Scores/Polymarket

Polymarket

FORGED

Prediction Market · Polygon · $500M+ TVL · 10 contracts

Official site: polymarket.com ↗

646

3004756508251000

Confidence70%

Z-Factor0.80

Updated 2026-05-27Public score

Security Profile

Access Control
50

Economic Soundness
72

Oracle Integrity
55

Compositional Risk
75

Governance
30

Maturity
72

Resilience
32

Supply Chain
78

Op Security
20

Cascade Exposure
100

Access Ctrl
50

Economic
72

Oracle
55

Compos.
75

Govern.
30

Maturity
72

Resilience
32

Supply Ch.
78

OpSec
20

Cascade
100

Min

Avg

Max

100

Audit History

Chainsecurity

2022-06

Sherlock Competition

2024-06

Bug Bounty Program

$5,000,000

Max payout on Cantina

View Program

Assessment

Prediction market with 47-month track record and ~$1B TVL. D5 very low (35) due to fully centralized governance and CFTC settlement. D3 low (55) for admin-overridable resolution oracle. Strong market adoption but significant centralization.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 85% confidence

+17Admin controls market creation and resolution

+17User pause/unpause capability for admin

-17Centralized market resolution (UMA oracle + admin override)

+17Operator/admin role separation in CTF

Provenance

Economic Soundness

Weight 13% · 70% confidence

+18Binary outcome token market model (well-understood)

+18USDC-based collateral (stablecoin risk)

+18Orderbook/AMM hybrid for trading

+18~$1B TVL demonstrates economic viability

Provenance

Oracle Integrity

Weight 13% · 68% confidence

+28UMA optimistic oracle for market resolution

-22Admin can override resolution (centralization risk)

+28Resolution disputes possible but admin has final say

-22Single oracle dependency for all market outcomes

Provenance

Battle-Tested Maturity

Weight 12% · 75% confidence

+18Live since mid-2021 (47 months)

+18Major usage during 2024 US election cycle

+18Regulatory scrutiny adds operational risk

+18Z-factor: 0.887

Provenance

Governance & Upgradeability

Weight 10% · 80% confidence

-18Fully centralized operation (Polymarket Inc.)

-18No on-chain governance mechanism

+30Admin controls market creation, resolution, pausing

-18Significant regulatory concerns (CFTC settlement 2022)

Provenance

Adversarial Resilienceredacted

Weight 10% · 98% confidence

EXPLOITED HACK-POLYMARKET-2026-001 (2026-05-22): operational private-key compromise drained ~$700K POL
Defensive stack provided ZERO friction to the drain: 100+ identical-pattern txs in 220 minutes with no automated response
Adversarial resilience must now also account for confirmed real-world exploit, not just theoretical findings

Provenance

Operational Security

Weight 10% · 98% confidence

+4EXPLOITED HACK-POLYMARKET-2026-001 (2026-05-22): private-key compromise of two operational hot wallets on Polygon

+4Drained: 0x871D7c0f...929082 (POL reward wallet) and 0x91430CaD...14E5c5 (UMA CTF Adapter Admin, tagged COMPROMISED on Polygonscan)

-80Attack pattern: 5,000 POL transfers every ~30 seconds at 415+ gwei priority — single private-key, no multisig, no MPC, no velocity circuit breaker

+4No HSM/MPC custody on operational wallets controlling protocol-adjacent value (~$700K lost)

Provenance

Compositional Risk

Weight 5% · 72% confidence

+19CTF (Conditional Token Framework) from Gnosis

+19Limited DeFi composability (prediction-specific)

+19USDC dependency for all markets

+19Polygon chain deployment

Provenance

Cascade Exposure

Weight 5% · 50% confidence

100

+33Member of 1 dependency cluster(s)

+33No cross-protocol cascade exposure detected

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 75% confidence

+20Gnosis CTF framework (battle-tested base)

+20Standard Solidity contracts

+20Polygon deployment (MATIC chain)

+20Moderate dependency set

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Operational Security

20+60.4 potential

Attack pattern: 5,000 POL transfers every ~30 seconds at 415+ gwei priority — single private-key, no multisig, no MPC, no velocity circuit breaker

Access Control

50+46 potential

Admin controls market creation and resolution

Governance & Upgradeability

30+44.3 potential

Admin controls market creation, resolution, pausing

Adversarial Resilience

32+41.8 potential

Oracle Integrity

55+28 potential

UMA optimistic oracle for market resolution

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2020-10-0110 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:e...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "polymarket"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("polymarket")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/polymarket?variant=card&theme=dark"
  title="BlackHart Risk Index: Polymarket"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review