BlackHartBlackHart
Scores/Pyth Network

Pyth Network

DAMASCUS

Oracle Infrastructure · Solana + Multi-chain · N/A (oracle) TVL · 8 contracts

Confidence 73%Z-Factor 0.80Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

835
BRI Score
3004756508251000

Security Profile

Access Ctrl
82
Economic
88
Oracle
90
Compos.
75
Govern.
75
Maturity
72
Resilience
50
Supply Ch.
78
OpSec
66
Cascade
100
Min
50
Avg
78
Max
100

Audit History

OtterSec
2023-05
Zellic
2023-09
Gupta
2024-01

Bug Bounty Program

$500,000
Max payout on Immunefi
View Program →

Assessment

Leading pull-based oracle, second to Chainlink. Younger (24 months EVM) with Wormhole dependency for cross-chain. D5 penalized for centralized governance, D6 for lower maturity vs Chainlink. Clean security record.

Dimension Breakdown

How scores work →
Access Control
Weight 18%75% conf
82
Strong
arrow_forward
+20Data provider permissioning by Pyth Data Association
+20Price feed ACL with publisher whitelist
+20Pythnet validator set manages consensus
+20Wormhole guardian attestation for cross-chain delivery
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%82% conf
88
Strong
arrow_forward
+22Pull-based model: consumers pay for price updates
+22PYTH token staking for data quality incentives
+22Publisher staking mechanism (emerging)
+22Sustainable fee model from consumer demand
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%88% conf
90
Excellent
arrow_forward
+22Pull-based oracle model (consumer-initiated updates)
+22Confidence intervals quantify price uncertainty
+22EMA (Exponential Moving Average) smoothing
+22Multi-publisher aggregation with outlier filtering
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%72% conf
72
Good
arrow_forward
+18EVM mainnet since 2023 (~24 months)
+18Solana-native since 2021 (48 months)
-28No protocol-level exploit
+18Growing adoption but younger than Chainlink
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%70% conf
75
Good
arrow_forward
+19Pyth DAO governance via PYTH token (launched Nov 2023)
+19Pyth Data Association retains significant operational control
+19Governance scope limited to token distribution and parameters
+19Decentralization roadmap emerging
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%30% conf
50
Concerning
  • Maximum resilience under independent adversarial testing
  • Comprehensive security coverage across all attack surfaces
  • Active bounty program incentivizes continuous scrutiny
  • No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%60% conf
66
Moderate
arrow_forward
-8No branch protection detected
-8CI/CD present but unstable (20% success)
+16Commit signing: 70% verified
+16Strong PR review culture (97% reviewed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%72% conf
75
Good
arrow_forward
+19Wormhole dependency for cross-chain price delivery
+19Multi-chain deployment across 50+ chains
+19Pythnet as custom appchain adds unique infrastructure
+19Deep downstream integration (Synthetix, Marginfi, etc.)
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%55% conf
100
Excellent
arrow_forward
+33Appears in 1 cross-protocol cascade chain(s)
+33Member of 2 dependency cluster(s)
0Score: 100/100 (higher = more isolated from systemic risk)
+33Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%74% conf
78
Good
arrow_forward
+20Rust (Solana/Pythnet) + Solidity (EVM) dual codebase
+20Wormhole SDK dependency for cross-chain
+20Hermes API for off-chain price retrieval
+20Multi-language supply chain adds complexity
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Adversarial Resilience50
Operational Security66
Battle-Tested Maturity72

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2021-08-01Z-Factor 0.80010 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"pyth"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("pyth")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →