Sablier
MITHRILToken Streaming · Multi-chain · $100M+ TVL · 10 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
90
92
95
85
82
85
50
90
80
100
90
92
95
85
82
85
50
90
80
100
Audit History
Bug Bounty Program
Assessment
Clean, focused token streaming protocol. Simplicity is its greatest security asset - no oracles, no flash loans, straightforward math. D5 penalized for lack of formal governance, D6 for V2's relative youth. V1's 7-year org history helps.
Dimension Breakdown
How scores work →- Minimal admin surface - stream creation is permissionless
- Cancel/withdraw controls per-stream by sender/recipient
- NFT representation of streams (ERC-721)
- No global admin or pause mechanism in V2
- Linear, cliff, and dynamic streaming curves
- Math is straightforward (time-proportional release)
- No flash loan surface, no yield generation
- Economic model is simple and well-understood
- No external oracle dependency whatsoever
- Time-based streaming uses block.timestamp only
- No price feeds, no TWAP, no external data
- Simplest possible temporal model
- V2 live since mid-2023 (24 months)
- V1 live since 2019 (7 years org history)
- Zero exploits across any version
- Multiple audits (Cantina, CodeHawks)
- Z-factor: 0.750 (V2 age)
- Small team governance, no token, no DAO
- Multisig for protocol admin (minimal admin needed)
- Deployment decisions by core team
- No formal governance framework
- Maximum resilience under independent adversarial testing
- Comprehensive security coverage across all attack surfaces
- Mature codebase with extensive battle testing
- No validated adversarial findings — score set to neutral baseline
- Small but professional team
- Limited incident response documentation
- Multi-chain deployment management
- Active development cadence
- Limited composability - NFT streams can be traded
- No deep external protocol dependencies
- Minimal integration surface by design
- Lockup and Flow contracts are self-contained
- Member of 1 dependency cluster(s)
- No cross-protocol cascade exposure detected
- Score: 100/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- Minimal dependencies (PRBMath, OpenZeppelin)
- Clean Solidity codebase
- Verified on all deployment chains
- Professional build and test pipeline
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "sablier"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("sablier")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.