dRdefRes
Pendle logo

Pendle

TierΒ 1

pendle

Yield
ArbitrumAvalancheBaseBerachainBinanceEthereum

Pendle Finance is a protocol that enables the trading of tokenized future yield on an AMM system.

7.3Safety Score78% confidence

Latest TVL

$1.55B

DeFiLlama Β· updated 5/20/2026

Audits

19

reports collected

Findings

198

across all audits

Last Updated

7/7/2026

Analyzed

Analysis Overview

πŸ—οΈ

Protocol Overview

Pendle lets users trade future yield by splitting yield-bearing assets into principal and yield tokens, while Boros adds margin trading for fixed-versus-floating rate exposure. Main risks come from external yield assets, oracle and rate data, liquidity at maturity, multi-chain deployments, and Boros liquidation or ADL mechanics without an insurance fund.
πŸ”’

Code Security

8.1/10
Pendle has broad historical audit coverage across V2 core, liquidity mining, oracle libraries, and MarketV6, with many findings reported fixed, corrected, resolved, or verified. Residual code risk centers on reward accounting, oracle and index edge cases, out-of-scope derived SY implementations, missing deployment verification, and audit files whose publication provenance is unverified.
πŸ’°

Economic Security

7.1/10
Pendle had about $1.55B captured TVL and broad chain coverage, but aggregate scale does not prove deep liquidity in every market. Economic risk comes from third-party yield assets, bridge and chain failures, MEV, oracle edge cases, incentive-driven liquidity, and Boros tail risks including no insurance fund, ADL, and possible bad-debt sharing.
πŸ‘₯

Team & Transparency

7.0/10
Pendle shows strong protocol-level transparency through official docs, public repositories, open-source contract claims, audit links, and active social and developer-support channels. The main gaps are that collected sources do not identify individual team members, live community metrics, bug bounty details, treasury reporting, or complete financial transparency.
πŸ—³οΈ

Governance

5.8/10
Pendle has PENDLE and vePENDLE governance references, but available sources do not show quorum, proposal rules, timelocks, signer identities, or live multisig thresholds. Governance and admin powers can affect upgrades, fees, treasury routing, pausing, oracle windows, and market parameters, leaving users reliant on trusted execution.
πŸ”—

Cross-Analysis

Pendle's overall risk is that of a mature, high-TVL, heavily reviewed yield-derivatives protocol whose biggest residual risks come from complexity and dependencies. Key combined scenarios include underlying asset shocks, thin-market oracle or mark issues, multi-chain failures, reward accounting problems, and opaque emergency or admin response.

Executive Summary

Executive Summary: Pendle

Safety Rating: YELLOW_GREEN

Overall Score: 7.3/10 | Confidence: 0.78 | Data Completeness: 0.75 "Missing live admin addresses, multisig threshold, signer identities, timelock duration, quorum, voting thresholds, and execution-process data limit governance attack analysis."

Scores by Dimension

DimensionScoreKey Finding
Code Security8.1/10Pendle has broad audit coverage, but provenance and deployment-verification gaps remain. "Pendle has unusually broad audit coverage across main V2 contracts, liquidity mining, oracle libraries, V2 core, and MarketV6"
Economic Security7.1/10Pendle has large captured TVL, but external asset, chain, and Boros tail-risk exposures remain. "Pendle has high captured TVL, broad deployment, mature yield-tokenization primitives, TWAP-based oracle design, and documented Boros risk controls."
Team Transparency7.0/10Protocol-level transparency is strong, while named team and live community metrics are missing. "Pendle has strong protocol-level transparency through official docs, open-source contract claims, public repositories, audit links, and documented social/support channels."
Governance5.8/10Governance and admin powers are meaningful, but process controls are not sufficiently documented. "the current workspace does not evidence critical process controls such as multisig threshold, signer identities, timelocks, quorum, or proposal mechanics."
Track Record7.5/10Pendle shows mature documentation, scale, and audit history, but the workspace lacks full incident and live operating history. "The collected docs show a mature documentation and product surface rather than a newly launched anonymous project"

What This Protocol Does

Pendle is a yield trading protocol. It lets users separate a yield-bearing asset into principal and yield claims, then trade those claims in Pendle markets. "Pendle is a yield-derivatives protocol for managing and trading future yield." Boros extends Pendle into margin-based interest-rate and funding-rate markets. "Boros is a separate Pendle product for interest-rate swaps and funding-rate markets."

Key Strengths

  • Pendle has unusually broad audit coverage across V2 core, liquidity mining, oracles, and MarketV6. "Pendle has unusually broad audit coverage across main V2 contracts, liquidity mining, oracle libraries, V2 core, and MarketV6"
  • Later audit reports commonly show fixes, corrections, or verified resolutions. "later reports commonly record corrected or verified fixes"
  • Captured DeFiLlama data shows large protocol scale, with TVL around $1.55B. "TVL near $1.55B"
  • Contracts and repositories are presented as open source, supporting outside review. "All of Pendle's smart contracts are open source"
  • TWAP-based oracle and mark designs reduce exposure to instant price spikes. "TWAP-based oracle and mark designs reduce sensitivity to instantaneous manipulation."

Key Risks

  • Pendle depends on external yield-bearing assets and can inherit failures from those systems. "Pendle explicitly depends on many external yield primitives"
  • Boros has no insurance fund, and extreme losses can involve ADL or bad-debt sharing. "no insurance fund, ADL, and possible bad-debt sharing"
  • Governance and admin controls can affect upgrades, fees, treasury routing, pausing, and market parameters. "The admin surface is broad enough to affect upgrades, fees, treasury routing, pausing, and market parameters"
  • Multi-chain deployment adds bridge, sequencer, and chain-specific risks. "expands bridge, sequencer, and chain-specific failure surfaces"
  • Audit breadth is strong, but captured audit files have unverified publication provenance and live deployments were not fully verified. [07-cross-analysis.md:"audit breadth is strong, but the code report says all captured audit artifacts have "unverified publication provenance""]

Critical Findings

  • No critical findings identified in the reviewed source material. "No critical findings were identified in the source material reviewed."
  • Historical high-severity findings cited by the code report were reported as fixed or verified, not as open critical issues. "Status: resolved and verified"

Recommendation

Pendle is suitable for experienced DeFi users who understand yield assets, maturity-based markets, and cross-chain risk. The protocol has strong maturity signals, high captured TVL, broad audit coverage, and open-source transparency. "Pendle's composite risk profile is that of a mature, high-TVL, heavily reviewed yield-derivatives protocol" Users with low risk tolerance should be cautious, especially with Boros margin markets, less liquid markets, and markets tied to unfamiliar underlying assets. "its yield-tokenization, maturity, multi-chain, and Boros margin surfaces make it structurally more complex than simpler spot AMMs or lending markets."

Report Sections

  • Protocol Overview
  • Code Security
  • Economic Security
  • Social & Team
  • Governance
  • Cross-Risk Analysis

Vulnerability Findings

High15Medium25Low66Info92

Audit Reports (19)

AuditorTierStatusDiscoveredLink
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Spearbittier_1completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—
Unknownβ€”completed5/25/2026View β†—