defirisk.co
rubric v1.7.0

Known-exploit-template selector deployed by any address

A threat intelligence & recon factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This episodic signal fires when any address deploys a contract containing a function-selector pattern matching a known-exploit template for a protocol of this class — regardless of who deployed it or their threat-actor status. The signal is generated by sweeping all new contract deployments on the monitored chain and comparing their function-selector sets against a library of known-exploit-template patterns derived from post-mortem calldata analysis. Category 11 context: this extends the attacker-specific monitoring of RD-F-094 to the ecosystem level — any deployment of an exploit template in the wild is a threat intelligence signal even if the deployer is unidentified.

**Why it matters** Copy-cat exploits within protocol families are well-documented. AutoShark was exploited eight hours after PancakeBunny using the same attack contract pattern; Merlin Labs was exploited one week later with an identical template. The Compound V2 empty-market exploit was used against Hundred Finance, Sonne Finance, Onyx Protocol, and Radiant Capital I — each time using the same exploit-contract structure. A deployed exploit template for a protocol class in the wild indicates that someone is preparing an attack, even if the protocol they intend to target is not yet identified. Protocols in the same class as a recently deployed exploit template face elevated risk.

**Green / Yellow / Red** Green is the baseline when no new contracts matching exploit templates for this protocol's class have been deployed on the monitored chain in the trailing seven days. Yellow fires when an exploit-template-like contract is deployed but by an address with normal on-chain history and no threat-actor labels — could be a security researcher or CTF solution. Red fires when an exploit-template contract is deployed by an address with threat-actor-cluster characteristics (mixer-funded, fresh address, or labeled attacker), particularly within days of the monitored protocol's architecture being publicly discussed.

**Common gray cases** Gray applies when the exploit-template library lacks coverage for this protocol's specific architecture, or when the protocol operates on a low-activity chain where deployment sweep coverage is incomplete.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.

Data & output #

Data source
On-chain new-deploy sweep + selector-set comparison against exploit-template index
Output format
Green / Yellow / Red
Evidence artifact
New contract address + matched selector set + exploit template reference
Confidence signal
green = no matching template deployment detected; red = matching template deployed; gray = selector-pattern index not maintained for this protocol class

Scored protocols 80 carry this factor #

Protocol RD-F-162
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base gray Axelar Network ethereum green Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum green BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance gray Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum gray crvUSD (Curve Stablecoin) ethereum gray Curve Finance ethereum not_assessed deBridge ethereum gray Dolomite ethereum gray dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum not_assessed Falcon Finance ethereum gray Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum yellow Hyperliquid arbitrum gray Jito solana not_assessed Jupiter solana not_assessed Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron gray Kamino Lend solana green Kinetiq hyperliquid gray Lido ethereum green Liquid Collective (LsETH) ethereum gray Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc gray Lombard Finance ethereum gray M^0 ethereum green Maple Finance ethereum gray Marinade Finance solana gray Meteora solana green mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum gray Ondo Finance ethereum gray OpenEden ethereum green Orca solana gray PancakeSwap bsc gray Pendle Finance ethereum green Polymarket polygon not_assessed QuickSwap polygon not_assessed Raydium solana not_assessed Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron gray Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum green Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum gray Venus Protocol bsc yellow Wormhole ethereum green Yearn Finance ethereum gray
0 red · 3 yellow · 32 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-162 category 11 carried 80 critical no