Scores/Hyperlane

Hyperlane

DAMASCUS

Cross-Chain Messaging · Multi-chain · N/A (infra) TVL · 10 contracts

Confidence 67%Z-Factor 0.74Updated 2026-05-06Cross-chain assessedPublic Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

775

BRI Score

3004756508251000

Security Profile

Access Control
78

Economic Soundness
75

Oracle Integrity
72

Compositional Risk
62

Governance
55

Maturity
58

Resilience
71

Supply Chain
78

Cross-Chain Messaging
65

Op Security
68

Cascade Exposure
100

Access Ctrl
78

Economic
75

Oracle
72

Compos.
62

Govern.
55

Maturity
58

Resilience
71

Supply Ch.
78

X-Chain
65

OpSec
68

Cascade
100

Min

Avg

Max

100

Audit History

Trail of Bits

2023-01

Spearbit

2023-06

Bug Bounty Program

$250,000

Max payout on Immunefi

View Program →

Assessment

Newer cross-chain messaging protocol with modular ISM design. D5 low (55) due to pre-token governance centralization. D6 low (58) for 24-month maturity. Innovative architecture but limited stress history.

Dimension Breakdown

How scores work →

Access Control

Weight 16%75% conf

Good

Modular ISM (Interchain Security Module) architecture
Configurable security per route (multisig, optimistic, etc.)
Permissionless deployment of mailboxes
Default ISM configurable by mailbox owner

Economic Soundness

Weight 12%70% conf

Good

Relayer/validator fee model (gas-based)
No direct DeFi economics to exploit
Interchain gas paymaster handles cross-chain fees
Limited economic stress testing

Oracle Integrity

Weight 12%68% conf

Good

Validators attest to cross-chain merkle roots
ISM modularity allows custom oracle configurations
No external price oracle dependency
Trust assumption varies by ISM configuration

Battle-Tested Maturity

Weight 11%62% conf

Moderate

Mainnet since mid-2023 (~24 months)
Relatively newer cross-chain protocol
Growing adoption but limited stress history
Z-factor: 0.8

Adversarial Resilience

Weight 10%95% conf

Good

Score derived from continuous adversarial security research

Compositional Risk

Weight 9%68% conf

Moderate

Cross-chain message passing = high compositional risk
Warp Routes for token bridging compose with DeFi
ISM modularity means varied security per deployment
Permissionless deployment increases composition surface

Governance & Upgradeability

Weight 9%60% conf

Moderate

Newer governance structure, still centralizing
Foundation-controlled upgrades on core contracts
No token-based governance yet (pre-token)
Upgradeable proxy pattern on mailbox contracts

Cross-Chain Messaging

Weight 9%68% conf

Moderate

Cross-chain messaging is core product
Modular ISM is innovative but adds configuration risk
Permissionless deployment means varied security levels
Growing chain support, each adds surface area

Operational Security

Weight 9%65% conf

Moderate

Active development team (ex-Celo)
Monitoring infrastructure maturing
Permissionless model shifts some ops burden to deployers
Limited incident response track record

Cascade Exposure

Weight 5%55% conf

100

Excellent

Appears in 1 cross-protocol cascade chain(s)
Member of 3 dependency cluster(s)
Score: 100/100 (higher = more isolated from systemic risk)
Source: cross_protocol_composition.json dependency analysis

Supply Chain

Weight 4%75% conf

Good

Modern Solidity (0.8.x)
OpenZeppelin dependencies
Rust components for off-chain validators
Well-structured monorepo

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Governance & Upgradeability55

Battle-Tested Maturity58

Compositional Risk62

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2022-08-01Z-Factor 0.74011 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "hyperlane"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("hyperlane")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →