Enterprise

Embedded red team operations with 24hr SLA and full incident response.

checkEverything in Vanguard
checkEmbedded red team operations
checkReal-time threat alerting
checkCross-protocol intelligence
checkCustom attack simulations
checkPRs for all severities + 24hr SLA + incident response
Create Your Account
Compare all plans →
rss_feedFor Protocol Teams

Protocol already in the Oracle?

If your protocol is already scored by the Oracle, you can request access to your threat intelligence feed. Get real-time visibility into findings, validated PoCs, and your live threat map. Requires a verified protocol team email.

lock_openRequest Feed Access
06 //
FAQ

Frequently Asked Questions

How is BlackHart different from a traditional audit?

BlackHart Monitoring is continuous adversarial coverage. We actively hunt for vulnerabilities on an ongoing basis, with every commit analyzed and every new integration scored.

Does subscribing improve our public risk score?

Not directly. Subscribing gives you continuous vulnerability discovery and remediation support. Your public BRI score only improves when the underlying risks are actually addressed and we verify the changes.

How do you coordinate disclosure?

All vulnerability findings are disclosed through official bounty programs or responsible disclosure channels. Each report includes enough detail for the protocol team to validate and fix the issue. The timeline follows industry-standard coordinated disclosure practices.

Ready to get started?

Working exploits, staged patches, and continuous coverage. Every finding is proven on a mainnet fork and ships with a fix.

rocket_launchCreate Your AccountCompare Plans