Scores/Pendle V2

Pendle V2

TEMPERED

Yield Trading · Multi-chain · $3B+ TVL · 15 contracts

Official site: www.pendle.finance ↗

746

3004756508251000

Confidence77%

Z-Factor0.77

Updated 2026-05-27Public score

Security Profile

Access Control
73

Economic Soundness
68

Oracle Integrity
62

Compositional Risk
65

Governance
60

Maturity
78

Resilience
44

Supply Chain
80

Op Security
47

Cascade Exposure
77

Access Ctrl
73

Economic
68

Oracle
62

Compos.
65

Govern.
60

Maturity
78

Resilience
44

Supply Ch.
80

OpSec
47

Cascade
77

Min

Avg

Max

Audit History

Ackee Blockchain

2023-05

Dedaub

2024-01

Decurity

2024-03

Bug Bounty Program

$250,000

Max payout on Immunefi

View Program

Assessment

Novel yield tokenization with complex economic model (D2=68) and heavy oracle dependency (D3=62, OR-001 known). High compositional risk from 30+ SY adapters (D4=65). Governance centralization (D5=60) is a drag. Good maturity and adversarial resilience (zero exploitable findings) lift the score within TEMPERED range.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 78% confidence

+187 access control checks across 8 graphs -- moderate coverage for protocol complexity

-27Permissionless market creation increases attack surface

+18SY/PT/YT token model with complex mint/redeem flows through 1981 functions

+18Reentrancy guards present on core paths

Provenance

Economic Soundness

Weight 13% · 72% confidence

+14Novel yield tokenization: PT/YT splitting is unique economic model

+14AMM curve (Logit-based) less stress-tested than Uniswap-style

+14Implied rate manipulation via AMM state is theoretical attack vector

+14Maturity-based expiry creates time-dependent risk profiles

Provenance

Oracle Integrity

Weight 13% · 74% confidence

+12151 oracle references in PendlePtLpOracle graph

+12Custom TWAP oracle for PT implied rates with known finding OR-001

+12PT pricing depends on AMM state (circular dependency risk)

+12Oracle manipulation cost varies by market liquidity

Provenance

Battle-Tested Maturity

Weight 12% · 80% confidence

+16V2 live since late 2022 (~3.5 years)

+16Survived 2023-2024-2025 market cycles including LST/LRT volatility

+16Audited by Watchpug, Dedaub, Ackee

+16No major exploits on core contracts

Provenance

Governance & Upgradeability

Weight 10% · 75% confidence

+20VotingEscrow + GaugeController governance stack (108 + 343 functions)

+20CB-004 known finding on VotingEscrow

-20Team multisig with no visible timelock on emergency functions

-20Centralized parameter control for market creation and fee rates

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Score derived from continuous adversarial security research

Provenance

Operational Security

Weight 10% · 50% confidence

-26No branch protection detected

+9No CI/CD pipeline detected

+9Commit signing: 76% verified

-26Weak PR review coverage (0%)

Provenance

Compositional Risk

Weight 5% · 72% confidence

+1317 external calls across 8 contracts

+13Composes with 30+ yield sources (Aave, Lido, Renzo, etc.)

+13Each SY adapter is a trust boundary with unique risk profile

+1328 compound chains found via chain composition (all IRRATIONAL)

Provenance

Cascade Exposure

Weight 5% · 70% confidence

+26Appears in 4 cross-protocol cascade chain(s)

+26Member of 4 dependency cluster(s)

+26Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 78% confidence

+27Standard OZ libraries for base contracts

+27Each SY adapter adds unique dependency risk

+2712 reentry edge types detected -- reentrancy surface exists but guarded

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Adversarial Resilience

44+38.2 potential

Operational Security

47+35 potential

No branch protection detected

Oracle Integrity

62+28.6 potential

151 oracle references in PendlePtLpOracle graph

Access Control

73+26 potential

Permissionless market creation increases attack surface

Governance & Upgradeability

60+23.4 potential

VotingEscrow + GaugeController governance stack (108 + 343 functions)

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2023-06-2610 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:4...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "pendle-v2"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("pendle-v2")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/pendle-v2?variant=card&theme=dark"
  title="BlackHart Risk Index: Pendle V2"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review