defirisk.co
rubric v1.7.0

Team self-disclosure of AI-generated Solidity

A tooling / compiler / ai factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor is a Boolean flag set to true if the protocol's team has publicly disclosed (via blog post, tweet, documentation, or conference presentation) that AI-generated Solidity or Vyper was used in security-critical code paths. Sources include curator review of public communications, documentation repositories, and recorded conference talks. The cadence is event-driven and is updated whenever a new public disclosure is identified.

**Why it matters** Team self-disclosure of AI-generated code in security-critical paths is a stronger signal than the co-authorship marker detection in RD-F-172, because it represents the team's own acknowledgment that AI tools were used beyond peripheral automation. Self-disclosure enables auditors and depositors to direct additional scrutiny to the AI-assisted sections and ask whether those sections received the same depth of independent review as hand-written code. In the dataset, protocols that disclosed AI assistance in post-mortems were also those where the AI-generated code's deviation from audited patterns was identified as a contributing factor to the exploit.

**Green / Yellow / Red** Green: no public disclosure of AI-generated code in security-critical paths; or team has disclosed AI-assisted documentation and test generation only, with explicit statement that production financial logic was not AI-generated. Yellow: team has disclosed AI-assisted code generation in non-critical paths (e.g., boilerplate, interface implementations) without clarity on whether critical paths were included. Red: team has publicly disclosed that AI-generated Solidity was used in security-critical code paths (core financial logic, access control, or fund-holding contracts).

**Common gray cases** Informal mentions of AI tool use (e.g., using Copilot for autocomplete while writing code) may be ambiguous about the extent of AI influence on the final production code; curator must assess whether the disclosure specifically references security-critical contract code.

**Notable historical examples** - **Moonwell** ($1.78M, 2026): Post-mortem and team communications referenced AI-generated code in the security-critical component that was exploited.

Measurement what to look for #

Determine whether the team has publicly disclosed (blog, tweet, docs) that AI-generated Solidity was used in security-critical paths.

Data & output #

Data source
Curator search of protocol blog + Twitter/X + docs for AI-disclosure statements
Output format
Green / Yellow / Red
Evidence artifact
Disclosure URL + curator note
Confidence signal
green = no AI-generated Solidity disclosure; yellow = AI used for non-security-critical tooling/tests only; red = AI-generated Solidity disclosed in production security-critical contracts; gray = no public statements found

Scored protocols 80 carry this factor #

Protocol RD-F-173
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin gray Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum gray Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance gray Compound V3 (Comet) ethereum green Concrete ethereum green Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum green Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum green Hyperliquid arbitrum green Jito solana green Jupiter solana green Jupiter Perpetual Exchange solana green JustLend DAO tron green Kamino Lend solana green Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana not_applicable mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum green Orca solana not_applicable PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon green QuickSwap polygon green Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum green stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron green Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum green Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum green Yearn Finance ethereum green
0 red · 0 yellow · 73 green

Linked hacks 1 historical incident #

relatedMoonwell — Oracle Misconfiguration (Missing ETH/USD Multiplier)2026-02-15 · $2M · Oracle Misconfiguration (Missing ETH/USD Multiplier) · Team self-disclosure of AI-generated Solidity [via cross-hack: Factor 63: AI-Coauthored Code in Security-Critical Components]
rubric_version v1.7.0 factor RD-F-173 category 12 carried 80 critical no