DeFiPunk'd

Pendle

Yield

TVL $1.4B
Type Yield
Chains Ethereum, Plasma, Arbitrum, Hyperliquid L1, Binance +6
View on DeFiLlama ↗
Control — orange Ability to exit — tentative orange (3/3 models submitted) Autonomy — tentative orange Open Access — green Verifiability — green Control Exit Autonomy Open Access Verifiable
Control criteria
Upgradeability Mixed Bug bounty immunefi.com Governance forum Docs docs.pendle.finance
About

Pendle V2 splits yield-bearing assets into PT/YT via SY wrappers and trades them on a time-decay AMM. The Router V3 and PendleMarketV3 contracts are immutable; SY adapters and several factories are upgradable via a TransparentUpgradeableProxy ProxyAdmin owned by a 3-of-5 Safe with no timelock. Boros is a separate, smaller IRS module on Arbitrum with its own permissioned admin/risk surface.

Risk analysis

One card per dimension, sorted by severity. Only Verifiability and Autonomy carry automated signals in Phase 0. See methodology for scope.

Audit a dimension yourself · DEFI@home Contribute an LLM-run assessment — any model, any dimension. Three agreeing runs merge automatically into the public record.

DEFI@home is a distributed audit network modeled on SETI@home: instead of CPU cycles, it crowdsources LLM reasoning. Paste a slice prompt into Claude, ChatGPT, Gemini, or any browsing-capable model, and submit the JSON output as a pull request. The quorum bot merges it once ≥3 independent runs (from different models) reach the same grade — no single model, and no single contributor, can move the needle alone. How it works →

  • Address discovery 26 addresses on file · 1 run Submit run ↗
  • Verifiability ✓ 4/4 models agree AI-only 3/4 with chat share link Submit run ↗
  • Control ✓ 3/3 models agree AI-only 3/3 with chat share link Submit run ↗
  • Ability to exit 3/3 submitted Submit run ↗
  • Autonomy ✓ 6/6 models agree AI-only weak orange — only 3/7 sources have a public chat share link Submit run ↗
  • Open Access ✓ 3/3 models agree AI-only 3/3 with chat share link Submit run ↗
  • Audit all 5 dimensions · one prompt Submit run ↗
  1. Verifiability green 4/4 models agree AI-only 3/4 with chat share link
    Verified bytecode on Etherscan; multiple top-firm audits (ChainSecurity, Spearbit, Dedaub, Ackee) covering both V2 Core and Boros; public source repos.
    Verdict

    Choosing green because the conditions for green (verified bytecode on the user-facing core, a public source repo, and ≥1 recognized-firm audit covering currently-deployed contracts) all hold and the orange steel-man reduces to uneven verification across peripheral contracts and a per-component diff that was not run this round — neither downgrades the verifiability posture for the deployed core.

    Steelman argument
    Steelman argument Deployed contracts on Etherscan are verified for the user-facing core (Router V3, MarketFactoryV3, governance multisigs), the public source repos are in active use, and multiple recognized firms (ChainSecurity, Spearbit, Dedaub, Ackee) have audited both V2 Core and Boros within the last ~12 months.
    Evidence (6)
    V1
    Pendle Router V3 (0x00000000005BBB0EF59571E58418F9a4357b68A0) has verified source on Etherscan (PendleRouterV3 contract returned in search of the Etherscan address page); DefiPunkD inventory lists 41 of 71 contracts as having verified source; PendleMarketFactoryV3 (0x1A6fCc85557BC4fB7B534ed835a03EF056552D52) shows verified source on its Etherscan page and on the DefiPunkD read API (ABI source 'etherscan').
    V2
    Public source repos exist and are linked from pendle.finance: pendle-finance/pendle-core-v2-public, pendle-finance/Pendle-SY-Public, pendle-finance/boros-core-public, pendle-finance/pendle-core; the verified Router V3 source visible on Etherscan corresponds to the PendleRouterV3 contract layout described in the public docs (immutable ACTION_* facets in the constructor).
    V3
    26 audit reports listed in DefiPunkD's protocol page including ChainSecurity 2024 (Pendle V2 Core, August 2024), ChainSecurity 2025 (Pendle Boros Markets, August 2025), Spearbit July 2024, Spearbit August 2025, Dedaub, Ackee, multiple WatchPug reports across marketV6/V7/sPendle/oracle scopes, and Sherlock contest July 2024.
    V4
    Recognized firms in the audit set: ChainSecurity, Spearbit, Dedaub, Ackee Blockchain — all explicitly named in the recognized list in the rubric — plus a Sherlock audit contest. Multiple independent reviews from these firms across V2 Core, Boros, market V6/V7, oracle, and sPendle scopes.
    V5
    Drift not sampled this run (no commit SHA / file diff inspected), but ChainSecurity audited V2 Core (Aug 2024) and Boros (Aug 2025), and Spearbit covers both V2 (Jul 2024) and a follow-up review (Aug 2025). The Aug 2025 reviews are within ~9 months of analysis_date, providing relatively recent coverage on the modules that have evolved.
    V6
    Router V3 is itself an immutable diamond-style facet aggregator (constructor sets ACTION_ADD_REMOVE_LIQ, ACTION_SWAP_PT, ACTION_SWAP_YT, ACTION_MISC, ACTION_CALLBACK as immutables) — not a transparent proxy — so V6 'verify proxy and implementation separately' does not apply to Router V3. Where TransparentUpgradeableProxy / UUPSProxy is used (e.g. Boros adminModule 0x353C6Ba99500f9F5a7937aF7BF26c8E40817518B on Arbitrum), the proxy contract itself returns 'ABI source: etherscan' on the DefiPunkD read API, meaning the proxy contract bytecode is verified; current implementation contracts were not separately diff-inspected this run.
    Sources claude-opus-4-7 url ↗ GPT-5.5 Thinking url ↗ claude-sonnet-4-6 (autorun) no url grok-4 url ↗ View raw submissions ↗
  2. Control orange 3/3 models agree AI-only 3/3 with chat share link
    3-of-5 governance Safe owns the V2 ProxyAdmin and MarketFactoryV3 with no timelock; T1/T2 reachable on the fast path but the multisig fails Security Council criteria.
    Verdict

    Choosing orange because the green steel-man only holds for the immutable parts of the address surface — the upgradable surface (V2 ProxyAdmin reaching SY/factory implementations, MarketFactoryV3.setTreasuryAndFeeReserve at maxReserveFeePercent=100) puts T1 and T2 on the uncontested fast path of a 3-of-5 multisig with zero timelock, which exceeds both the orange-vs-green threshold (T2 reachable with delay <7 days) and the T1-with-Security-Council-7-day path that would otherwise allow green; the multisig is, however, larger than the red 2-of-3 / single-EOA threshold, so red does not fit either.

    Steelman argument
    Steelman argument The 3-of-5 multisig is more decentralized than the red threshold (2-of-3 / single EOA) but does not meet Security Council criteria, sits on a T1 path with no timelock, and cannot earn green even with diversified signers because the 7-day uncontested-delay bar fails.
    Evidence (10)
    C1
    PendleMarketFactoryV3 (0x1A6fCc85557BC4fB7B534ed835a03EF056552D52) owner() returns 0x8119EC16F0573B7dAc7C0CB94EB504FB32456ee1 at block 25022853; pendingOwner() is the zero address. The V2 ProxyAdmin (0xA28c08f165116587D4F3E708743B4dEe155c5E64) owner() returns the same 0x8119EC16F0573B7dAc7C0CB94EB504FB32456ee1 at block 25022852. Both reads via the DefiPunkD read API content-addressed to specific blocks.
    C1
    0x8119EC16F0573B7dAc7C0CB94EB504FB32456ee1 is a GnosisSafe v1.3.0; getThreshold()=3, getOwners() returns 5 EOAs (0x231FC5b039d66BA234CB90357082Bf16Be79B17c, 0x7BD456937104Ca5eFfFBD895ccbba52421021C29, 0x9Ce6De7ec862e25a515AA0D8EcFbBBb2DaA8E0fb, 0x38ab4A7Dea2753757F29fe6d10280Df2C42abe27, 0xF517364727Fcc764D58DdF4e53280874A4d0c476) — i.e. a 3-of-5 Safe controls upgrades and key parameters.
    C1
    0xE6F0489ED91dc27f40f9dbe8f81fccbFC16b9cb1 (devMultisig) is a GnosisSafe v1.4.1; getThreshold()=2, getOwners() returns 5 EOAs (0x806c8c2D35f32849Cd71A075E2Af2826bdc5987B, 0xE397e61707be78f46BFB7884155C79C0e6af5C13, 0xF517364727Fcc764D58DdF4e53280874A4d0c476, 0xe81B325766d7A271486Ae2d7D60d7B57386Ba9e7, 0x231FC5b039d66BA234CB90357082Bf16Be79B17c) — i.e. a 2-of-5 ops/dev Safe sharing 2 signers with the governance Safe; scope of devMultisig powers not enumerated this run.
    C2
    Upgradeability is mixed: Router V3 (0x00000000005BBB0EF59571E58418F9a4357b68A0) is a constructor-immutable facet dispatcher (ACTION_* fields are immutable per the verified Etherscan source); PendleMarketV3 markets and PT/YT tokens are non-proxy CREATE deployments by their factories; SY adapter contracts and certain factories are TransparentUpgradeableProxy or UUPSProxy and reach upgrade via the V2 ProxyAdmin or per-chain factory admins. DefiPunkD inventory lists 9 proxies in scope.
    C3
    No timelock contract was identified between the 3-of-5 governance multisig and the V2 ProxyAdmin. The V2 ProxyAdmin's write surface (upgrade(address,address), upgradeAndCall(address,address,bytes), changeProxyAdmin(address,address)) has no MIN_DELAY / getMinDelay / queue-execute pattern in its ABI; the only constants on the ABI are owner / OwnershipTransferred. Uncontested fast path = single 3-of-5 Safe execution; effective delay is 0 seconds.
    C4
    Reachable multisigs identified: (a) 0x8119EC16F0573B7dAc7C0CB94EB504FB32456ee1 — 3-of-5 governance Safe controlling V2 ProxyAdmin and MarketFactoryV3 ownership; (b) 0xE6F0489ED91dc27f40f9dbe8f81fccbFC16b9cb1 — 2-of-5 devMultisig (scope unenumerated this run); (c) for many factories on Arbitrum/Mantle/Sonic the proxy/factory owner is 0x2ad631F72FB16D91c4953a7F4260A97c2Fe2f31E, which DefiPunkD's protocol page flags as a Safe (8 of 20 owners are Safes) but I did not independently verify its threshold and signer set this run; (d) Boros accessController on Arbitrum at 0x2080808080262c1706598c9DBDD3a0cD3601e5ea has no verified ABI on Etherscan/Sourcify, so its membership / threshold / role grants cannot be read deterministically. Signer identities are addresses only — no off-chain pseudonym-to-identity mapping was attempted, so the Security Council criterion of publicly announced signers cannot be affirmed.
    C5
    PENDLE token (0x808507121b80c02388fad14726482e061b8da827) and vePENDLE voting escrow (0x4f30A9D41B80ecC5B94306AB4364951AE3170210) exist and are referenced by MarketFactoryV3, but no on-chain Governor / Bravo / Aragon Voting / Timelock contract was identified on the upgrade path this run. vePENDLE is documented as governing reward distribution and gauge voting via GaugeController (0x47D74516B33eD5D70ddE7119A40839f6Fcc24e57), not as a proposal-and-queue governance pipeline that gates ProxyAdmin upgrades.
    C6
    Per-SY pause: ChainSecurity August 2024 V2 Core report states 'the owner can pause() and unpause() an SY from being active.' This is a per-SY emergency control not the same as the upgrade authority; role-holder addresses for individual SYs were not enumerated this run. This pause power is in addition to, not a substitute for, the protocol-wide upgrade authority on the V2 ProxyAdmin.
    C7
    Power tier on the uncontested fast path: T2 is clearly reachable — MarketFactoryV3.setTreasuryAndFeeReserve(newTreasury, newReserveFeePercent) is callable by the 3-of-5 owner with on-chain bound maxReserveFeePercent=100 (i.e., bounded but at the maximum the owner can redirect 100% of reserved swap fees to a chosen treasury). T1 is reachable on the upgradable surface — for any TUP whose ProxyAdmin is the 3-of-5-controlled 0xA28c08f165116587D4F3E708743B4dEe155c5E64, ProxyAdmin.upgrade(proxy, newImplementation) lets the multisig replace the implementation with arbitrary bytecode, including for SY adapter contracts that custody underlying yield-bearing tokens. Highest tier on the fast path = T1, with no timelock and no exit window.
    C7
    Security Council standard not met: 3-of-5 has fewer than 7 signers and has not been demonstrated to be ≥50% non-insider with publicly announced identities. Per the rubric this is a multisig 'failing one or more Security Council criteria' on a T1 path, which the rubric maps to orange rather than red (3-of-5 is also strictly above the 2-of-3 EOA-equivalent red threshold).
    Sources claude-opus-4-7 url ↗ GPT-5.5 Thinking url ↗ grok-4 url ↗ View raw submissions ↗
  3. Ability to exit 3/3 models submitted
    Exit-like functions and direct access paths are visible, but pause guards, role holders, queue caps, and claim-finalized semantics were not reconstructed.
    Tentative grades
    • GPT-5.5 Thinking unknown
    • claude-opus-4-7 orange
    • grok-4 green

    No quorum yet — verdict and steelman hidden until ≥3 models agree.

    Evidence (16)
    E1
    Observed exit-like functions include Router V3 redeemPyToSy, redeemPyToToken, redeemSyToToken, redeemDueInterestAndRewards, Boros SDK withdraw and exitMarkets, and Boros MarketHub transactions labelled Finalize Vault Withdrawal and ExitMarket.
    E7
    Direct/non-frontend access exists at least in part: Pendle Terms explicitly describe Direct Access to smart contracts, the V2 repo publishes interface artifacts, and the Boros SDK shows wallet/RPC-based deposit, withdraw, order, cancel, and exitMarkets flows.
    E1
    V2 user-facing exit functions are: PendleMarket.swapExactPtForSy / swapSyForExactPt (AMM exit), PendleMarket.burn (LP withdraw), PendleYieldToken.redeemPY / redeemPYToToken (PT+YT redemption pre/post-expiry), PendlePrincipalToken redemption at maturity, and SY.redeem (SY-to-underlying). These are described in Pendle's developer docs (PendleMarket page) and confirmed by the public V2 Core repo structure and the ChainSecurity Aug 2024 audit. For Boros: position closing happens through the Boros Router (Arbitrum), with permissioned operator-driven liquidation/force-cancel paths described in the Boros docs and ChainSecurity Aug 2025 audit.
    E2
    PendleMarketV3, PendlePrincipalToken, and PendleYieldToken are non-proxy, non-pausable CREATE deployments per the ChainSecurity V2 Core audit and the verified MarketFactoryV3 source — so AMM swaps, LP burn, and PT post-expiry redemption are not gated by a protocol-wide pause modifier on the Pendle side. SY base contracts implement pause/unpause; functions inheriting whenNotPaused (deposit / redeem in SYBase variants) revert when paused. PT post-expiry redemption goes through the YieldToken/SY pair and may therefore depend on the relevant SY not being paused.
    E3
    Per ChainSecurity Aug 2024 V2 Core audit: 'Last, the owner can pause() and unpause() an SY from being active.' Each SY has an owner that holds the pause authority; ownership is set at SY deployment and is typically the Pendle dev/governance multisig but specific role-holder addresses for each deployed SY were not enumerated this run. There is no published time cap on SY pause — it is a binary pause/unpause held by the SY owner.
    E4
    No emergency-vs-governance pause split was identified for V2; the SY pause is the only V2 pause primitive identified. For Boros, ChainSecurity Aug 2025 documents that contracts are upgradeable and pausable; the Boros admin holds risk operations including order cancellation, order purging, and liquidations. The Boros docs (Margin page) confirm that 'Liquidation is a permissioned action carried out by Pendle to maintain protocol solvency.' No public time cap on Boros pause was identified this run.
    E5
    There is no queued-redemption / withdrawal-queue mechanism in V2 — PT redemption at maturity is direct, AMM exits are atomic, and SY redeem is direct. Boros position closing is order-book-mediated and may require liquidity to exit at fair price; force-deleverage is a documented last-resort mechanism executed by the Boros admin/bots when health ratio drops below a threshold.
    E6
    No permissionless emergency-exit / escape-hatch was identified for V2 SY-paused scenarios: if an SY is paused, holders of its corresponding PT can still redeem 1:1 to the underlying SY at maturity (the AMM and PT contract are not pausable by the SY owner), but the actual SY-to-yield-token unwrap depends on the SY not being paused. For Boros, a permissionless 'close-only' or unilateral exit by users without admin participation was not identified.
    E7
    All identified exit functions on V2 are directly callable from any wallet (via Etherscan write tab or any RPC) — they are not gated by the official frontend. This is consistent with the docs' emphasis that Pendle's smart contract architecture is permissionless and routable through SDKs and aggregators. Boros entry/exit is on-chain via its Router on Arbitrum, but the realized exit (especially under stress) depends on the permissioned operator set.
    E1
    User exit functions include: redeemPyToToken / redeemPyToSy (PT/YT maturity redemption), swap (AMM sell PT/YT), removeLiquidity (LP withdrawal), claimRewards. All on Router V3 facets and market contracts.
    E2
    Redeem/claim functions have no onlyRole or whenNotPaused modifiers in surfaced Router V3 ABI; swap/removeLiquidity are unconditional after market creation. Request placement (e.g. liquidity provision) vs claim (maturity redemption) separated; claims not gated.
    E3
    No paused() or pause() in Router V3 diamond ABI or proxyAdmin; no PAUSE_ROLE surfaced. Governance multisig (via proxyAdmin ownership) could theoretically upgrade to add pause but current deployed code has none.
    E4
    No emergency vs governance pause distinction; no pause at all on core exit paths.
    E5
    No queued redemption or daily caps; PT redeems 1:1 permissionlessly at expiry (market expiry logic in YieldContractFactory).
    E6
    No forced-exit hatch needed; AMM always provides exit path pre-maturity; maturity redemption is permissionless and non-pausable in current code.
    E7
    All exit functions directly callable via Etherscan write tab or any wallet (no frontend required); Router V3 is public diamond.
    Why is this slice uncertain?
    • only 3 of 3 model submissions on record — quorum requires ≥3 agreeing models
    • submitted models do not yet agree on a single grade

    A fresh independent run can establish (or overturn) a verdict.

    Run your own prompt Submit run ↗
    Sources GPT-5.5 Thinking url ↗ claude-opus-4-7 no url grok-4 url ↗ View raw submissions ↗
  4. Autonomy tentative 6/6 models agree AI-only 3/6 with chat share link
    Worst unmitigated dependency is Boros's funding-rate oracle surface, impacting roughly 0.7% of Pendle+Boros TVS; V2 dependency risk is mainly opt-in per-market collateral/yield exposure.
    Verdict

    Choosing orange because Module V2 holds about $1.602b, approximately 99.3% of Pendle+Boros TVS (grade: orange due per-market external yield-asset dependencies), while Module Boros holds about $10.98m, approximately 0.7% (grade: red/unknown due off-chain oracle and margin/liquidation coupling without verified fallback); weighted overall is orange because the worst dependency is real but currently small relative to total TVS.

    Steelman argument
    Steelman argument The potentially red Boros dependency affects only about $10.98m versus $1.602b in Pendle V2 TVL, while V2 dependencies are mostly isolated, opt-in market-underlying risks.
    Evidence (8)
    A1
    V2 integrates yield-bearing primitives through SY markets; the fetched docs name LSTs, LRTs, stablecoins, RWAs, and other primitives, making failures primarily per-market and opt-in. Boros explicitly requires an oracle for the underlying yield-rate, including off-chain centralized-exchange funding rates; derived impact: a bad oracle can change expected PnL/performance and, because Boros uses collateral and maintenance margin, can affect liquidation outcomes.
    A2
    No V2 off-chain reporter committee was identified. Boros oracle reporter/committee size, quorum, and member-selection process were not determined from the fetched docs or contracts.
    A3
    Pendle has material multi-chain deployment: DefiLlama shows $1.602b total TVL with Ethereum $916.62m, Plasma $257.91m, Sonic $249.69m, Arbitrum $135.04m and smaller chains. Official app text mentions Cross-chain PT bridging; bridge operator/trust model was not reconstructed.
    A4
    V2 nested collateral is per-market: users choose yield-bearing assets such as LSTs, LRTs, stablecoins, or RWAs and receive PT/YT exposure. This is recorded as isolated opt-in underlying risk, not a cross-cutting autonomy red finding.
    A6
    No live on-chain fallback, sanity check, second-opinion oracle, or circuit breaker was verified for Boros's underlying-yield oracle path; no complete fallback inventory was built for V2 SY adapters.
    A7
    No evidence was found that Pendle itself operates an L2/L3/appchain sequencer or DA layer; deployments on Ethereum, Arbitrum, Base, Plasma, Sonic, HyperEVM and other chains are treated as chain substrate rather than protocol-operated sequencer dependencies.
    A8
    Boros SDK shows user/agent signing flows, order placement/cancellation, deposit/withdraw, and market exit methods. Arbiscan shows settlement and finalize-withdrawal transactions, but whether those settlement/finalization flows require a permissioned off-chain bot versus any caller was not determined.
    A9
    Boros AdminModule exposes newAMM with create parameters including router, market, oracleImpliedRateWindow, totalSupplyCap, seeder, and permissionController; derived impact: new Boros markets can introduce new dependency surfaces, but whether existing user positions can have dependencies silently swapped without an exit window was not determined.
    Why is this consensus tentative?
    • only 3/7 sources have a public chat share link

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources GPT-5.5 Thinking url ↗ claude-opus-4-7 url ↗ grok-4 url ↗ gemini-3.1-pro no url claude-sonnet-4-6 no url grok-3 no url View raw submissions ↗
  5. Open Access green 3/3 models agree AI-only 3/3 with chat share link
    Contracts and SDK paths are practically reachable without the official UI; official Terms impose eligibility/sanctions restrictions, but the fetched contract/source evidence does not show contract-level KYC or whitelist gating.
    Verdict

    Choosing green because the operative grade inputs are contract admission and independent reachability: official docs/Terms/SDK evidence show direct non-UI access, and no contract-level whitelist/KYC/operator admission gate was found in the representative fetched surfaces; ToS/sanctions restrictions are reported as context.

    Steelman argument
    Steelman argument Direct Access, public source/interfaces, public SDKs, and integration paths provide practical non-official access, and no contract-level admission whitelist was observed in the fetched core surfaces.
    Evidence (7)
    A1
    Official V2 docs say Pendle's smart-contract architecture is permissionless and that any user or protocol can create a new yield-trading market on-chain, while official UI visibility is curated. The fetched Router/Factory surfaces show public user-action methods but no observed allowlist/KYC modifier in the surfaced ABI; exhaustive source grep was not completed.
    A2
    No single off-chain operator approval requirement was found for V2 admission. Boros SDK order flow requires the user to create/approve an agent and sign transactions with a wallet/RPC path, which is user-controlled transaction signing rather than publisher admission.
    A3
    Official Terms contain active eligibility/sanctions language: users agree not to use the protocol if they are Excluded Persons, may not use VPN/proxy to circumvent geo-blocks, and excluded persons include certain sanctioned-list and wallet-screening matches. This is frontend/legal context and not used as the grade lever.
    A3b
    Independent/direct paths exist: the Terms explicitly describe Direct Access without the website, the V2 repo publishes npm interface artifacts, the Boros SDK is public and installable as @pendle/sdk-boros, and the app page lists 35+ integrations including Aave, Morpho, and Yearn.
    A4
    No contract-level OFAC/KYC/blocklist check was observed in the fetched Router V3, MarketFactoryV3, or Boros AdminModule ABI surfaces; a complete source grep across all modules was not performed.
    A5
    Read access is public through block explorers/DeFiPunkd surfaces, and write access to representative V2/Boros user-action surfaces is exposed through public router/factory contracts and SDK flows rather than an official-frontend-only path.
    A6
    Verbatim Terms excerpts fetched: 'User is not an Excluded Person ... and User is not accessing and/or using Pendle Protocol from an Excluded Jurisdiction'; 'You shall not use a virtual private network, proxy or any other method to circumvent geo-blocks or eligibility criteria'; and excluded persons include cases where 'your wallet address is listed on the Specially Designated Nationals and Blocked Persons List' or other adverse/wallet-screening lists.
    Sources GPT-5.5 Thinking url ↗ claude-opus-4-7 url ↗ grok-4 url ↗ View raw submissions ↗

Stage

Preview of the Phase-3 maturity framework. DeFiPunk'd will adopt DeFiScan v2's stages verbatim; the section is rendered below in its intended shape so the structure is visible today.

Pendle has not yet been assessed under the DeFiScan v2 stage framework.
The walkaway test is the central criterion. Once stages land, protocols reach Stage 1 only if users can exit in the presence of malicious operators even when the emergency council disappears.
Scope of assessment
Stages are assessed per-protocol against DeFiScan v2's criteria: governance structure, upgradeability path, timelock durations, emergency-council scope, and the walkaway test. The analysis depends on onchain discovery (roles, owners, timelocks) and deeper review of deployed contracts — neither of which DeFiPunk'd automates at Phase 0.
Stage 0 requirements pending
Governance is largely off-chain, contracts are upgradeable with short or no timelock, and the protocol depends on a multisig or team with full discretion. At Phase 0 DeFiPunk'd does not automatically evaluate these; the assessment lands with crawler-based onchain discovery.
Stage 1 requirements pending
Users can exit or opt out on their own terms even if the team disappears. Upgrades run through a meaningful timelock with an emergency security council clearly scoped. The walkaway test is the headline criterion.
Stage 2 requirements pending
Protocol is fully permissionless and immutable, or upgrades require a supermajority of token holders with a long timelock and no emergency override. This is the terminal stage of the DeFiScan v2 framework.
Learn more about DeFiScan v2 stages →
Stages are an opinionated assessment of maturity, not a rating of security or safety. A protocol can sit at Stage 2 and still carry substantial technical or economic risk; the framework exists to incentivize decentralization, not to rank protocols.

Contract surface

Every contract in scope for this protocol — pooled from DeFiLlama's TVL adapter (mechanical) and DEFI@home discovery submissions (LLM-curated). Verified-source flags come from Etherscan + Sourcify; owner / multisig metadata is read on-chain when available. Reviewer audit context, not a slice score. A lending protocol's adapter set will list third-party collateral tokens alongside its own contracts; attribution is the grader's job.

  • 71addresses
  • 41verified source
  • 9proxies
  • 8of 20 owners are Safes

TVL adapter pinned at 683d369. Sourcecode fetched 2026-05-06. Control fetched 2026-05-14.

arbitrumPendleMarketFactoryV30x2fcb…9cedTVL0x7877…75ac3/5 Safe
arbitrumTransparentUpgradeableProxy0x49f2…3143TVLproxy0x2ad6…f31efactory
arbitrumPendleMarketFactoryV30xd29e…283bTVL0x2ad6…f31efactory
arbitrumPendleMarketFactoryV30xd9f5…f3e8TVL0x7877…75ac3/5 Safe
arbitrumPendleMarketFactory0xf5a7…ddc8TVL0x7877…75ac3/5 Safe
ArbitrumBoros accessController0x2080…e5eadiscovery
ArbitrumBoros adminModule (UUPSProxy)0x353c…518bdiscovery
avaxMasterChefJoeV20xd6a4…3052TVL
basePendleMarketFactoryV30x5996…5d13TVLfactory
baseTransparentUpgradeableProxy0x81e8…4590TVLproxyfactory
berachainPendlePrincipalToken0x2719…376fTVL
berachainPendlePrincipalToken0xdc9b…5de4TVL
berachainTransparentUpgradeableProxy0x6131…b01aTVLproxy0x8300…4cd0factory
berachainPendleMarketFactoryV30x8a09…530bTVL0x8300…4cd0factory
bscPendlePrincipalTokenV20x04eb…1c0cTVL
bscPendlePrincipalToken0x541b…9606TVL
bscPendlePrincipalToken0x5d17…d38dTVL
bscPendlePrincipalTokenV20x5ec2…27ebTVL
bscPendlePrincipalTokenV20x70c1…cd5dTVL
bscPendleMarketFactory0x2bea…c70eTVLfactory
bscPendleMarketFactoryV30x7c7f…e0f9TVLfactory
bscPendleMarketFactoryV30x7d20…5d37TVLfactory
bscTransparentUpgradeableProxy0x80ce…ddfbTVLfactory
bscPendleMarketFactoryV30xc40f…b07cTVLfactory
ethereumUUPSProxy0x35fa…8ac2TVLproxy0x9f26…0761
ethereumPendleMarketFactoryV30x1a6f…2d52TVL + disc0x8119…6ee13/5 Safe
ethereumPendleMarketFactory0x27b1…0784TVL0x8119…6ee13/5 Safe
ethereumPendleMarketFactoryV30x3d75…7a2fTVL0x8119…6ee13/5 Safe
ethereumTransparentUpgradeableProxy0x6d24…9a9fTVLproxy0x2ad6…f31efactory
ethereumPendleMarketFactoryV30x6fcf…d050TVL0x2ad6…f31efactory
ethereumMasterChef0xc2ed…88cdTVL0x9a85…7bd1
ethereumAppProxyUpgradeable0xae7a…fe84TVLproxy
ethereumtvl0xd6a4…3052TVL
EthereumdevMultisig owner0x806c…987bdiscovery
EthereumdevMultisig owner0xe397…5c13discovery
EthereumdevMultisig owner0xe81b…a9e7discovery
EthereumGaugeController0x47d7…4e57discovery
Ethereumgovernance multisig owner0x231f…b17cdiscoverymultisig
Ethereumgovernance multisig owner0x38ab…be27discoverymultisig
Ethereumgovernance multisig owner0x7bd4…1c29discoverymultisig
Ethereumgovernance multisig owner0x9ce6…e0fbdiscoverymultisig
Ethereumgovernance multisig owner0xf517…c476discoverymultisig
EthereummarketCreationCodeContractA0x6527…ee57discovery
EthereummarketCreationCodeContractB0xed3b…45b9discovery
EthereumRouter V3 (diamond proxy)0x0000…68a0discoveryrouter
EthereumRouter V3 facet0x32ac…e35ddiscoveryrouter
EthereumRouter V3 facet0x7f51…4e39discoveryrouter
EthereumRouter V3 facet0x8086…3384discoveryrouter
EthereumRouter V3 facet0x851f…d06ediscoveryrouter
EthereumRouter V3 facet0xff20…eedediscoveryrouter
Ethereumtreasury (MarketFactoryV3)0x8270…b592discoverytreasury
EthereumV2 devMultisig0xe6f0…9cb1discoverymultisig
EthereumV2 governance multisig0x8119…6ee1discoverymultisig
EthereumV2 proxyAdmin0xa28c…5e64discoverymultisig
EthereumvePendle (voting escrow)0x4f30…0210discovery
EthereumYieldContractFactory0xdf36…9122discovery
hyperliquidfactory0x44a2…b128TVLfactory
hyperliquidfactory0xb5cd…7bebTVLfactory
mantleTransparentUpgradeableProxy0xa35a…6c79TVLproxy0x2ad6…f31efactory
mantlePendleMarketFactoryV30xca27…29fcTVL0x9f72…b9ab3/5 Safe
mantlePendleMarketFactoryV30xcb02…4126TVL0x2ad6…f31efactory
mantlePendleMarketFactoryV30xd228…5ba6TVL0x9f72…b9ab3/5 Safe
optimismPendleMarketFactoryV30x02ad…3a84TVLfactory
optimismPendleMarketFactoryV20x17f1…3d58TVLfactory
optimismPendleMarketFactoryV30x4a2b…4abcTVLfactory
optimismPendleMarketFactoryV30x73be…7015TVLfactory
optimismTransparentUpgradeableProxy0x95a9…a333TVLproxyfactory
plasmafactory0x28de…e8e4TVLfactory
plasmafactory0x84a2…d531TVLfactory
sonicTransparentUpgradeableProxy0x0ab3…a6d6TVLproxy0x2ad6…f31efactory
sonicPendleMarketFactoryV30xfee3…a0fbTVL0x2ad6…f31efactory

Protocol Info

Links

[defillama] Source: DeFiLlama [:] Source: DEFI@home quorum
Website
https://pendle.finance
Twitter
@pendle_fi
GitHub
4 repositories
Docs
https://docs.pendle.finance/
DefiScan
DefiScan · Stage 0

Security

[curated] Source: curated human overlay [:] Source: DEFI@home quorum
Audits
26 audits
Bug bounty
https://immunefi.com/bug-bounty/pendle/information/
Security contact
https://github.com/pendle-finance/pendle-core-v2-public/tree/main/audits

Technical

[:] Source: DEFI@home quorum
Voting token
PENDLE Ethereum: 0x808507121b80c02388fad14726482e061b8da827
Deployed contracts
https://docs.pendle.finance/pendle-v2/Developers/Deployments
Upgradeability
Mixed (some immutable, some upgradeable)

Provenance

[defillama] Source: DeFiLlama
Review status
listed
Updated
2026-06-01 11:27 UTC