defirisk.co
rubric v1.7.0

Known-exploit function-selector replay

Curve Finance's assessment for RD-F-095 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred (P2). The July 2023 Vyper reentrancy exploit used standard add_liquidity/remove_liquidity selectors — indistinguishable from normal LP operations without reentrancy-triggering context. Requires exploit-template database. Not assessable at static dry-run.

Sources #

  • Internal
    Finalized v1 Data Taxonomy — Cat 6ATaxonomy RD-F-095 — v1-deferred P2 signalretrieved 2026-04-28

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-095 score not_assessed collected_at 2026-04-28 19:48:40