Scores/Pyth Network

Pyth Network

DAMASCUS

Oracle Infrastructure · Solana + Multi-chain · N/A (oracle) TVL · 8 contracts

Official site: pyth.network ↗

835

3004756508251000

Confidence73%

Z-Factor0.80

Updated 2026-05-27Public score

Security Profile

Access Control
82

Economic Soundness
88

Oracle Integrity
90

Compositional Risk
75

Governance
75

Maturity
72

Resilience
50

Supply Chain
78

Op Security
67

Cascade Exposure
100

Access Ctrl
82

Economic
88

Oracle
90

Compos.
75

Govern.
75

Maturity
72

Resilience
50

Supply Ch.
78

OpSec
67

Cascade
100

Min

Avg

Max

100

Audit History

OtterSec

2023-05

Zellic

2023-09

Gupta

2024-01

Bug Bounty Program

$250,000

Max payout on Immunefi

View Program

Assessment

Leading pull-based oracle, second to Chainlink. Younger (24 months EVM) with Wormhole dependency for cross-chain. D5 penalized for centralized governance, D6 for lower maturity vs Chainlink. Clean security record.

Dimension Breakdown

Methodology

Access Control

Weight 18% · 75% confidence

+20Data provider permissioning by Pyth Data Association

+20Price feed ACL with publisher whitelist

+20Pythnet validator set manages consensus

+20Wormhole guardian attestation for cross-chain delivery

Provenance

Economic Soundness

Weight 13% · 82% confidence

+22Pull-based model: consumers pay for price updates

+22PYTH token staking for data quality incentives

+22Publisher staking mechanism (emerging)

+22Sustainable fee model from consumer demand

Provenance

Oracle Integrity

Weight 13% · 88% confidence

+22Pull-based oracle model (consumer-initiated updates)

+22Confidence intervals quantify price uncertainty

+22EMA (Exponential Moving Average) smoothing

+22Multi-publisher aggregation with outlier filtering

Provenance

Battle-Tested Maturity

Weight 12% · 72% confidence

+14EVM mainnet since 2023 (~24 months)

+14Solana-native since 2021 (48 months)

+14No protocol-level exploit

+14Growing adoption but younger than Chainlink

Provenance

Governance & Upgradeability

Weight 10% · 70% confidence

+19Pyth DAO governance via PYTH token (launched Nov 2023)

+19Pyth Data Association retains significant operational control

+19Governance scope limited to token distribution and parameters

+19Decentralization roadmap emerging

Provenance

Adversarial Resilienceredacted

Weight 10% · 30% confidence

Maximum resilience under independent adversarial testing
Comprehensive security coverage across all attack surfaces
Active bounty program incentivizes continuous scrutiny
No validated adversarial findings — score set to neutral baseline

Provenance

Operational Security

Weight 10% · 60% confidence

-16No branch protection detected

-16CI/CD present but unstable (40% success)

+17Commit signing: 72% verified

+17Strong PR review culture (93% reviewed)

Provenance

Compositional Risk

Weight 5% · 72% confidence

+19Wormhole dependency for cross-chain price delivery

+19Multi-chain deployment across 50+ chains

+19Pythnet as custom appchain adds unique infrastructure

+19Deep downstream integration (Synthetix, Marginfi, etc.)

Provenance

Cascade Exposure

Weight 5% · 55% confidence

100

+33Appears in 1 cross-protocol cascade chain(s)

+33Member of 2 dependency cluster(s)

+33Source: cross_protocol_composition.json dependency analysis

Provenance

Supply Chain

Weight 4% · 74% confidence

+20Rust (Solana/Pythnet) + Solidity (EVM) dual codebase

+20Wormhole SDK dependency for cross-chain

+20Hermes API for off-chain price retrieval

+20Multi-language supply chain adds complexity

Provenance

Top Score Drivers

Dimensions with the greatest marginal impact on BRI.

Adversarial Resilience

50+38.4 potential

Operational Security

67+21.9 potential

Commit signing: 72% verified

Battle-Tested Maturity

72+21.5 potential

EVM mainnet since 2023 (~24 months)

Access Control

82+19.5 potential

Data provider permissioning by Pyth Data Association

Governance & Upgradeability

75+15.6 potential

Pyth DAO governance via PYTH token (launched Nov 2023)

Adversarial Risk Signals

Publicly verifiable security posture indicators.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2021-08-0110 dimensionsProvenance Ledger

methodology v2.1formula v1.1weights v1.1evidence sha256:sha256:f...

Score History & Verification

Score provenance tracking begins with the next reassessment.

Full provenance ledger

On-Chain Data

Protocol Slug: "pyth"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("pyth")

Reduce exploitable risk

Continuous adversarial analysis, vulnerability detection, and verified reassessment.

View Plans Methodology

Embed this score

Live, updates automatically. Free for any site. Click-through links open the full report on BlackHart.

Public

Style

Theme

Format

Preview

Copy iframe code

<iframe
  src="https://blackhart.io/embed/oracle/pyth?variant=card&theme=dark"
  title="BlackHart Risk Index: Pyth Network"
  width="340"
  height="290"
  frameborder="0"
  loading="lazy"
  style="border:0; max-width:100%;"
></iframe>

Believe this score contains a factual error? Submit evidence for review