Scores/Compound V3

Compound V3

MITHRIL

Lending / Borrowing · Multi-chain · $2.5B TVL · 15 contracts

Confidence 74%Z-Factor 0.86Updated 2026-05-13Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

857

BRI Score

3004756508251000

Security Profile

Access Control
88

Economic Soundness
85

Oracle Integrity
82

Compositional Risk
75

Governance
72

Maturity
90

Resilience
50

Supply Chain
88

Op Security
85

Cascade Exposure
84

Access Ctrl
88

Economic
85

Oracle
82

Compos.
75

Govern.
72

Maturity
90

Resilience
50

Supply Ch.
88

OpSec
85

Cascade
84

Min

Avg

Max

Audit History

OpenZeppelin

2022-08Report →

ChainSecurity

2022-07

Bug Bounty Program

$1,000,000

Max payout on Immunefi

View Program →

Assessment

One of DeFi's most battle-tested lending protocols. V3 Comet architecture is simpler and safer than V2. Strong maturity (D6=90) and no exploits. Oracle single-source and governance centralization are the main drags.

Dimension Breakdown

How scores work →

Access Control

Weight 18%85% conf

Strong

Comet single-asset design drastically reduces admin surface vs V2
Pause guardian for emergency response
Configurator pattern separates config from execution
No reentrancy exposure in core borrow/supply paths

Economic Soundness

Weight 13%82% conf

Strong

Conservative collateral factors, well-calibrated LTVs
Absorb mechanism for bad debt socialization is explicit
Single base asset per market simplifies liquidation math
Flash loan borrowing not available in Comet architecture

Oracle Integrity

Weight 13%80% conf

Strong

Chainlink primary oracle with staleness checks
Custom price feeds per asset with governance control
No TWAP dependency, direct Chainlink consumption
Single oracle source per asset (no fallback chain)

Battle-Tested Maturity

Weight 12%88% conf

Excellent

V3 live since Aug 2022 (~3.5 years), V2 since 2019 (org maturity 7+ years)
Survived multiple market stress events (LUNA, FTX, SVB)
Extensive audit history (OpenZeppelin, Trail of Bits, ChainSecurity)
No exploits in V3 lifetime
Z-factor: 0.847

Governance & Upgradeability

Weight 10%80% conf

Good

Governor Bravo with 2-day timelock
COMP token governance, active voter participation
Compound Labs retains outsized influence on proposals
Configurator upgrades require governance vote

Adversarial Resilience

Weight 10%30% conf

Concerning

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Mature codebase with extensive battle testing
No validated adversarial findings — score set to neutral baseline

Operational Security

Weight 10%82% conf

Strong

Mature monitoring and alerting infrastructure
V2 oracle incident in 2022 handled with quick response
Active bug bounty on Immunefi
Transparent deployment and verification process

Compositional Risk

Weight 5%78% conf

Good

Widely integrated across DeFi (Instadapp, DeFi Saver, etc.)
Comet design limits cross-protocol re-entrancy surface
External reward claiming adds minor attack surface
Collateral asset risk delegated to governance

Cascade Exposure

Weight 5%65% conf

Strong

Appears in 3 cross-protocol cascade chain(s)
Member of 2 dependency cluster(s)
Score: 84/100 (higher = more isolated from systemic risk)
Source: cross_protocol_composition.json dependency analysis

Supply Chain

Weight 4%85% conf

Strong

Standard OpenZeppelin base libraries
Minimal proxy usage in V3 (non-upgradeable core)
Well-audited Solidity compiler versions
Clean dependency graph vs V2 complexity

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience50

Governance & Upgradeability72

Compositional Risk75

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-08-26Z-Factor 0.86010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "compound-v3"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("compound-v3")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →