Known-exploit function-selector replay

Circle USYC's assessment for RD-F-095 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Selector replay requires that the same call with same parameters produces the same exploit result. USYC's Entitlements system requires all callers to be in the allowlist or hold admin role. Replaying a selector from a non-whitelisted address reverts on the Entitlements check regardless of selector pattern.

Sources #

Etherscan
USYC RolesAuthorityProxy - EtherscanUSYC RolesAuthorityProxy Ethereum - governs all function-level permissionsretrieved 2026-05-16

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-095 score not_applicable collected_at 2026-05-15 21:56:43