Scores/CoW Protocol

CoW Protocol

MITHRIL

DEX Aggregator · Ethereum + Gnosis · $500M+ TVL · 10 contracts

Confidence 75%Z-Factor 0.82Updated 2026-05-13Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

857

BRI Score

3004756508251000

Security Profile

Access Control
85

Economic Soundness
88

Oracle Integrity
82

Compositional Risk
75

Governance
80

Maturity
82

Resilience
50

Supply Chain
85

Op Security
82

Cascade Exposure
100

Access Ctrl
85

Economic
88

Oracle
82

Compos.
75

Govern.
80

Maturity
82

Resilience
50

Supply Ch.
85

OpSec
82

Cascade
100

Min

Avg

Max

100

Audit History

Ackee Blockchain

2022-03

G0 Group

2023-06

Bug Bounty Program

$1,000,000

Max payout on Immunefi

View Program →

Assessment

Innovative batch auction DEX with native MEV protection. D4 penalized for deep multi-DEX dependency for settlement. Clean track record (36+ months, Gnosis heritage). Solver competition model is novel but less battle-tested.

Dimension Breakdown

How scores work →

Access Control

Weight 18%80% conf

Strong

Solver competition with bonding requirements
Settlement contract with allow-listed solvers
Order signing via EIP-712 (user intent)
Pre-hooks and post-hooks add execution flexibility

Economic Soundness

Weight 13%82% conf

Strong

Batch auction model provides MEV protection
Surplus from CoW (Coincidence of Wants) returned to users
CoW AMM adds protocol-owned liquidity
Solver competition creates price improvement incentive

Oracle Integrity

Weight 13%75% conf

Strong

No external oracle in core - solver provides price discovery
Settlement must match or exceed user's limit price
Reference prices from DEX liquidity (indirect oracle)
Price quality enforced by solver competition

Battle-Tested Maturity

Weight 12%80% conf

Strong

GPv2 live since 2021, CoW Protocol since 2022 (36+ months)
Gnosis team heritage (ex-Gnosis Protocol)
No protocol-level exploit
Growing but still mid-maturity
Z-factor: 0.854

Governance & Upgradeability

Weight 10%75% conf

Strong

CowDAO governance via vCOW token
Snapshot voting with on-chain execution
Solver whitelist managed by governance
Emerging governance maturity

Adversarial Resilience

Weight 10%30% conf

Concerning

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Active bounty program incentivizes continuous scrutiny
No validated adversarial findings — score set to neutral baseline

Operational Security

Weight 10%78% conf

Strong

Professional team with Gnosis heritage
Solver monitoring and competition oversight
Order book infrastructure management
Active development and deployment cadence

Compositional Risk

Weight 5%72% conf

Good

Aggregates across Uniswap, Balancer, Curve, etc.
Deep external DEX dependency for settlement
Solver strategies compose across multiple protocols
Hook system adds new composition vectors

Cascade Exposure

Weight 5%50% conf

100

Excellent

Member of 1 dependency cluster(s)
No cross-protocol cascade exposure detected
Score: 100/100 (higher = more isolated from systemic risk)
Source: cross_protocol_composition.json dependency analysis

Supply Chain

Weight 4%82% conf

Strong

Standard Solidity settlement contracts
Rust-based solver infrastructure
Well-maintained dependency set
Verified on Ethereum mainnet

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience50

Compositional Risk75

Governance & Upgradeability80

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-03-28Z-Factor 0.82010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "cow-protocol"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("cow-protocol")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →