Pyth Network
DAMASCUSOracle Infrastructure · Solana + Multi-chain · N/A (oracle) TVL · 8 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
82
88
90
75
75
72
50
78
80
100
82
88
90
75
75
72
50
78
80
100
Audit History
Bug Bounty Program
Assessment
Leading pull-based oracle, second to Chainlink. Younger (24 months EVM) with Wormhole dependency for cross-chain. D5 penalized for centralized governance, D6 for lower maturity vs Chainlink. Clean security record.
Dimension Breakdown
How scores work →- Data provider permissioning by Pyth Data Association
- Price feed ACL with publisher whitelist
- Pythnet validator set manages consensus
- Wormhole guardian attestation for cross-chain delivery
- Pull-based model: consumers pay for price updates
- PYTH token staking for data quality incentives
- Publisher staking mechanism (emerging)
- Sustainable fee model from consumer demand
- Pull-based oracle model (consumer-initiated updates)
- Confidence intervals quantify price uncertainty
- EMA (Exponential Moving Average) smoothing
- Multi-publisher aggregation with outlier filtering
- EVM mainnet since 2023 (~24 months)
- Solana-native since 2021 (48 months)
- No protocol-level exploit
- Growing adoption but younger than Chainlink
- Z-factor: 0.750 (EVM age)
- Pyth DAO governance via PYTH token (launched Nov 2023)
- Pyth Data Association retains significant operational control
- Governance scope limited to token distribution and parameters
- Decentralization roadmap emerging
- Maximum resilience under independent adversarial testing
- Comprehensive security coverage across all attack surfaces
- Active bounty program incentivizes continuous scrutiny
- No validated adversarial findings — score set to neutral baseline
- Professional operations by Pyth Data Association
- Publisher SLA monitoring
- Multi-chain deployment and monitoring
- Growing operational maturity
- Wormhole dependency for cross-chain price delivery
- Multi-chain deployment across 50+ chains
- Pythnet as custom appchain adds unique infrastructure
- Deep downstream integration (Synthetix, Marginfi, etc.)
- Appears in 1 cross-protocol cascade chain(s)
- Member of 2 dependency cluster(s)
- Score: 100/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
- Rust (Solana/Pythnet) + Solidity (EVM) dual codebase
- Wormhole SDK dependency for cross-chain
- Hermes API for off-chain price retrieval
- Multi-language supply chain adds complexity
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "pyth"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("pyth")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.