Ondo Finance
DAMASCUSRWA / Tokenization · Ethereum · $500M+ TVL · 10 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
80
88
85
65
40
72
98
85
80
95
80
88
85
65
40
72
98
85
80
95
Audit History
Bug Bounty Program
Assessment
RWA protocol with strongest economic soundness (D2=88) in batch due to Treasury backing. Extreme centralization (D5=40) is the major drag but is by design for regulatory compliance. BRI penalizes centralization regardless of intent.
Dimension Breakdown
How scores work →- KYC-gated whitelist provides strong access control
- Admin keys are a feature for RWA compliance, not a bug
- Freeze/blacklist/pause capabilities by design
- Role-based admin with multi-sig
- US Treasury backing provides strong economic foundation
- NAV tied to real-world assets with daily attestation
- Minimal DeFi-native economic risk (no AMM, no leverage)
- Redemption mechanism backed by real custodied assets
- NAV oracle from institutional custodian
- Off-chain asset pricing with minimal on-chain manipulation surface
- Trusted party model (acceptable for RWA)
- Daily NAV updates with attestation
- Live since 2023 (~2 years)
- Clean operational record, no exploits
- Institutional backing provides credibility
- Audited by Code4rena, Halborn
- Z-factor: 0.769
- Extremely centralized: admin controls mint, burn, freeze, blacklist
- No on-chain governance mechanism
- Regulatory compliance requires centralization (by design)
- Token holders have zero protocol governance power
- Score derived from continuous adversarial security research
- Regulated entity with professional operations
- Institutional custodian oversight
- Compliance-driven operational procedures
- Limited public transparency on monitoring infrastructure
- Limited DeFi composition by design (whitelist restrictions)
- Growing integrations (Flux, Morpho) expand composition surface
- Custodian failure is the primary compositional risk
- Regulatory dependency adds systemic risk dimension
- No cross-protocol cascade exposure detected
- Score: 95/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- Simple ERC-20 with access control extensions
- Minimal dependency chain
- Standard OpenZeppelin libraries
- No complex proxy patterns needed
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "ondo"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("ondo")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.