BlackHartBlackHart
Scores/Pendle V2

Pendle V2

DAMASCUS

Yield Trading · Multi-chain · $3B+ TVL · 15 contracts

Confidence 77%Z-Factor 0.77Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

767
BRI Score
3004756508251000

Security Profile

Access Ctrl
73
Economic
68
Oracle
62
Compos.
65
Govern.
60
Maturity
78
Resilience
44
Supply Ch.
80
OpSec
75
Cascade
77
Min
44
Avg
68
Max
80

Audit History

Ackee Blockchain
2023-05
Dedaub
2024-01
Decurity
2024-03

Bug Bounty Program

$200,000
Max payout on Immunefi
View Program →

Assessment

Novel yield tokenization with complex economic model (D2=68) and heavy oracle dependency (D3=62, OR-001 known). High compositional risk from 30+ SY adapters (D4=65). Governance centralization (D5=60) is a drag. Good maturity and adversarial resilience (zero exploitable findings) lift the score within TEMPERED range.

Dimension Breakdown

How scores work →
Access Control
Weight 18%78% conf
73
Good
  • 7 access control checks across 8 graphs -- moderate coverage for protocol complexity
  • Permissionless market creation increases attack surface
  • SY/PT/YT token model with complex mint/redeem flows through 1981 functions
  • Reentrancy guards present on core paths
  • 2-step ownership transfer (claimOwnership) reduces admin takeover risk
Economic Soundness
Weight 13%72% conf
68
Moderate
  • Novel yield tokenization: PT/YT splitting is unique economic model
  • AMM curve (Logit-based) less stress-tested than Uniswap-style
  • Implied rate manipulation via AMM state is theoretical attack vector
  • Maturity-based expiry creates time-dependent risk profiles
  • 19 state writes concentrated in YieldContractFactory -- limited mutation surface
Oracle Integrity
Weight 13%74% conf
62
Moderate
  • 151 oracle references in PendlePtLpOracle graph
  • Custom TWAP oracle for PT implied rates with known finding OR-001
  • PT pricing depends on AMM state (circular dependency risk)
  • Oracle manipulation cost varies by market liquidity
  • 1 price_feed edge type detected in graph topology
Battle-Tested Maturity
Weight 12%80% conf
78
Good
  • V2 live since late 2022 (~3.5 years)
  • Survived 2023-2024-2025 market cycles including LST/LRT volatility
  • Audited by Watchpug, Dedaub, Ackee
  • No major exploits on core contracts
  • Z-factor: 0.827
Governance & Upgradeability
Weight 10%75% conf
60
Moderate
  • VotingEscrow + GaugeController governance stack (108 + 343 functions)
  • CB-004 known finding on VotingEscrow
  • Team multisig with no visible timelock on emergency functions
  • Centralized parameter control for market creation and fee rates
  • setExpiryDivisor, setInterestFeeRate, setRewardFeeRate, setTreasury -- admin-controlled
Adversarial Resilience
Weight 10%95% conf
44
Concerning
  • Score derived from continuous adversarial security research
Operational Security
Weight 10%72% conf
75
Good
  • Active development team across multiple chains
  • Monitoring infrastructure present
  • Bug bounty active on Immunefi
  • Incident response untested at scale
Compositional Risk
Weight 5%72% conf
65
Moderate
  • 17 external calls across 8 contracts
  • Composes with 30+ yield sources (Aave, Lido, Renzo, etc.)
  • Each SY adapter is a trust boundary with unique risk profile
  • 28 compound chains found via chain composition (all IRRATIONAL)
  • Cross-chain deployments via PendleMsgReceiveEndpoint add bridge-layer risk
Cascade Exposure
Weight 5%70% conf
77
Good
  • Appears in 4 cross-protocol cascade chain(s)
  • Member of 4 dependency cluster(s)
  • Score: 77/100 (higher = more isolated from systemic risk)
  • Source: cross_protocol_composition.json dependency analysis
Supply Chain
Weight 4%78% conf
80
Strong
  • Standard OZ libraries for base contracts
  • Each SY adapter adds unique dependency risk
  • Proxy patterns used for upgradeability (IMPLEMENTATION_SLOT, ADMIN_SLOT, BEACON_SLOT detected)
  • 12 reentry edge types detected -- reentrancy surface exists but guarded

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience44
Governance & Upgradeability60
Oracle Integrity62

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2023-06-26Z-Factor 0.77010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug
"pendle-v2"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("pendle-v2")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →