Avg attacker reconnaissance time for peer-class protocols

Concrete's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Attacker wallet reconnaissance time for similar class: class-level probabilistic factor, not protocol-specific observation. Concrete is an ERC-4626 yield vault aggregator (Veda-class). Hack database shows pre-strike reconnaissance averages 14–78 days for DeFi protocols generally (USPD pattern). For yield vault aggregator class (Veda-class, strategy-allocation model): relevant exploit classes are C2 (oracle manipulation) and C14 (post-audit code change), both of which show 14–30 day reconnaissance patterns in the database. Protocol has been live ~7 months from V2 factory deploy (Oct 2025) and ~16 months from V1 (Jan 2025) — well past the reconnaissance window. The $990M TVL makes Concrete a high-value target that would attract advanced reconnaissance. Score yellow: the class-level risk is real and applicable. No protocol-specific reconnaissance signals observed, but the class establishes baseline vigilance requirement. Note: Concrete has deployed Hypernative + zeroShadow monitoring whic

Sources #

URL
Concrete security partners — Hypernative and zeroShadow activeHypernative + zeroShadow listed as security monitoring partners — active recon detection deployedretrieved 2026-05-17
URL
ConcreteFactory proxy deploy date — Oct 2025Blueprint Finance V2 factory deployed 2025-10-17 (block 21399154); reconnaissance window well within protocol's live periodretrieved 2026-05-17

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-163 score yellow collected_at 2026-05-17 14:36:59