Hyperlane
DAMASCUSCross-Chain Messaging · Multi-chain · N/A (infra) TVL · 10 contracts
Confidence 67%Z-Factor 0.74Updated 2026-05-17Cross-chain assessedPublic Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
772
BRI Score
3004756508251000
Security Profile
Access Control
78
78
Economic Soundness
75
75
Oracle Integrity
72
72
Compositional Risk
62
62
Governance
55
55
Maturity
58
58
Resilience
71
71
Supply Chain
78
78
Cross-Chain Messaging
65
65
Op Security
64
64
Cascade Exposure
100
100
Access Ctrl
78
78
Economic
75
75
Oracle
72
72
Compos.
62
62
Govern.
55
55
Maturity
58
58
Resilience
71
71
Supply Ch.
78
78
X-Chain
65
65
OpSec
64
64
Cascade
100
100
Min
55
Avg
71
Max
100
Audit History
Trail of Bits
2023-01
Spearbit
2023-06
Bug Bounty Program
$250,000
Max payout on Immunefi
Assessment
Newer cross-chain messaging protocol with modular ISM design. D5 low (55) due to pre-token governance centralization. D6 low (58) for 24-month maturity. Innovative architecture but limited stress history.
Dimension Breakdown
How scores work →Access Control
Weight 16%75% conf
78
arrow_forwardGood
+26Modular ISM (Interchain Security Module) architecture
+26Configurable security per route (multisig, optimistic, etc.)
+26Permissionless deployment of mailboxes
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 12%70% conf
75
arrow_forwardGood
+25Relayer/validator fee model (gas-based)
-25No direct DeFi economics to exploit
+25Interchain gas paymaster handles cross-chain fees
+25Limited economic stress testing
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 12%68% conf
72
arrow_forwardGood
+24Validators attest to cross-chain merkle roots
+24ISM modularity allows custom oracle configurations
-28No external price oracle dependency
+24Trust assumption varies by ISM configuration
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 11%62% conf
58
arrow_forwardModerate
+14Mainnet since mid-2023 (~24 months)
+14Relatively newer cross-chain protocol
+14Growing adoption but limited stress history
+14Z-factor: 0.8
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
71
Good
- Score derived from continuous adversarial security research
Compositional Risk
Weight 9%68% conf
62
arrow_forwardModerate
-38Cross-chain message passing = high compositional risk
+21Warp Routes for token bridging compose with DeFi
+21ISM modularity means varied security per deployment
+21Permissionless deployment increases composition surface
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 9%60% conf
55
arrow_forwardModerate
+28Newer governance structure, still centralizing
+28Foundation-controlled upgrades on core contracts
-45No token-based governance yet (pre-token)
receipt_longView provenance chainarrow_forward
Cross-Chain Messaging
Weight 9%68% conf
65
arrow_forwardModerate
+22Cross-chain messaging is core product
-35Modular ISM is innovative but adds configuration risk
+22Permissionless deployment means varied security levels
+22Growing chain support, each adds surface area
receipt_longView provenance chainarrow_forward
Operational Security
Weight 9%60% conf
64
arrow_forwardModerate
-9No branch protection detected
-9CI/CD present but unstable (60% success)
+16Commit signing: 100% verified
+16Strong PR review culture (93% reviewed)
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%55% conf
100
arrow_forwardExcellent
+33Appears in 1 cross-protocol cascade chain(s)
+33Member of 3 dependency cluster(s)
0Score: 100/100 (higher = more isolated from systemic risk)
+33Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%75% conf
78
arrow_forwardGood
+20Modern Solidity (0.8.x)
+20OpenZeppelin dependencies
+20Rust components for off-chain validators
+20Well-structured monorepo
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Governance & Upgradeability55
Battle-Tested Maturity58
Compositional Risk62
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "hyperlane"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("hyperlane")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.