BlackHartBlackHart
Scores/Pendle V2

Pendle V2

TEMPERED

Yield Trading · Multi-chain · $3B+ TVL · 15 contracts

Confidence 77%Z-Factor 0.77Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

746
BRI Score
3004756508251000

Security Profile

Access Ctrl
73
Economic
68
Oracle
62
Compos.
65
Govern.
60
Maturity
78
Resilience
44
Supply Ch.
80
OpSec
47
Cascade
77
Min
44
Avg
65
Max
80

Audit History

Ackee Blockchain
2023-05
Dedaub
2024-01
Decurity
2024-03

Bug Bounty Program

$200,000
Max payout on Immunefi
View Program →

Assessment

Novel yield tokenization with complex economic model (D2=68) and heavy oracle dependency (D3=62, OR-001 known). High compositional risk from 30+ SY adapters (D4=65). Governance centralization (D5=60) is a drag. Good maturity and adversarial resilience (zero exploitable findings) lift the score within TEMPERED range.

Dimension Breakdown

How scores work →
Access Control
Weight 18%78% conf
73
Good
arrow_forward
+187 access control checks across 8 graphs -- moderate coverage for protocol complexity
+18Permissionless market creation increases attack surface
+18SY/PT/YT token model with complex mint/redeem flows through 1981 functions
+18Reentrancy guards present on core paths
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%72% conf
68
Moderate
arrow_forward
+17Novel yield tokenization: PT/YT splitting is unique economic model
+17AMM curve (Logit-based) less stress-tested than Uniswap-style
+17Implied rate manipulation via AMM state is theoretical attack vector
-32Maturity-based expiry creates time-dependent risk profiles
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%74% conf
62
Moderate
arrow_forward
+16151 oracle references in PendlePtLpOracle graph
+16Custom TWAP oracle for PT implied rates with known finding OR-001
-38PT pricing depends on AMM state (circular dependency risk)
+16Oracle manipulation cost varies by market liquidity
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%80% conf
78
Good
arrow_forward
+20V2 live since late 2022 (~3.5 years)
+20Survived 2023-2024-2025 market cycles including LST/LRT volatility
+20Audited by Watchpug, Dedaub, Ackee
-22No major exploits on core contracts
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%75% conf
60
Moderate
arrow_forward
+15VotingEscrow + GaugeController governance stack (108 + 343 functions)
+15CB-004 known finding on VotingEscrow
-40Team multisig with no visible timelock on emergency functions
+15Centralized parameter control for market creation and fee rates
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%95% conf
44
Concerning
  • Score derived from continuous adversarial security research
Operational Security
Weight 10%50% conf
47
Concerning
arrow_forward
-9No branch protection detected
-9No CI/CD pipeline detected
+24Commit signing: 76% verified
-9Weak PR review coverage (0%)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%72% conf
65
Moderate
arrow_forward
+2217 external calls across 8 contracts
+22Composes with 30+ yield sources (Aave, Lido, Renzo, etc.)
-18Each SY adapter is a trust boundary with unique risk profile
+2228 compound chains found via chain composition (all IRRATIONAL)
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%70% conf
77
Good
arrow_forward
+26Appears in 4 cross-protocol cascade chain(s)
+26Member of 4 dependency cluster(s)
-23Score: 77/100 (higher = more isolated from systemic risk)
+26Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%78% conf
80
Strong
arrow_forward
+40Standard OZ libraries for base contracts
-20Each SY adapter adds unique dependency risk
+4012 reentry edge types detected -- reentrancy surface exists but guarded
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience44
Operational Security47
Governance & Upgradeability60

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2023-06-26Z-Factor 0.77010 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"pendle-v2"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("pendle-v2")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →