Axelar
DAMASCUSBridge / Messaging · Multi-chain · $500M+ TVL · 10 contracts
Confidence 77%Z-Factor 0.78Updated 2026-05-13Cross-chain assessedPublic Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
760
BRI Score
3004756508251000
Security Profile
Access Control
72
72
Economic Soundness
68
68
Oracle Integrity
75
75
Compositional Risk
55
55
Governance
58
58
Maturity
78
78
Resilience
50
50
Supply Chain
75
75
Cross-Chain Messaging
60
60
Op Security
72
72
Cascade Exposure
99
99
Access Ctrl
72
72
Economic
68
68
Oracle
75
75
Compos.
55
55
Govern.
58
58
Maturity
78
78
Resilience
50
50
Supply Ch.
75
75
X-Chain
60
60
OpSec
72
72
Cascade
99
99
Min
50
Avg
69
Max
99
Audit History
NCC Group
2022-08
Ackee Blockchain
2022-06
Oak Security
2023-09
Bug Bounty Program
$2,250,000
Max payout on Immunefi
Assessment
Cross-chain messaging protocol with 52-month track record, no exploits. D4 and D10 low due to extreme cross-chain composition surface (60+ chains). Governance concerns (D5) and validator centralization risk limit score.
Dimension Breakdown
How scores work →Access Control
Weight 16%78% conf
72
Good
- Validator set controls message relay (threshold signature)
- Gateway contract with admin upgrade capability
- Governance multisig can pause/unpause
- Concerns: validator collusion threshold, upgrade key centralization
Economic Soundness
Weight 12%72% conf
68
Moderate
- AXL token staking secures network (moderate security budget)
- No direct lending/borrowing economics to exploit
- Bridge relay fees are minimal attack surface
- Risk: validator slashing economics untested at scale
Oracle Integrity
Weight 12%75% conf
75
Good
- Validators act as oracle for cross-chain state
- Multi-validator attestation reduces single-point failure
- No external price oracle dependency
- Risk: validator set IS the oracle, shared trust assumption
Battle-Tested Maturity
Weight 11%80% conf
78
Good
- Mainnet live since January 2022 (52 months)
- No protocol-level exploit (bridge hacks are common in sector)
- Processed billions in cross-chain volume
- Z-factor: 0.897
Adversarial Resilience
Weight 10%30% conf
50
Concerning
- Maximum resilience under independent adversarial testing
- Comprehensive security coverage across all attack surfaces
- Active bounty program incentivizes continuous scrutiny
- No validated adversarial findings — score set to neutral baseline
Compositional Risk
Weight 9%70% conf
55
Moderate
- Cross-chain message relay = extreme compositional surface
- GMP (General Message Passing) can compose arbitrary logic
- Connected to 60+ chains, each adds risk surface
- Squid Router integration adds DeFi composition layer
Governance & Upgradeability
Weight 9%72% conf
58
Moderate
- Cosmos SDK governance with AXL token voting
- Gateway upgradeable via governance proposals
- Validator governance concerns raised by community
- Limited timelock visibility on critical operations
Cross-Chain Messaging
Weight 9%72% conf
60
Moderate
- Core product IS cross-chain messaging
- 60+ chain connections = massive bridge surface
- Validator-based relay model (not trustless)
- Governance concerns about validator centralization
Operational Security
Weight 9%70% conf
72
Good
- Professional team (Interchain.io / Axelar Foundation)
- Validator monitoring infrastructure
- Incident response capabilities demonstrated
- Operational complexity of 60+ chain support
Cascade Exposure
Weight 5%55% conf
99
Excellent
- Appears in 1 cross-protocol cascade chain(s)
- Failure cascades to 1 downstream protocol(s)
- Member of 2 dependency cluster(s)
- Score: 99/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
Supply Chain
Weight 4%78% conf
75
Good
- Cosmos SDK base (well-maintained)
- Solidity gateway contracts on EVM chains
- Multiple chain deployments increase supply chain surface
- Dependency on relayer infrastructure
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Resilience50
Compositional Risk55
Governance & Upgradeability58
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2022-01-01Z-Factor 0.78011 active dimensions
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "axelar"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("axelar")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.