defirisk.co
rubric v1.7.0

Deployer address prior on-chain history

A dev identity & insider risk factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor categorizes the deployer address's prior on-chain activity into one of three states: no prior history (fresh address), normal development history (prior legitimate protocol deployments, token interactions, no rug-linked transactions), or linked to a prior rug (address appears in a curator rug database or Chainalysis/OFAC label). Assessment is programmatic using on-chain transaction history analysis combined with curator rug-address lists. Category 7 context: a fresh deployer address with no prior history provides no baseline for assessing intent; a deployer with a documented rug history is an immediate red flag.

**Why it matters** The Eminence Finance case is the canonical example of deployer reputation being used as a false trust signal: $15M flooded into unannounced, unaudited contracts within hours simply because the deployer address was associated with Yearn Finance's known deployer. When deployer reputation is the primary trust signal, it creates exploitable asymmetry — users assume safety while the deployer faces no accountability. A fresh address with no history provides neither positive nor negative signal but eliminates the false-trust-signal risk. A rug-linked address is unambiguously disqualifying.

**Green / Yellow / Red** Green is scored when the deployer has a clean, multi-year on-chain history showing legitimate development activity — prior audited protocol deployments, no rug-database matches, no mixer interactions. Yellow applies when the deployer address is relatively new (less than six months) but shows normal development patterns with no rug links. Red is scored when the deployer address matches a curator rug database entry, is linked to a prior exit-scam protocol, or has a mixer-to-fresh-wallet funding chain (overlaps with RD-F-124).

**Common gray cases** Gray is assigned when the deployer is a multi-sig factory or CREATE2 factory deployment where no single originating EOA is identifiable as the responsible party.

**Notable historical examples** - **Eminence Finance** ($15M, 2020): Yearn deployer address used as false trust signal; $15M deposited into unaudited contracts within hours of silent deployment.

Measurement what to look for #

Classify the deployer address history as: none (fresh address) / normal-dev-history (prior protocol deploys, non-flagged activity) / linked-to-prior-rug (deployer used in prior known rug).

Data & output #

Data source
Etherscan tx history of deployer address + Chainalysis/TRM cluster labels + curator rug-deployer watchlist
Output format
Green / Yellow / Red
Evidence artifact
Deployer address + Etherscan tx count + prior contract deploys + cluster label
Confidence signal
green = deployer has normal dev history with ≥6 months of non-flagged activity; yellow = fresh address (no prior history, neutral); red = deployer address linked to prior rug or flagged by CTI feed; gray = deployer address not identified

Scored protocols 80 carry this factor #

Protocol RD-F-114
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin gray Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum green Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance green Compound V3 (Comet) ethereum green Concrete ethereum green Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum gray Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum yellow Ethena ethereum green ether.fi ethereum green Euler V2 ethereum yellow Falcon Finance ethereum green Fluid ethereum green Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum green Hyperliquid arbitrum green Jito solana green Jupiter solana yellow Jupiter Perpetual Exchange solana green JustLend DAO tron green Kamino Lend solana green Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana gray mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum yellow Ondo Finance ethereum green OpenEden ethereum yellow Orca solana green PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon green QuickSwap polygon green Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar yellow Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron green Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum green Synapse Protocol ethereum red Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron yellow Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum green
1 red · 7 yellow · 66 green

Linked hacks 1 historical incident #

causalEminence Finance (EMN) — Flash loan + bonding curve arbitrage (buy/burn/sell cycle)2020-09-28 · $15M · Flash loan + bonding curve arbitrage (buy/burn/sell cycle) · Deployer address prior on-chain history [via cross-hack: Factor 20: Deployer Reputation as False Trust Signal]
rubric_version v1.7.0 factor RD-F-114 category 7 carried 80 critical no