Scores/Hyperlane

Hyperlane

DAMASCUS

Cross-Chain Messaging · Multi-chain · N/A (infra) TVL · 10 contracts

Official site: hyperlane.xyz ↗

772

3004756508251000

Confidence67%

Z-Factor0.74

Updated 2026-05-27Public score

Security Profile

Access Control
78

Economic Soundness
75

Oracle Integrity
72

Compositional Risk
62

Governance
55

Maturity
58

Resilience
71

Supply Chain
78

Cross-Chain Messaging
65

Op Security
64

Cascade Exposure
100

Access Ctrl
78

Economic
75

Oracle
72

Compos.
62

Govern.
55

Maturity
58

Resilience
71

Supply Ch.
78

X-Chain
65

OpSec
64

Cascade
100

Min

Avg

Max

100

Audit History

Trail of Bits

2023-01

Spearbit

2023-06

Bug Bounty Program

$2,500,000

Max payout on Immunefi

View Program

Assessment

Newer cross-chain messaging protocol with modular ISM design. D5 low (55) due to pre-token governance centralization. D6 low (58) for 24-month maturity. Innovative architecture but limited stress history.

Dimension Breakdown

Methodology

Access Control

Weight 16% · 75% confidence

+26Modular ISM (Interchain Security Module) architecture

+26Configurable security per route (multisig, optimistic, etc.)

+26Permissionless deployment of mailboxes

Provenance

Economic Soundness

Weight 12% · 70% confidence

+19Relayer/validator fee model (gas-based)

+19No direct DeFi economics to exploit

+19Interchain gas paymaster handles cross-chain fees

+19Limited economic stress testing

Provenance

Oracle Integrity

Weight 12% · 68% confidence

+18Validators attest to cross-chain merkle roots

+18ISM modularity allows custom oracle configurations

+18No external price oracle dependency

+18Trust assumption varies by ISM configuration

Provenance

Battle-Tested Maturity

Weight 11% · 62% confidence

+19Mainnet since mid-2023 (~24 months)

+19Relatively newer cross-chain protocol

-42Growing adoption but limited stress history

+19Z-factor: 0.8

Provenance

Adversarial Resilienceredacted

Weight 10% · 95% confidence

Score derived from continuous adversarial security research

Provenance

Compositional Risk

Weight 9% · 68% confidence

+16Cross-chain message passing = high compositional risk

+16Warp Routes for token bridging compose with DeFi

+16ISM modularity means varied security per deployment

+16Permissionless deployment increases composition surface

Provenance

Governance & Upgradeability

Weight 9% · 60% confidence

+18Newer governance structure, still centralizing

+18Foundation-controlled upgrades on core contracts

+18No token-based governance yet (pre-token)

Provenance

Cross-Chain Messaging

Weight 9% · 68% confidence

+16Cross-chain messaging is core product

+16Modular ISM is innovative but adds configuration risk

+16Permissionless deployment means varied security levels

+16Growing chain support, each adds surface area

Provenance

Operational Security

Weight 9% · 60% confidence

-18No branch protection detected

-18CI/CD present but unstable (60% success)

+16Commit signing: 100% verified

+16Strong PR review culture (93% reviewed)

Provenance

Cascade Exposure

Weight 5% · 55% confidence

100

+33Appears in 1 cross-protocol cascade chain(s)

+33Member of 3 dependency cluster(s)

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 75% confidence

+20Modern Solidity (0.8.x)

+20OpenZeppelin dependencies

+20Rust components for off-chain validators

+20Well-structured monorepo

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Battle-Tested Maturity

58+29.2 potential

Growing adoption but limited stress history

Governance & Upgradeability

55+26.1 potential

Newer governance structure, still centralizing

Compositional Risk

62+20.8 potential

Cross-chain message passing = high compositional risk

Operational Security

64+19.4 potential

No branch protection detected

Access Control

78+19.2 potential

Modular ISM (Interchain Security Module) architecture

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-08-0111 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:7...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "hyperlane"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("hyperlane")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/hyperlane?variant=card&theme=dark"
  title="BlackHart Risk Index: Hyperlane"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review