Fluid · DeFi Risk

DeploymentsEthereum · $676.9M

Risk profile at a glance

1 red · 4 yellow · 8 green

Categories & evidence

184 factors · 13 categories

Code & audits Green 11 25 of 25

RD-F-001 yellow Audit scope mismatch Seven confirmed distinct audit engagements across 4 firms. FluidLiquidityDummyImpl (0xCc331…) deployed with solc v0.8.29 ~30 days before assessment; original StateMind audit commit a324cc2 is 2+ years old. StateMind 2026-03-02 is a PR-validation spot review, not full bytecode audit. Rolling re-audit cadence partially mitigates but bytecode-level commit match to any current audit not confirmed. RD-F-003 yellow Resolved-without-proof findings StateMind initial audit found 3 critical, 8 high findings — resolution status not independently verifiable from binary PDF. MixBytes VaultT1 (0 critical/high, 2 medium) resolutions documented in public README. StateMind PDF binary-encoded; findings resolution table not extractable. RD-F-005 yellow Audit firm tier No Tier-1 published audit (ToB/OZ/ConsenSys/Certora/Sigma Prime/Spearbit/Zellic) found in public indexes. StateMind, PeckShield, MixBytes are Tier-2. Certora FV in-budget per Dec 2025 governance post but no published report as of 2026-04-29. RD-F-006 yellow Audit-to-deploy gap StateMind pre-launch audit (48 days before deploy = green). MixBytes VaultT1 audit was post-launch (vault live Feb 2024, audit June 2024 = ~4 months gap). Mixed pattern — some audits pre-deploy, some post-deploy. Yellow overall. RD-F-014 yellow Reentrancy guard on external-calling functions VaultT1 operate() and liquidate() use toggle-based reentrancy guard (vaultVariables_ & 1). MixBytes audit identified cross-contract reentrancy as medium issue and confirmed mitigation added. Yellow because the reentrancy guard is non-standard toggle (not OZ nonReentrant) and only applies to specific functions. RD-F-024 yellow Code complexity vs audit coverage Fluid architecture is highly complex (novel unified liquidity layer + DEX + vault with bitpacking). MixBytes explicitly noted 'optimization for maximum gas efficiency has necessitated sacrifices in clarity, significantly complicating the audit process.' 4 distinct firms across 8+ engagements provide extensive coverage. Formal LOC/complexity metrics unavailable. RD-F-009 gray Formal verification coverage Certora FV in-progress per Dec 2025 governance budget request. No published Certora report in Certora SecurityReports repo or certora.com/reports as of 2026-04-29. Cannot assess coverage. RD-F-010 gray Static-analyzer high-severity count No Slither/Mythril tool run conducted. Published audits show 0 critical/high in MixBytes VaultT1; medium reentrancy and TWAP issues identified and addressed. Needs programmatic tool run for definitive assessment. RD-F-016 gray Divide-before-multiply pattern No Slither tool run conducted. No divide-before-multiply finding in available audit reports. Needs programmatic tool run for confirmation. RD-F-019 n/a ecrecover zero-address return unchecked No ecrecover usage found in critical paths of Fluid Liquidity Layer or VaultT1. Protocol uses NFT position ownership rather than signature-based operations for critical functions. RD-F-020 n/a EIP-712 domain separator missing chainId Fluid vault and liquidity layer do not use EIP-712 signed messages in core operation paths. NFT position ownership used for authorization. No DOMAIN_SEPARATOR found in core contracts. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned Fluid uses Infinite Proxy pattern (not UUPS). No _authorizeUpgrade function exists. Upgrade mechanism is admin-controlled addImplementation/removeImplementation in InfiniteProxy. RD-F-023 n/a Constructor calls _disableInitializers() Fluid uses Infinite Proxy pattern, not OZ Initializable. No _disableInitializers() pattern applicable — constructors set state directly. Architecture does not require this guard.

RD-F-002 green Audit recency StateMind PR validation 2026-03-02 (57 days ago) and Liquidity Layer Updated 2025-10-14 (197 days ago) — both within 365-day green threshold.

RD-F-004 green Audit count 4 distinct firms confirmed: StateMind, PeckShield, MixBytes, Cantina competition. 8+ engagements total. Protocol claims 12+ Fluid EVM audits in Dec 2025 governance post.

RD-F-007 green Bug bounty presence & max payout Active Immunefi program with $500K max payout for critical smart contracts. Covers Fluid Liquidity Layer, Lending, Vault explicitly. Meets ≥$500K green threshold.

RD-F-008 green Ignored bounty disclosure No prior Fluid protocol exploits documented. Rekt.incidents = []. No post-mortem evidence of ignored disclosure. March 2025 USR incident was external (Resolv) causing Fluid bad debt, not a Fluid vulnerability disclosure that was ignored.

RD-F-011 green SELFDESTRUCT reachable from non-admin path No SELFDESTRUCT found in InfiniteProxy, VaultT1, or LiquidityLayer source inspection. No audit finding flagged SELFDESTRUCT reachability.

RD-F-012 green delegatecall with user-controlled target InfiniteProxy delegatecall target is looked up from admin-set storage mapping by function signature — NOT user-controlled. VaultT1 delegatecalls only to admin-set AdminModule/Secondary addresses.

RD-F-013 green Arbitrary call with user-controlled target rescueFunds function exists in vault adminModule but is admin-only. No user-accessible arbitrary external call path found in source inspection or audit reports.

RD-F-015 green ERC-777/1155/721 hook without reentrancy guard No ERC-777 integration. ERC-721 NFT used for position ownership only (authorization, not callbacks in borrow paths). MixBytes audit noted fee-on-transfer and rebasable token exclusion as a low finding — not ERC-777 callback reentrancy.

RD-F-017 green Mixed-decimals math without explicit scaling Oracle returns prices in 1e27 precision per docs. MixBytes audit confirmed token compatibility awareness. No cross-decimal arithmetic flaw documented in any audit.

RD-F-018 green Signed/unsigned arithmetic confusion Not flagged in any of 7+ published audit reports. Solidity 0.8.x has built-in overflow protection. No signed/unsigned confusion finding.

RD-F-022 green Public initialize() without initializer modifier Infinite Proxy uses constructor-based initialization with no external initialize(). VaultT1 has no initialize() — deployed via VaultFactory. LiquidityLayer modules have no external initializer. No evidence of unprotected initialize() on any live contract.

RD-F-183 green Bug bounty scope gap on highest-TVL contracts Immunefi scope explicitly lists Fluid Liquidity Layer, Lending Protocol, and Vault Protocol as in-scope. Only DexLite Protocol and periphery folder are excluded. Highest-TVL contracts (Liquidity Layer $676M on Ethereum) are in-scope. $500K max payout.

Governance & admin Yellow 36 24 of 24

RD-F-032 red Timelock duration on upgrades No timelock on Fluid protocol upgrades. Avocado admin calls addImplementation()/removeImplementation()/setAdmin() on FluidLiquidityProxy with zero delay. InstaTimelock (2-day) covers legacy INST layer only. Fluid protocol: timelock_address = null per data cache. RD-F-033 red Timelock on sensitive actions Key sensitive actions without timelock: addImplementation/removeImplementation/setAdmin (Infinite Proxy), updateAuths/updateGuardians (AdminModule), collectRevenue (AdminModule), changeStatus, pauseUser. withdrawFunds on ReserveContract is restricted to pre-approved recipients only. No timelock wrappers on any of these. RD-F-038 red Proposal execution delay < 24h Fluid protocol upgrades have zero execution delay — Avocado admin executes directly with no timelock. InstaTimelock (2-day delay) covers legacy INST layer only. For Fluid contracts: execution delay = 0. RD-F-025 yellow Admin key custody type Avocado smart account (0x4F6F977) is the proxy admin for FluidLiquidityProxy and owner of all factories. InstaGovernorBravoDelegator + InstaTimelock govern legacy INST layer only. Snapshot instadapp-gov.eth is off-chain signaling only. No on-chain governor or timelock for Fluid protocol upgrades. RD-F-027 yellow Single admin EOA 0x4F6F977 is an Avocado smart account (not plain EOA) but _requiredSigners defaults to 1 and specific multi-party configuration is not publicly verifiable. No timelock between Avocado admin action and FluidLiquidityProxy upgrade. Cannot confirm multi-party protection. RD-F-028 yellow Low-threshold multisig vs TVL Same Avocado account (0x4F6F977) with unknown threshold. With $931M TVL, peer cohort at this size typically requires 4-of-7 or 5-of-9. Cannot confirm Avocado threshold adequacy. Provisionally yellow. RD-F-035 yellow Role separation: upgrade ≠ fee ≠ oracle Upgrade authority = Avocado admin (0x4F6F977). Fee/revenue collection = Auths role. Guardians = pause only. Oracle config within vaults = Auth-controlled. But updateAuths() (role grants) callable by onlyGovernance which maps to same Avocado admin. Upgrade and role-management authority are the same ultimate controller. RD-F-039 yellow delegatecall/call in proposal execution without allowlist InstaTimelock executes via call (not delegatecall). No target allowlist on Governor Bravo or InstaTimelock. But this governance covers only the legacy INST system — Fluid protocol upgrades bypass all governance and execute directly via Avocado admin, so there is no proposal execution path at all for Fluid contracts. No allowlist anywhere in the upgrade chain. RD-F-040 yellow Emergency-veto multisig present No emergency veto multisig identified. Guardians can pause individual users/tokens. For legacy INST governor, guardian = InstaTimelock itself (0xC7Cb1d), not a separate veto body. No veto over Avocado admin's direct execution of Fluid upgrades. RD-F-041 yellow Rescue/emergencyWithdraw without timelock collectRevenue() on AdminModule callable by Auth role holders with no timelock -- extracts accrued protocol fees. withdrawFunds(address[],uint256[],address,string) on FluidReserveContract is gated by an isAuth mapping (multiple addresses can be authorised via updateAuth()) and accepts an arbitrary receiver_ parameter -- i.e. authorised callers can route funds to any address, not just a hard-coded Treasury / Buyback. No general rescue/emergencyWithdraw/sweep found in AdminModule ABI. Not a full-drain vector at the AdminModule layer, but ReserveContract withdrawFunds() has no timelock and no destination allowlist. RD-F-026 gray Upgrade multisig signer configuration (M/N) Avocado multisig at 0x4F6F977: _requiredSigners (uint8) and _signersCount in storage slot 1 per AvocadoMultisigVariables.sol but not readable via static WebFetch (JS-rendered Etherscan tab). Default threshold = 1; max signers = 90. Specific M/N for this instance not confirmed. RD-F-029 gray Multisig signers co-hosted Signers for 0x4F6F977 Avocado not publicly enumerable via static fetch. P1 factor. RD-F-030 gray Hot-wallet signer flag Signer list for 0x4F6F977 Avocado not enumerable. Hot-wallet vs hardware assessment not possible. P1 factor. RD-F-031 n/a Signer rotation recency No Security Council structure. Fluid uses Snapshot + Avocado admin. No SC to reduce. Not applicable. RD-F-037 n/a Quorum achievable via single-entity flash loan Checkpoint-based voting prevents flash-loan quorum manipulation. Also InstaGovernorBravoDelegator governs legacy INST layer, not Fluid protocol. Not applicable. RD-F-044 n/a Admin wallet interacts with flagged addresses Watchlist interaction check for 0x4F6F977 requires Chainalysis-style feed not available. Data cache shows no Rekt incidents. P1 factor — not assessed. RD-F-045 gray Constructor args match governance proposal No on-chain governance proposal exists for Fluid contract deployments (Avocado admin deploys directly). Snapshot votes are off-chain signaling only. Cannot match constructor args to any binding proposal. P1 factor. RD-F-047 gray Governance token concentration (Gini) FLUID total supply 100M, circulating ~78M. Top-holder Gini analysis requires DeepDAO or on-chain scan not performed. P1 factor, gray. RD-F-167 n/a Deprecated contract paused but pause reversible by live admin No deprecated surface identified. Fluid is 27 months old with a single unified architecture. No deprecated v1/v2 split exists.

RD-F-034 green Guardian/pause-keeper distinct from upgrader Guardian role exists in AdminModule, limited to pauseUser/unpauseUser/pauseTokens/unpauseTokens. Upgrade authority (Avocado admin) is distinct from guardians. Role separation confirmed.

RD-F-036 green Flash-loanable voting weight INST/FLUID token (InstaTokenDelegate) uses checkpoint-based getPriorVotes(address, blockNumber). Historical block checkpoints prevent flash-loan voting. Voting power is at prior block, not current balance. Governor Bravo uses this token.

RD-F-042 green Admin has mint() with unlimited max FLUID token mint function has 2% cap per mint cycle (uint8 public constant mintCap = 2), 365-day (~1-year) cooldown enforced via uint32 public constant minimumTimeBetweenMints = 365 days plus the mintingAllowedAfter timestamp gate, 100M total supply cap. Not unlimited. Supply cap confirmed: 100M total, ~78M circulating. Verified on-chain at InstaTokenDelegate 0x31de2088f38ed7f8a4231de03973814eda1f8773.

RD-F-043 green Admin = deployer EOA after 7 days Deployer is 0x0Ed35B1609EC45c7079E80d11149A52717e4859A (EOA). Current proxy admin is 0x4F6F977aCDD1177DCD81aB83074855EcB9C2D49e (Avocado smart account). They differ — transfer from deployer to Avocado happened at or near deploy. Admin ≠ deployer EOA.

RD-F-046 green Contract unverified on Etherscan/Sourcify All core Fluid contracts verified on Etherscan with Exact Match: FluidLiquidityProxy, AdminModule (0x53EFFA), LendingFactory (0x54B91A), VaultFactory (0x324c5D), DexFactory (0x91716C), ReserveContract impl (0xFb3102), InstaGovernorBravoDelegator.

Oracle & external dependencies Yellow 28 17 of 17

RD-F-059 red Oracle staleness check present Oracle staleness check ABSENT on Ethereum mainnet. ChainlinkSourceReader calls IChainlinkAggregatorV3.latestRoundData() and extracts only the exchangeRate (second return value), discarding updatedAt entirely. No comparison to block.timestamp or maxAge is performed. ChainlinkOracleImpl confirms the same — no updatedAt validation. RedstoneOracleImpl similarly has no timestamp freshness check. The StateMind audit (December 2023) explicitly noted the absence of staleness checks and recorded Fluid's accepted-risk decision: for mainnet, Fluid decided to accept the stale-data risk similar to Compound and Aave, with plans to implement checks on L2s. However as of the last commit (2026-03-04), no staleness check exists in chainlinkSourceReader.sol or chainlinkOracleImpl.sol. With AVAX/USD at 86400s heartbeat and 2% deviation, and USDT/USD at 86400s heartbeat, a stale price of up to 24 hours could be accepted without detection. RD-F-049 yellow Oracle role per asset For each vault, the oracle serves as Primary for collateral pricing and liquidation. The FallbackCLRSOracle (now deprecated, replaced by GenericOracle) explicitly supports Chainlink-primary/Redstone-fallback or Redstone-primary/Chainlink-fallback modes (3 modes: 1=CL only, 2=CL primary RS fallback, 3=RS primary CL fallback). The GenericOracle supports up to 4 oracle hops chained sequentially. DEX Smart Collateral vaults use dexSmartColCLOracle (Chainlink + DEX reserves). However, specific asset-to-oracle-mode mappings across all 20+ vault configurations are not fully enumerated in available sources — the oracle type per vault requires individual vault state reads. Yellow because the system supports defined primary/fallback roles but complete per-asset enumeration was not achievable without chain reads across all vault instances. RD-F-050 yellow Dependency graph (protocols depended upon) Dependency graph: (1) Chainlink price feeds — 19 feeds confirmed; failure of Chainlink aggregator for any asset causes liquidation/borrow pricing failure for that vault. (2) Redstone oracle — used as fallback in some configurations; failure means fallback unavailable. (3) Fluid's own DEX reserves — used in Smart Collateral/Smart Debt DEX oracle variants; failure of internal DEX liquidity affects DEX vault pricing. (4) Chainlink CCIP — Fluid Lite product cross-chain capital movement; CCIP failure would halt Fluid Lite rebalancing. (5) LayerZero OFT — Fluid Lite token bridging for specific tokens; failure affects Fluid Lite capital movement. (6) Plasma chain — $106M TVL (11.45%); bridge mechanism not fully enumerated. (7) OpenZeppelin v4.8.2 library — library dependency, not runtime oracle. Yellow because Plasma bridge mechanism not confirmed and DEX reserve dependency for Smart Collateral needs direct vault-state evidence. RD-F-051 yellow Fallback behavior on oracle failure Fallback behavior on oracle failure: (1) ChainlinkOracleImpl returns 0 on any exception (try-catch with empty catch). (2) FallbackOracleImpl switches to secondary (Redstone or Chainlink) when primary returns 0 — so a failed Chainlink feed triggers Redstone fallback. (3) GenericOracle reverts if final rate is 0 (FluidOracleError RateZero). So the fallback sequence is: primary oracle fail → returns 0 → fallback oracle queried → if fallback also 0 → revert. This is a reasonable fallback for configured multi-source oracles. However: (a) The staleness trigger is not used — fallback only fires on zero, not on stale data. A stale-but-non-zero Chainlink price is NOT routed to fallback. (b) GenericOracle configurations with Mode 1 (CL only, no fallback) have no secondary. Yellow because the fallback exists for zero-price failures but is NOT triggered by staleness — a critical gap for the staleness failure mode. RD-F-052 yellow Breakage analysis per dependency Breakage analysis: (1) Chainlink feed failure (reverts/returns 0): vault borrow and liquidation pricing halts for that asset; borrowing disabled; liquidations cannot be triggered — TVL at risk from under-collateralization without liquidation trigger. (2) Chainlink feed staleness (non-zero stale price, within heartbeat): NO DETECTION — Fluid oracle does not check updatedAt. Stale price is used as if current. For AVAX/USD (86400s heartbeat, 2% deviation) or USDT/USD (86400s heartbeat), up to 24 hours of stale price could be used without detection. (3) Redstone oracle failure: if primary returns 0, Redstone fallback is queried; Redstone failure → revert. (4) CCIP failure (Fluid Lite): cross-chain rebalancing halts; no direct user fund loss from CCIP failure alone since core lending positions are chain-local. (5) Plasma bridge failure: $106M Plasma TVL becomes illiquid if bridge fails; deposits/withdrawals from Plasma chain paused. RD-F-056 yellow Single-pool oracle (no medianization) For most vault configurations, Chainlink feeds are the single source (no medianization across multiple venues). The FallbackCLRSOracle (deprecated) provides Chainlink + Redstone fallback in certain modes, which is effectively dual-source sequential (not medianized). The GenericOracle chains up to 4 hops sequentially — if one hop uses Chainlink and another uses Redstone, they are sequentially composed, not medianized. The UniV3Check oracle (deprecated) performed a delta-check against Chainlink rather than medianizing. Medianization across multiple venues is NOT present. Yellow because the fallback provides some multi-source coverage but it is sequential fallback, not true medianization. RD-F-057 yellow Circuit breaker on price deviation No dedicated circuit breaker on price deviation in the oracle contracts. The GenericOracle reverts on zero rate — this is a binary check (zero vs non-zero), not a deviation threshold. The deprecated UniV3CheckCLRSOracle had delta-checking via isRateOutsideDelta() comparing Uniswap V3 price against Chainlink — but this is deprecated. The FallbackCLRSOracle has no deviation-based circuit breaker. The active GenericOracle has no configurable deviation threshold that would halt operations if price moves X% in Y blocks. Yellow because the zero-check provides some protection against complete oracle failure, but no deviation-based circuit breaker exists. RD-F-060 yellow Chainlink aggregator min/max bound misconfig Chainlink aggregators have configurable minAnswer/maxAnswer circuit breakers built into the aggregator contracts (this is Chainlink's standard). The ChainlinkOracleImpl does NOT read minAnswer/maxAnswer from the aggregator — it only reads the answer (second return from latestRoundData). If a Chainlink feed returns a price at its minAnswer floor during a crash event (e.g., ETH/USD floor during a severe crash), Fluid would use that floored price as valid without detecting it is at the circuit breaker limit. This is the well-known 'ETH/USD floor-bug class' vulnerability. However: (1) Chainlink has been moving away from minAnswer/maxAnswer bounds on major feeds, and (2) the StateMind audit noted this as accepted risk. Yellow because the risk exists but most major Chainlink feeds for ETH/USD, BTC/USD have broad or no effective bounds. RD-F-062 yellow External keeper/relayer not redundant Fluid does not depend on external keepers for core lending operations (borrow/repay/liquidate are user-triggered or open liquidations). However, Fluid Lite's Strategy Handler has a Rebalancer Module that executes cross-chain capital rebalancing — this requires an operational relayer/keeper to call rebalance functions. The automation of cross-chain bridge calls (CCIP/LayerZero) through the Bridging Module implies operational dependency on whoever triggers rebalancing. Whether this is a single keeper or redundant is not confirmed in available sources. Yellow because the core protocol has no keeper dependency but Fluid Lite product does. RD-F-054 n/a TWAP window duration Primary oracles are Chainlink price feeds (not TWAP-based). The deprecated UniV3CheckCLRSOracle used multi-interval Uniswap V3 checks with windows of 240s-60s-15s-1s, which are very short (below 30-minute threshold). However, this contract is deprecated and replaced by GenericOracle which does not use Uniswap V3 TWAP as a primary source. Since active production oracles are Chainlink-based (not TWAP), this factor is not applicable to the primary oracle path. Flagged yellow rather than N/A because the deprecated oracle still appears in some vault configs until migration is complete. RD-F-055 n/a Oracle pool depth (USD) Primary oracles are Chainlink price feeds with professional aggregation infrastructure, not DEX pool-based oracles. DEX pool depth is not the relevant measure here. DEX reserves are used as a secondary input in Smart Collateral oracle variants alongside Chainlink, but the depth of those DEX reserves is tracked by Fluid's internal DEX (Fluid DEX), not an external AMM with manipulable liquidity. Factor applies to DEX-pool-based oracles; not applicable to Chainlink-primary architecture. RD-F-058 n/a Max-deviation threshold (bps) No circuit breaker present (see F057). Therefore no configurable threshold exists. Factor is not applicable. RD-F-181 gray Permissionless-pool lending oracle F181 concerns whether the lending protocol accepts spot prices from a DEX where any user can permissionlessly create new pools. Fluid's internal DEX (Fluid DEX) does have permissionless pool creation via DexFactory. The DEX oracle variants (dexSmartColCLOracle) can read from specific DEX pool reserves. Whether a newly-created permissionless Fluid DEX pool with a worthless token could become an accepted oracle source for a new vault — and whether that vault could be created permissionlessly — requires direct assessment of VaultFactory pool-listing requirements. The profile notes vault creation via VaultFactory but permissionless listing criteria not confirmed. The profiler flagged F181 as LIVE. Gray due to insufficient evidence to determine if a permissionlessly-created DEX pool with a fake token can feed a vault oracle without a TWAP, liquidity floor, or token-age minimum check. This requires direct VaultFactory source inspection which was not completable within this assessment.

RD-F-048 green Oracle providers used Fluid uses Chainlink (primary for all core vaults) and Redstone (fallback in deprecated FallbackCLRSOracle and active in some GenericOracle configurations) across ETH/USD, BTC/USD, USDC/USD, USDT/USD, LINK/USD, UNI/USD, COMP/USD, AVAX/USD feeds. DEX-oracle variants use Fluid's own internal DEX reserves as a center-price source. 19 Chainlink feed addresses confirmed in data cache across Ethereum, Arbitrum, Polygon chains. Oracle system is documented in the fluid-contracts-public/contracts/oracle directory structure with ChainlinkSourceReader, FluidSourceReader, and UniV3CheckedSourceReader implementations.

RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL] Primary oracles for core vaults are Chainlink price feeds (not spot DEX pools). The ChainlinkOracleImpl reads from Chainlink AggregatorV3 latestRoundData() — this is a professional price aggregation source, not a single DEX spot pool. The dexSmartColCLOracle uses Chainlink feeds for conversion price, then applies DEX reserves for the LP token price calculation — but this is a composite that incorporates Chainlink, not a pure spot DEX read. The UniV3CheckCLRSOracle (deprecated) used Uniswap V3 with multi-interval checks (not TWAP in the traditional sense but multi-block window: 240s-60s-15s-1s intervals), combined with Chainlink check. The active GenericOracle does NOT use raw spot DEX prices without Chainlink component for core collateral. F053 green.

RD-F-061 green LP token balanceOf used for pricing Fluid does not use LP token balanceOf for pricing. The DEX oracle variants (dexSmartColCLOracle, dexSmartDebtCLOracle) use Chainlink feeds for the conversion price component, and internal Fluid DEX reserve calculations for the LP token component. The reserve-based calculation reads from the DEX contract's internal state (not externally manipulable via transfer), making donation-based manipulation not applicable in the same way as a naive balanceOf approach. Core vaults (T1/T2/T3/T4) use pure Chainlink feeds, with no balanceOf dependency for pricing.

RD-F-180 green Immutable oracle address [★ CRITICAL] Oracle addresses are NOT immutable in Fluid vault contracts. The VaultT1AdminModule includes an updateOracle(address newOracle_) function that allows admin to replace the oracle address. The oracle is stored in vaultVariables2 storage (packed with other variables), not in an immutable variable. The _verifyCaller modifier restricts calls to delegatecall from the vault core contract (authorized admin path), not direct EOA. The VaultTypesCommon admin module similarly has updateOracle(uint newOracleNonce_) deriving the new oracle address from the nonce via AddressCalcs. This means when an oracle source becomes compromised or an asset depegs, governance can replace the oracle without a full contract upgrade. F180 green — oracle replaceability exists via admin.

Economic risk Red 52 13 of 13

RD-F-068 red Collateralization under stress Collateralization ratio under stress is an elevated risk for Fluid due to: (1) Smart Vault T2/T3/T4 architecture — DEX impermanent loss on collateral leg can reduce effective collateral value independently of underlying price, creating novel cascade risk; (2) Demonstrated failure: March 2026 wstUSR collateral depeg created >$10M bad debt within one day because hardcoded oracle did not reprice (collateral value stayed at $1.13, actual ~$0.63); (3) Absorbed debt recovery mechanism (positions moved to bookkeeping buckets) assumes future price recovery — sustained depeg produces unrecoverable absorbed debt; (4) Liquidation penalty as low as 0.1% may not attract liquidators for illiquid long-tail collaterals. Red: documented real-dollar collateral cascade event with confirmed bad debt, even if subsequently repaid. RD-F-073 red Oracle-manipulation-proof borrow cap Fluid's multi-oracle setup (Chainlink + UniV3 TWAP composite) provides manipulation resistance on most pairs, but the hardcoded oracle configuration for wstUSR bypassed this protection entirely. wstUSR oracle was hardcoded at $1.13 (never repriced). When wstUSR crashed to ~$0.63, borrowers deposited cheap wstUSR at inflated oracle value and drained >$10M. This is a demonstrated oracle-manipulation-proof borrow cap failure: the borrow cap's oracle dependency failed. Current status: wstUSR delisted post-incident; other yield-bearing stablecoins (sUSDe, etc.) must be verified for oracle configuration. Red: documented failure with real loss. RD-F-074 red ERC-4626 virtual-share offset (OZ ≥4.9) Data cache confirms oz_contracts_version: '4.8.2'. OZ 4.8.2 does NOT include the virtual-share offset introduced in OZ 4.9 (August 2023, post-inflation-attack fix). GitHub fToken/variables.sol analysis confirms the contract inherits from basic ERC20 + ERC20Permit (not OZ ERC4626). Share calculation uses direct exchange-price arithmetic (sharesMinted = assets * EXCHANGE_PRICES_PRECISION / tokenExchangePrice) with no virtual offset. The minDeposit floor is a partial mitigation but not equivalent to the OZ 4.9 fix. Red: protocol is below OZ 4.9 threshold and lacks the virtual-share offset protection. RD-F-066 yellow Utilization rate (lending protocols) Aggregate utilization 83.52% ($777.9M borrowed / $931.4M supplied) as of 2026-04-29 per DefiLlama borrow data. This is elevated relative to protocol peers and limits withdrawal flexibility. Yellow: high utilization is a risk indicator but not a threshold breach in isolation; no market-specific panic-withdrawal event observed at assessment date beyond the Resolv incident outflows which stabilized. RD-F-067 yellow Historical bad-debt events One confirmed bad debt event: March 2026, Resolv/wstUSR exploit. Fluid incurred >$10M bad debt in one day (source: BingX flash news, Halborn, Protos). Root cause: hardcoded oracle for wstUSR at $1.13 while spot traded at ~$0.63 post-Resolv exploit. Fluid covered bad debt externally via short-term loan (Cyber Fund, Jupiter) and fully repaid by March 25, 2026. No permanent depositor loss. One event in 14+ months of operation. Yellow (not red): bad debt was absorbed and repaid; no permanent loss socialized to depositors. RD-F-071 yellow Seed-deposit requirement for new market listing fToken `minDeposit()` function enforces a minimum deposit floor (BigMath rounding + previewMint(1) rounded up); reverts with fToken__DepositInsignificant if below threshold. This provides practical protection against trivially small first deposits. However, it is NOT equivalent to OZ 4.9 virtual-share offset. Yellow: partial mitigant exists (minDeposit floor) but the protocol uses OZ 4.8.2 without virtual-share offset; a careful attacker could still manipulate share price in very low-TVL markets through precise donation. RD-F-072 yellow Market-listing governance threshold Vault creation and collateral listing is governance-controlled (team/AdminModule) at assessment date. Not fully permissionless. The Resolv wstUSR listing at 95% LTV with hardcoded oracle demonstrates that the governance threshold was insufficient to prevent a dangerous collateral configuration. Future roadmap targets permissionless Smart Collateral/Smart Debt. Yellow: governance-controlled but demonstrated poor listing decision (wstUSR); threshold was low-threshold in practice. RD-F-075 yellow First-depositor / share-inflation guard fToken implements minDeposit() with a floor equal to BigMath rounding + previewMint(1) rounded up. This reverts small deposits (fToken__DepositInsignificant error) and provides practical but incomplete protection against first-depositor share inflation. The guard is NOT equivalent to dead-shares or OZ 4.9 virtual offset. In markets with very low but nonzero TVL, a manipulator could donate assets to inflate tokenExchangePrice before the minDeposit floor would protect the next depositor. Yellow: partial guard exists but does not meet OZ 4.9 standard. RD-F-064 gray TVL concentration (top-10 wallet share) TVL concentration (top-10 wallet share) not accessible via public APIs. DefiLlama HTML returns 403; Dune Analytics returns 403 for wallet concentration queries. On-chain scan not performed (requires RPC enumeration). Structural data gap — deferred to programmatic pipeline. RD-F-065 gray Liquidity depth per major asset Fluid DEX launched October 29, 2024 (~18 months old). Liquidity depth at 2%/5% slippage not obtainable — DefiLlama DEX subgraph returns 403; fluid-dex slug returns no TVL data. DEX TVL is embedded in unified Liquidity Layer (not separately tracked). Deferred to programmatic pipeline. RD-F-069 n/a Algorithmic / under-collateralized stablecoin Fluid is not an algorithmic or under-collateralized stablecoin protocol. It is an over-collateralized lending + DEX hybrid. USR/wstUSR (Resolv) were third-party stablecoins listed as collateral, not protocol-native designs. Factor does not apply. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) [★ CRITICAL — NOT APPLICABLE] Fluid is an original protocol, not a Compound V2 fork. No cToken-style market structure exists. The unified Liquidity Layer + fToken/Vault architecture uses proprietary exchange-price accounting, not the isolated totalSupply/totalBorrow Compound V2 model that enables the classic donation-inflation exploit vector. Critical factor ★ does not fire.

RD-F-063 green TVL (current + 30d trend) TVL $931.4M as of 2026-04-29 per DefiLlama API; 30d change +2.89%; 1d change +1.24%. 12-month peak $1.61B (January 2025). Protocol recovered from >$300M single-day outflow (Resolv incident March 2026). Well above $100M threshold. Chain breakdown: ETH 72.68%, Arbitrum 12.44%, Plasma 11.45%, Base 2.93%, Polygon 0.50%.

Operational history Yellow 26 15 of 15

RD-F-082 red Post-mortem published within 30 days No Fluid-authored post-mortem published within 30 days of the March 2025 Resolv/USR incident (deadline: 2025-04-21). As of 2026-04-29 (13 months post-incident), no Fluid/Instadapp post-mortem has been found in any searched source: blog.instadapp.io, gov.fluid.io, Medium, Mirror.xyz, GitHub. Resolv Labs issued an initial X post and indicated a full post-mortem 'in progress' but this was Resolv's own analysis, not Fluid's. Third-party analyses exist but no protocol-originated post-mortem. RD-F-089 red Insurance coverage active No active insurance coverage from Nexus Mutual, Sherlock, Unslashed, or equivalent found for Fluid's TVL ($931M). Web searches returned no Fluid/Instadapp-specific active coverage from any platform. Sherlock Fluid DEX v2 contest (audits.sherlock.xyz/contests/1225, $200K prize) is an audit competition, not ongoing protocol coverage. Process learnings: insurance gap is near-default red for large-TVL protocols. $931M TVS with zero confirmed DeFi insurance = red. RD-F-077 yellow Prior exploit count 1 adverse incident: March 2025 Resolv/USR contagion event. Root cause was external (Resolv AWS key compromise → unbacked USR minting → wstUSR oracle mispricing at Fluid). Fluid absorbed ~$10–15M bad debt; $300M+ single-day TVL outflow. All bad debt repaid by team via short-term loan (final repayment announced March 2026). Zero protocol-level exploits of Fluid's own smart contract code. Score yellow (not green because a real loss event occurred; not red because root cause is external and fully remediated). RD-F-081 yellow Post-exploit response score Curator-scored response for March 2025 Resolv/USR incident: (a) Compensation 5/5 — full bad debt repayment completed; (b) Transparency 2/5 — public commitment but no protocol-authored post-mortem; (c) Root-cause-depth 1/5 — no Fluid-specific post-mortem identifying oracle config failure; (d) Operational recovery 4/5 — wstUSR paused within ~30 min, all other markets remained live. Composite: 3.0/5 = yellow. RD-F-084 yellow TVL stability (CoV over 90d) TVL ranged from ~$300M (April 2024 launch) to $1.61B peak (January 2025) to ~$700–800M (post-March 2025 Resolv event, $300M+ single-day outflow) to ~$1.81B (late April 2026) to ~$942M current (DefiLlama, 2026-05-07). A second large step-down (~48% over ~8 days, late April -> early May 2026) compounds the March 2025 event. Full daily series not available (DefiLlama HTML 403); precise CoV not computable. Two known large step-down events; full-period CoV is elevated. Yellow at medium confidence. RD-F-085 yellow Incident response time (minutes) Response time: ~30 minutes from first depeg signal (02:21 UTC) to wstUSR market pause (~02:50 UTC). A 20-minute exploitable window existed (02:30–02:50 UTC) where USR was trading at $0.15–$0.40 on DEXs but Fluid had not yet paused. This is a real-world response gap. P2 display-only factor. RD-F-166 yellow Deprecated contracts still holding value Instadapp DSA v1 (DeFi Smart Accounts) infrastructure is operationally superseded by Fluid. The 'Instadapp/dsa-resolvers-deprecated' GitHub repo explicitly flags the old resolver layer as deprecated. Data cache 'has_legacy_v1: true' confirms legacy exists. No formal deprecation announcement with migration deadline or drain guidance found. On-chain balance of DSA v1 SmartAccount contracts not verified (WebFetch cannot check on-chain balances). Whether >$100K remains in deprecated contracts is unconfirmed. Fluid core contracts (FluidLiquidityProxy, factories) are not deprecated. Yellow pending on-chain balance verification. RD-F-083 gray Auditor re-engaged after last exploit No evidence of auditor re-engagement specifically in response to the March 2025 Resolv/USR contagion incident. December 2025 security budget request (gov.fluid.io/t/security-budget-request/1754) references ongoing Certora formal verification — predates the incident and represents general security investment. The incident root cause was oracle configuration, not Fluid smart contract code vulnerability, making a targeted code re-audit ambiguous. Cannot assess whether a re-audit occurred; gray on insufficient evidence.

RD-F-076 green Protocol age (days) Fluid mainnet deploy: 2024-02-09 (FluidReserveContractProxy first deploy). Assessment date: 2026-04-29. Age: ~27 months (~820 days). Exceeds both the 12-month A-grade floor and the 24-month yellow class threshold. Note: invocation brief flagged yellow for <24 months; re-evaluation at 27 months places this in green territory.

RD-F-078 green Chronic-exploit flag (≥3 incidents) 1 adverse incident total. CHRONIC threshold is ≥3 incidents. Threshold not met. CHRONIC badge does not fire.

RD-F-079 green Same-root-cause repeat exploit 1 incident only. By definition no same-root-cause repeat is possible with fewer than 2 incidents. No repeat exploit pattern exists.

RD-F-080 green Days since last exploit Most recent incident: 2025-03-22 (Resolv/USR contagion). Days since: ~403 days (as of 2026-04-29). Protocol has been adverse-event-free for over a year. P1 display-only factor.

RD-F-086 green Pause activations (trailing 12 months) One known pause activation: wstUSR markets paused during March 2025 Resolv/USR incident. Pause used appropriately for emergency scenario. Multiple sources confirm Fluid was among protocols taking precautionary actions (pausing markets / isolating vaults). No inappropriate or unexplained pause history found.

RD-F-087 green Pause > 7 consecutive days The wstUSR market pause during March 2025 was a targeted collateral-specific pause, not a full protocol pause. Protocol remained operational throughout with all other lending markets functioning. No evidence of >7-day continuous full-protocol pause in the last 12 months.

RD-F-088 green Re-deployed to new addresses in last year No full redeployment to new contract addresses in the last 12 months. Fluid uses upgradeable proxy architecture (EIP-1967 Infinite Proxy); upgrades are implementation-pointer updates, not address migrations. INST→FLUID token migration (December 2024) preserved same Ethereum contract address (no new token contract created). DEX v2 launch (April 2025) is a new product, not an address migration of existing contracts.

Real-time signals Green 6 22 of 22

RD-F-099 yellow Oracle price deviation >X% from secondary No current oracle deviation on core assets (ETH, wstETH, USDC, USDT) as of 2026-04-29. Fluid uses multi-source oracle verification for vault pricing (three Uniswap TWAP checkpoints + Chainlink vs current Uniswap price per blog.instadapp.io/fluid/). However: (1) the Resolv/USR incident (March 2025) confirmed that a hardcoded oracle for a collateral asset (wstUSR priced at $1.13 while market was $0.63) caused $10M+ Fluid bad debt — this signal class is confirmed load-bearing; (2) whether all current Fluid collateral oracles are admin-replaceable vs hardcoded is unconfirmed; (3) the signal is phase 2 (not yet live, requires per-asset secondary-source mapping infrastructure). Yellow: no current deviation but monitoring gap is confirmed as specifically load-bearing by prior incident. RD-F-102 yellow Admin/upgrade transaction in mempool Fluid Liquidity Layer (0x52Aa899454998Be5b000Ad077a46Bbe360F4e497) is an EIP-1967 upgradeable proxy with admin 0x4F6F977aCDD1177DCD81aB83074855EcB9C2D49e (Instadapp Avocado smart wallet). No on-chain timelock confirmed for Fluid-layer contract upgrades. Last proxy upgrade December 1, 2025. Reserve Contract Proxy (0x264786EF916af64a1DB19F513F24a3681734ce92) also upgradeable (last upgraded December 2025), same deployer. No admin tx in mempool detectable via static assessment. Yellow: absence of a timelock means the mempool signal is the ONLY advance-warning mechanism — there is no multi-day pre-announcement window that timelock-protected protocols provide. T-09 phase-2 signal (mempool listener required for production alerting). This is the most important monitoring gap for Fluid specifically. RD-F-103 yellow Bridge signer-set change proposed/executed Fluid has $106.6M TVL on Plasma chain (Bitcoin sidechain with EVM compatibility). Plasma bridge validator/verifier set composition is not publicly confirmed — plasma.to states the set 'will be decentralized over time' with 'initial composition to be published prior to mainnet launch.' T-09 v1 launch signal (applicable in principle) — but baseline validator list required for change detection cannot be established from public sources. Signal cannot be wired up without the confirmed validator list. $106.6M is material TVL and Plasma is a live deployment. Monitoring gap: opaque bridge architecture on a non-trivial TVL surface. RD-F-091 n/a Partial-drain test transactions v1-deferred. Requires live on-chain pattern matching to detect small-value pre-drain test transactions. The Resolv/USR incident was not preceded by test drains to Fluid — it was a protocol-layer oracle failure at Resolv. No static-assessment proxy available. RD-F-093 n/a Abnormal gas-price willingness from attacker wallet v1-deferred. No abnormal gas-price patterns from wallets targeting Fluid contracts detectable via static assessment. Requires live mempool data stream; no static-assessment proxy produces threshold-level observation. RD-F-096 n/a New ERC-20 approval to unverified contract from whale v1-deferred. Cannot assess whale ERC-20 approvals to unverified contracts without live mempool monitoring or on-chain allowance sweep across all Fluid depositors. No static proxy available. RD-F-106 n/a Cross-chain bridge unverified mint pattern v1-deferred. Plasma bridge mechanism is undocumented in sufficient detail to assess cross-chain mint-without-proof exposure (Plasma is described as EVM-compatible with PlasmaBFT consensus; trust-minimized Bitcoin bridge 'rolling out incrementally'). The Resolv/USR incident demonstrated that mint-without-proof at the collateral-token bridge layer creates Fluid bad debt even when Fluid's own contracts are sound. $106.6M Plasma TVL is a live surface. Without confirmed bridge architecture specification, the mint-without-proof exposure cannot be measured. Requires bridge architecture confirmation and live cross-chain monitoring. RD-F-107 n/a Admin EOA signing from new geography/device v1-deferred. Off-chain signing telemetry not publicly accessible. Instadapp team is doxxed (Samyak Jain, Sowmay Jain; India-based founders per Crunchbase and GlobalIndian profile) and admin signing is via Avocado smart wallet (account abstraction infrastructure), not a raw EOA private key — the AA design reduces raw EOA signing exposure. No public evidence of anomalous admin signing geography. Cannot assess without off-chain telemetry. RD-F-182 n/a Security-Council threshold reduction (RT) Not applicable. Fluid does not have a formalized Security Council structure with a documented M-of-N threshold (as in Drift Protocol's 3/5 Security Council). Fluid's admin is a team-controlled Avocado smart wallet — not a Security Council with a public threshold that could undergo a 3/5 → 2/5 reduction. The F182 signal (Security Council threshold reduction + timelock removal within 14 days) does not map to Fluid's governance topology. The team-wallet-as-sole-admin structure is a Cat 2/9 static finding, not a Cat 6B real-time threshold-change signal.

RD-F-090 green Mixer withdrawal → protocol interaction No mixer-funded wallets interacting with Fluid core contracts identified. Deployer EOA 0x0Ed35B1609EC45C7079E80D11149A52717e4859A funded via wallet-to-wallet transfer (not Tornado Cash or other mixer) per Etherscan labels. Admin Avocado wallet 0x4F6F977aCDD1177DCD81aB83074855EcB9C2D49e shows no mixer interactions. Tier C signal — advisory only, never grade-flip. No current firing. Phase 2 (v1 phase-2 scope per T-09 §3.2).

RD-F-092 green Unusual mempool pattern from deployer wallet Deployer EOA 0x0Ed35B1609EC45C7079E80D11149A52717e4859A shows routine DeFi activity (CoW Protocol, LiFi, Socket Gateway interactions) per Etherscan. Most recent tx 15 days prior to assessment date. No unusual contract deployment bursts, approval sequences, or anomalous mempool patterns observed. Static posture: clean. (Signal requires live mempool monitoring for production alerting; static posture is assessable from on-chain history.)

RD-F-094 green New contract with similar bytecode to exploit template No newly deployed contracts with bytecode similarity to Fluid's Liquidity Layer (0x52Aa899454998Be5b000Ad077a46Bbe360F4e497) or VaultFactory (0x324c5Dc1fC42c7a4D43d92df1eBA58a54d13Bf2d) identified via Etherscan. Fluid vault architecture is proprietary (not a fork of Compound, Aave, or any audited upstream), which limits the known-exploit-template library and reduces the bytecode-similarity attack surface. No precursor deployment pattern visible. (Signal requires automated on-chain new-deploy sweep for production alerting; static posture is observable.)

RD-F-095 green Known-exploit function-selector replay No known-exploit replay selector patterns targeting Fluid pool or vault functions detected in public sources. Fluid vault architecture is proprietary (not a Compound or Aave fork), so the known-exploit-template selector library for this protocol class is limited. No confirmed replay attempt observable via static on-chain history. (Signal requires live mempool + selector matching for production alerting; static posture is assessable.)

RD-F-097 green Sybil surge of identical-pattern transactions No sybil transaction surge targeting Fluid contracts detected in public sources. The Resolv incident was a single-actor exploit (one compromised signing key), not a sybil transaction burst. No clustering of identical-pattern EOA submissions observed in public on-chain data. (Signal requires on-chain clustering analysis for production alerting; static posture is assessable from incident history.)

RD-F-098 green TVL anomaly — % drop in <1h TVL $942.2M as of 2026-05-07 (DefiLlama /tvl/fluid; per-chain via /protocol/fluid: Ethereum ~$679M, Arbitrum ~$123M, Plasma ~$105M, Base ~$31M, Polygon ~$5M). TVL fell from ~$1.81B (2026-04-29) to ~$942M over 8 days — a ~48% drawdown. Signal threshold (TVL_now / TVL_baseline_30d < 0.70 in rolling 60-min window per T-09 §4.1) would have fired on this move. The Resolv incident (March 2025) caused ~30% TVL drawdown; bad debt was fully repaid March 25, 2026. T-09 v1 launch signal — applicable and would be wired live.

RD-F-100 green Flash loan >$10M targeting protocol tokens No malicious flash loan origination targeting Fluid markets detected as of 2026-04-29. Fluid's Liquidity Layer automated limits (withdrawal limits ~20% per 24h, borrow limits ~10% per 24h per market) provide structural suppression of single-block flash-drain scenarios — this is a positive architectural feature. T-09 phase-2 signal (not yet live; requires per-block scan of flash loan sources). Static posture: no flash loan targeting.

RD-F-101 green Large governance proposal queued Fluid governance is active on gov.fluid.io (Snapshot instadapp-gov.eth). Active proposals as of 2026-04-29: Wintermute LP proposal, foundation funding proposal, Polygon deploy proposal, Hats Finance bug bounty vault. All proposals from established entities with long governance history. No malicious-pattern criteria met: no fresh-wallet proposer, no admin-role grantRole calldata from unknown EOA, no flash-loan-feasible quorum attack. Governance timelock per launch proposal: reduced from 7 days to 4 days for execution. T-09 v1 launch signal — applicable and clean.

RD-F-104 green Stablecoin depeg >2% on shared-LP venue No qualifying stablecoin depeg as of 2026-04-29. USDC and USDT at peg. The USR/Resolv depeg (March 2025) that caused ~$70M Fluid bad debt has been resolved — bad debt fully repaid March 25, 2026 per Fluid governance announcement. T-09 v1 launch signal — applicable and armed. The USR incident is the confirmed proof-of-concept that F104 fires for Fluid; no new depeg event active today.

RD-F-105 green DNS/CDN/frontend hash drift No evidence of DNS changes, CDN compromise, or frontend hash drift at fluid.io or instadapp.io as of 2026-04-29. No cert-transparency anomalies surfaced in public searches. Official protocol communications flowing through established channels (@0xfluid, gov.fluid.io, blog.instadapp.io). T-09 phase-2 signal (external monitoring stack required for production; static posture assessable from public sources).

RD-F-108 green GitHub force-push to sensitive branch No force-pushes or unauthorized commits to fluid-contracts-public main branch visible in public GitHub activity as of 2026-04-29. Active repo with regular commits from Instadapp team. No anomalous branch push patterns observable. (Signal requires GitHub API monitoring for production alerting; static posture is observable from public repo history.)

RD-F-109 green Social-media impersonation scam spike No confirmed coordinated impersonation scam-spike targeting Fluid/@0xfluid channels as of 2026-04-29. No public reports of organized scam campaigns in Fluid Discord or Telegram. The December 2024 Instadapp → Fluid rebrand creates elevated long-term impersonation risk (user muscle memory shifting from instadapp.io), but no active spike event confirmed. Static posture is assessable from public reports; production alerting requires social monitoring stack.

RD-F-110 green Unusual pending/executed proposal ratio Governance activity on gov.fluid.io is elevated but proportional to active DAO operations. Proposals visible: Wintermute LP, foundation, Polygon deploy, Hats Finance bug bounty vault. No anomalous pending/executed proposal ratio vs baseline for an active DAO. All queued proposals have established proposers and normal cadence. (Signal requires on-chain governance event baseline for production alerting; static posture is assessable from governance forum.)

Dev identity & insider risk Green 0 16 of 16

RD-F-117 gray ENS/NameStone identity bound to deployer Fluid deployer 0x0Ed35B... has no ENS name bound. INST deployer 0xf6839... has no ENS name. ENS binding to deployer EOA is not standard Instadapp practice. The FLUID token contract is labeled 'Fluid.io: FLUID Token' on Etherscan but this is a contract verification tag, not an ENS/NameStone binding to the deployer EOA. Factor not applicable to this team's operational practice. RD-F-119 gray Commit timezone consistent with stated geography India-based team (Bengaluru) publicly documented. GitHub commit-hour distribution not programmatically extracted — GitHub contributor graphs are JS-rendered and not accessible via WebFetch. No timezone anomaly flag found in any public reporting. Assessment is gray/low-confidence due to data accessibility limitation, not because of adverse findings.

RD-F-111 green Team doxx status Sowmay Jain (CEO) and Samyak Jain (CTO) are fully real-name doxxed since 2018 ETHIndia hackathon win. LinkedIn profiles with employment history, Crunchbase entries, multiple media interviews, YouTube appearances, X/Twitter accounts. Categorical: real-name with 8-year track record.

RD-F-112 green Team public accountability surface High public accountability surface: LinkedIn with employment history, Crunchbase investor-round records, media interviews (The Defiant, Entrepreneurs Today, GlobalIndian.com), YouTube conference talks, investor backing from Pantera Capital and Coinbase Ventures (requires KYC). Multiple cross-verifiable public trails per founder.

RD-F-113 green Team other-protocol involvement history Founders launched Instadapp at ETHIndia 2018; mainnet December 2018. 8-year track record: INST governance token 2021, Fluid protocol launch 2024, DEX October 2024. No prior rug/exit-scam affiliations. Rekt incidents list empty. Pantera Capital / Coinbase Ventures-backed protocol with no incident history.

RD-F-114 green Deployer address prior on-chain history Fluid deployer (0x0Ed35B1609ec45C7079E80d11149a52717e4859A) created January 8, 2024 — fresh wallet for Fluid launch, consistent with team practice. INST deployer (0xf6839085f692bde6a8062573e3da35e7e947c21e, labeled 'InstaDApp: Deployer 3') has 5-year clean history of InstaDApp governance contract deployments. No linked-to-prior-rug history on either address. History is normal-dev-history.

RD-F-115 green Prior rug/exit-scam affiliation No evidence of either Jain brother or any named Instadapp contributor being linked to a prior rug or exit-scam protocol. WebSearch returned only phishing sites impersonating Fluid — not attributed to the team. Rekt news has no entries for Instadapp deployer address. 8-year clean protocol history.

RD-F-116 green Contributor tenure at admin-permissioned PR GitHub org (Instadapp) established 2018; public members include @thrilok209 and @KABBOUCHI. The protocol has been maintained for 8 years; any admin-permissioned code changes in 2024-2026 would come from contributors with multi-year org tenure. Last commit 2026-03-04. Assessed as long-tenure contributor set.

RD-F-118 green Handle reuse across failed/rugged projects No evidence of social handle reuse across failed/rugged projects. @sowmay_jain and @instadapp X handles have maintained consistent identity since 2018. Multiple media profiles confirm consistent naming. No prior alias changes identified across 8-year history.

RD-F-120 green Video-off/voice-consistency flag Sowmay and Samyak Jain have participated in video-on media interviews (YouTube: 'InstaDApp Explained ft. Sowmay Jain and Samyak Jain'). The Defiant ran a profile with photos. Entrepreneurs Today profile includes photos. No reports of video-off or voice/timezone inconsistency. Faces, voices, and geographies are consistent across multiple independent media appearances spanning 2018-2024.

RD-F-121 green Contributor OSINT depth score OSINT depth score 5/5 for both founders: LinkedIn with 8-year employment history, Crunchbase investor-round records, media interviews in major outlets (The Defiant), conference talks (YouTube), investor relations (Pantera Capital, Coinbase Ventures require KYC — implicit identity verification). Multiple cross-source OSINT confirmations.

RD-F-122 green Contributor paid to DPRK-cluster wallet No evidence of contributor payments routing to DPRK/Lazarus cluster. Deployer (0x0Ed35B...) interacts exclusively with legitimate DeFi infrastructure (CoW Protocol, Socket Gateway, LI.FI, Fluid Liquidity). WebSearch 'Instadapp Fluid DPRK Lazarus' returned zero hits. Note: full 3-hop programmatic trace not completed (Chainalysis API required); assessed green/medium confidence.

RD-F-123 green Sudden admin-rescue/ACL change without discussion All major admin/ACL changes identified have corresponding public governance discussion preceding execution. (1) Fluid Launch Proposal (IGP#7): forum post Feb 7 2024 → Snapshot vote passed → on-chain Atlas vote passed → team execution with DAO ownership transfer before mainnet. (2) INST→FLUID migration: forum post Dec 3 2024 → community vote → execution. (3) IGP#1 2021: inaugural on-chain vote. No undiscussed admin-rescue or ACL changes found in last 180 days.

RD-F-124 green Deployer wallet mixer-funded within 30 days Fluid deployer (0x0Ed35B...) funded January 8, 2024 from 0x8A20A90a...59f5df0B7 (3 ETH; ~31 days before first Fluid mainnet deploy Feb 9, 2024). No Tornado Cash, Railgun, or mixer labels on deployer or its funder. On-chain history shows only legitimate DeFi protocol interactions (Deterministic Deployer, CoW Protocol, Socket, LI.FI, Fluid Liquidity). INST deployer funded from Safe-labeled smart account ~5 years ago — also clean. No mixer usage at any distance.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No link found between Fluid/Instadapp deployers or founders and DPRK/Lazarus cluster within 3 hops. Deployer 0x0Ed35B... interacts with: Deterministic Deployer, CoW Protocol, Fluid Liquidity, Socket Gateway, LI.FI — all legitimate DeFi infrastructure. WebSearch 'Instadapp Fluid DPRK Lazarus North Korea developer' returned zero hits connecting Fluid to DPRK cluster. OFAC SDN list does not name Instadapp, Sowmay Jain, or Samyak Jain. Note: full programmatic 3-hop trace not completed; assessed green/medium confidence.

RD-F-184 green Real-capital social-engineering persona No curator-flagged social-engineering persona with ≥$1M capital deposits to Fluid or peer protocols has been identified. F184 is M-only (requires curator flag at confidence threshold). The Drift DPRK incident (UNC4736/Lazarus, April 2026, $285M) targeted Drift Protocol specifically — no Instadapp/Fluid connection. No insider incident history in Fluid's 2-year live history. Assessed green/low-confidence (M-only factor, no adverse curator signal).

Fork / dependency lineage Green 0 10 of 10

RD-F-126 n/a Is-a-fork-of Fluid is an original protocol designed by the Instadapp team. No upstream fork declared or evident. GitHub README and architecture documentation describe novel unified liquidity layer design with Infinite Proxy pattern from scratch. RD-F-127 n/a Upstream patch not merged N/A — no upstream fork source exists. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) N/A — no upstream fork source exists. RD-F-129 n/a Code divergence from upstream (%) N/A — no upstream fork source to diff against. RD-F-130 n/a Fork depth (generations from original audit) N/A — original protocol, fork depth = 0 (not a fork). RD-F-131 n/a Fork retains upstream audit coverage N/A — no upstream audit to inherit coverage from. RD-F-132 n/a Fork has different economic parameters than upstream N/A — no upstream economic parameters to compare against.

RD-F-133 green Dependency manifest uses unpinned versions package.json pins @openzeppelin/contracts at exactly '4.8.2' and solmate at '6.2.0'. No ^ or ~ on critical security libraries. Only development utilities use tilde specifiers.

RD-F-134 green Dependency had malicious-release incident (last 90d) No known malicious-release advisories for OZ 4.8.2, solmate 6.2.0, or hardhat 2.17.3 in trailing 90 days (January–April 2026).

RD-F-135 green Shared-library version with known-vuln status OZ 4.8.2: GHSA-878m-3g6q-594q (CVE-2023-26488) is patched IN 4.8.2, not a vulnerability. GHSA-5vp3-v4hc-gx76 (UUPS Critical) fixed in 4.3.2 — 4.8.2 is safe. TimelockController advisory does not apply (protocol uses AdminModule not OZ TimelockController). No active high/critical advisory for OZ 4.8.2 in this codebase.

Post-deploy hygiene & change mgmt Yellow 24 13 of 13

RD-F-136 yellow Deployed bytecode matches signed release tag Public repo uses merge-sync pattern without explicit signed release tags. Etherscan Exact Match provides partial confidence. Latest commit 2026-03-04 (a9949b48) is a sync merge. Full bytecode-to-commit tracing requires local build. RD-F-137 yellow Upgrade frequency (per 90 days) StateMind audit reports 2025-10-14 and 2026-03-02 imply at least 2 substantive upgrades in preceding 5 months. Etherscan events tab JS-rendered. Moderate-to-high upgrade frequency for protocol maturity. DEX v2 launched ~April 2025 represents significant new surface addition. RD-F-138 yellow Hot-patch deploys without timelock (last 30 days) No timelock on Fluid protocol upgrades — all addImplementation calls are effectively hot-patches by definition. Cannot distinguish routine maintenance from emergency. Avocado admin executes with zero delay. RD-F-145 yellow Deployed bytecode reproducibility Etherscan Exact Match verification confirms source-to-bytecode correspondence. However, foundry.toml uses auto_detect_solc = true (not pinned) which creates reproducibility risk — different Solidity versions may produce different bytecode. Full public reproducibility not confirmed. RD-F-146 yellow New contract deploys in last 30 days StateMind 2026-03-02 PR validation implies recent new deployments. DEX v2 launched ~April 2025 represents significant new surface. Factory-based fToken/vault creation is ongoing. Active deployment rate. RD-F-140 n/a Fix-merged-but-not-deployed gap Verifying merged-but-not-deployed fixes requires local git clone + bytecode diff. No known instances from available audit report summaries. Not assessed. RD-F-142 gray Storage-layout collision risk across upgrades Infinite Proxy routes by function selector across multiple modules — storage layout collisions structurally possible. No OZ upgrades-plugin analysis in public artifacts. StateMind audits likely cover storage compatibility. P1 factor. RD-F-143 gray Reinitializable implementation (no _disableInitializers) Infinite Proxy is not standard UUPS/Transparent. No initialize() called on module addition. AdminModule constructor lacks _disableInitializers() but module architecture doesn't expose reinitializer attack path. DummyImpl: no constructor/initialize. ReserveContract impl: _disableInitializers() confirmed. Non-standard pattern; standard reinitializer attack doesn't apply. RD-F-144 n/a CREATE2 factory permits same-address redeploy Factory deployment logic contracts not fully analyzed. Whether CREATE2 allows same-address redeployment with different bytecode requires deeper source analysis. P1 factor. RD-F-168 n/a Stale-approval exposure on deprecated router No deprecated router/protocol surface. All Fluid contracts active. P2 factor — not applicable. RD-F-185 n/a Bridge rate-limiter / chain-pause as positive mitigant No governance-controlled bridge rate-limiter on Fluid protocol contracts. CCIP and LayerZero are used in Fluid Lite product layer (oracle-dependency-analyst scope). Core Fluid protocol has no bridge rate-limiter mitigant to assess in Cat 9.

RD-F-139 green Post-audit code changes without re-audit StateMind PR validation audit 2026-03-02 and Liquidity Layer audit 2025-10-14. Latest GitHub commit 2026-03-04 is sync merge after the Mar 2026 audit. Certora formal verification ongoing per security budget post. Active continuous re-audit cadence confirmed. No evidence of deployed material changes without audit coverage.

RD-F-141 green Test-mode parameters in deploy Admin ≠ deployer EOA (confirmed). Production Chainlink oracle feeds used (not test oracles). Etherscan Exact Match verification rules out post-compilation injection. No test-mode config patterns found.

Cross-chain & bridge Green 0 12 of 12

RD-F-150 gray Bridge validator co-hosting CCIP Committing DON operator co-hosting is not assessable without Chainlink's internal infrastructure details (operator ASNs, data center information). Chainlink does not publicly disclose per-operator infrastructure details. OSINT insufficient to determine ASN co-hosting for DON operators. Rated gray — data unavailable, not that the risk is absent. RD-F-155 gray Bridge validator-set rotation recency CCIP Committing DON and RMN operator set rotation recency is not assessable from on-chain data or public documentation. Chainlink manages DON operator rotation internally and does not publish rotation event logs publicly. Gray — data unavailable. RD-F-156 gray Bridge uses same key custody for >30% validators CCIP DON operator key custody details are not publicly disclosed. Cannot assess whether >30% of validators share a single key custodian. Gray — data unavailable. RD-F-157 gray Bridge TVL per validator ratio CCIP TVL secured by Fluid Lite bridge cannot be precisely isolated from the broader CCIP infrastructure (which secures billions across many protocols). The $106M Plasma TVL and $115M Arbitrum TVL that transit CCIP are relevant, but CCIP's overall TVL/validator ratio is a property of Chainlink's network, not Fluid specifically. Gray — factor applies at the bridge-operator level which is Chainlink's infrastructure, not directly Fluid-controllable. RD-F-179 gray LayerZero OFT DVN config (count, threshold, diversity) LayerZero OFT DVN configuration for Fluid's cross-chain operations: the data cache confirms layerzero.present: false for the core Fluid protocol OApp. Fluid Lite uses LayerZero OFT for 'specific tokens' per documentation but specific DVN configuration (count, threshold, operator diversity) not confirmed. No LayerZero OApp address for Fluid or Fluid Lite found in on-chain data or published documentation. Without the OApp address, DVN configuration cannot be read from LayerZero endpoint. Gray — insufficient data to assess. Governance selected CCIP as primary bridge for FLUID token; LayerZero appears secondary for some Fluid Lite token movements. If LayerZero OFT is used, this factor must be re-assessed once OApp address is confirmed.

RD-F-147 green Protocol has bridge surface Yes, Fluid has bridge surfaces. (1) Chainlink CCIP: confirmed deployed for FLUID token cross-chain transfers across 6 chains per Chainlink CCIP directory. Fluid Lite uses CCIP for cross-chain capital movement. (2) LayerZero OFT: Fluid Lite uses LayerZero OFT for specific token transfers. (3) Plasma chain: Fluid has $106M TVL on Plasma; bridge mechanism uses multiple bridge options (LayerZero USDT0, CCTP, deBridge per third-party documentation). Has_bridge_surface: true per profile meta.json.

RD-F-148 green Bridge validator count (M) For the CCIP path (primary bridge): Chainlink CCIP uses a Committing DON with 16 operators plus an independent Risk Management Network (RMN). The RMN acts as a second layer of verification. This is a well-established multi-party architecture. For LayerZero path (Fluid Lite secondary): specific DVN configuration for Fluid's LayerZero OFT not confirmed in available sources (data cache layerzero.present: false for core Fluid protocol). The Fluid governance forum post (evaluating bridge solutions, selecting CCIP) explicitly states that CCIP's multi-DON architecture was a key selection criterion. Green for CCIP path; LayerZero path DVN count unconfirmed (see F179).

RD-F-149 green Bridge validator threshold (k-of-M) For the CCIP path: The CCIP OffRamp verifies merkle proofs against committed merkle roots, validated by the RMN (Risk Management Network). The RMN provides an independent verification layer beyond the Committing DON. This is not a 1-of-N or low-threshold configuration — it requires both Committing DON consensus AND RMN blessing. For FLUID token CCIP specifically, the burn-and-mint mechanism requires the token pool authorization. Multiple independent validation layers prevent single-signer compromise. Green for CCIP path.

RD-F-151 green Bridge ecrecover checks result ≠ address(0) [★ CRITICAL] For the CCIP path: CCIP OffRamp.sol does NOT use raw ecrecover for message verification. Signature verification is delegated to the RMN remote contract (i_rmnRemote.verify()). This is a contract-level verification, not a raw ecrecover call. Therefore the ecrecover != address(0) vulnerability class (Wormhole pattern) does not apply to CCIP. For the LayerZero OFT path: LayerZero V2 uses DVN-based verification, not raw ecrecover in the standard path. F151 green for CCIP. LayerZero path: verification is DVN-based at the endpoint level, not raw ecrecover; F151 pattern not applicable to LZ V2.

RD-F-152 green Bridge binds message to srcChainId CCIP OffRamp.sol binds messages to source chain via merkle root structure (each source chain has a separate committed root). The CommitStore/OffRamp tracks per-source-chain state. The CCIP architecture explicitly separates per-chain message commitment to prevent cross-chain replay. Green for CCIP path.

RD-F-153 green Bridge tracks nonce-consumed mapping CCIP OffRamp.sol maintains executed message tracking to prevent replay. Messages include sequence numbers and the OffRamp tracks which have been executed. CCIP's architecture includes nonce tracking via NonceManager to prevent replay attacks. Green for CCIP path.

RD-F-154 green Default bytes32(0) acceptable as valid root [★ CRITICAL] CCIP OffRamp.sol explicitly rejects bytes32(0) merkle roots: 'if (merkleRoot == bytes32(0)) revert InvalidRoot()' (line 850 per code review). This explicitly prevents the Nomad $190M bug class where default-value roots were accepted as valid. Green — CCIP explicitly guards against this pattern.

Threat intelligence & recon Green 10 8 of 8

RD-F-161 yellow Protocol-impersonator domain registered (typosquat) No confirmed typosquat domains specifically targeting fluid.io identified in public searches as of 2026-04-29. However: (1) static assessment cannot replicate a live domain-monitoring feed result; (2) Fluid's December 2024 rebrand (Instadapp -> Fluid) creates elevated impersonation risk as user muscle memory shifts from instadapp.io to fluid.io — a period where typosquat campaigns are historically most effective; (3) ~$942M TVL (DefiLlama, 2026-05-07; previously $1.81B at 2026-04-29) keeps Fluid a high-value impersonation target. Yellow: cannot confirm clean without live domain-monitoring feed; conservative posture warranted during post-rebrand window. RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols Lending protocol peer class historically averages ~78-day reconnaissance window before strike (USPD pattern per T-01 hack DB). No current Fluid-specific reconnaissance activity detected in public sources as of 2026-04-29. The Resolv/USR attack had a short reconnaissance window (it was an opportunistic key-compromise exploit, not extended protocol reconnaissance). Yellow as standing risk indicator for a ~$942M TVL lending protocol (DefiLlama, 2026-05-07) — not a current signal fire for Fluid specifically. RD-F-159 n/a Attacker wallet pre-strike probe (low-gas failing txs) v1-deferred. No publicly documented mempool probe pattern (low-gas failing txs from threat-actor wallets) against Fluid contracts. Requires live mempool feed + threat-actor cluster subscription. The Resolv incident attack vector did not involve mempool reconnaissance of Fluid's own contracts (attack occurred at Resolv's minting infrastructure layer). No static-assessment proxy available.

RD-F-158 green Known-threat-actor cluster has touched protocol No confirmed Lazarus Group / DPRK TraderTraitor interaction with Fluid core contracts as of 2026-04-29. The Resolv/USR incident (March 2025, ~$70M Fluid bad debt) was caused by a compromised AWS signing key at Resolv Labs — not DPRK-attributed. Instadapp/Fluid: 7+ year operational history (founded 2018), VC-backed ($12.4M from Coinbase, Pantera Capital, Ideocolab), doxxed founders (Samyak Jain, Sowmay Jain, Forbes 30 Under 30 India awardees). No DPRK attribution in any public TI report (Chainalysis, TRM, OFAC) as of 2026-04-29. Tier C signal — advisory only, never grade-flip.

RD-F-160 green GitHub malicious-dependency incident touching protocol deps No GitHub security advisories flagging malicious dependencies in fluid-contracts-public or Instadapp-related repositories in the trailing 90 days as of 2026-04-29. The Resolv incident did not involve supply-chain compromise of Fluid's own codebase or dependencies. No malicious npm/PyPI/crates.io dependency incidents linked to Fluid contracts.

RD-F-162 green Known-exploit-template selector deployed by any address No contracts deployed by any address containing exploit-template selector patterns for Fluid's Liquidity Layer or Vault protocol detected in public sources as of 2026-04-29. Fluid vault architecture is proprietary (not a Compound or Aave fork), which limits the known-exploit-template library for this protocol class. No exploit-template deployment precursor visible.

RD-F-164 green Leaked credential on paste/sentry site No evidence of Fluid protocol infrastructure credentials on public paste sites or sentry/monitoring service dumps as of 2026-04-29. The Resolv incident involved a leaked AWS KMS signing key at Resolv Labs' own infrastructure — not at Fluid's infrastructure. Fluid's credential attack surface is independent from the Resolv incident.

RD-F-165 green Protocol social channel has scam-coordinator flag No curator-flagged scam-coordinator in Fluid's Discord or Telegram channels as of 2026-04-29. No public reports of coordinated scam activity in Fluid community channels. The December 2024 rebrand creates some elevated social engineering risk surface (users may encounter scam channels impersonating 'old Instadapp' or 'new Fluid'), but no active coordinator identified in public sources.

Tooling / compiler / AI Green 0 5 of 5

RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Original protocol — no audited upstream to compare bytecode against. Factor requires an audited upstream reference.

RD-F-170 green Solc version used (known-bug versions flagged) FluidLiquidityProxy at 0x52Aa… verified at solc v0.8.21 (no critical bugs in this version). FluidLiquidityDummyImpl at 0xCc331… verified at solc v0.8.29 (recent stable, no known bugs). Both versions on supported non-EOL 0.8.x track.

RD-F-172 green Repo shows AI-tool co-authorship in critical files No AI-tool co-authorship metadata (GitHub Copilot, ChatGPT) found in fluid-contracts-public commits. Web search for AI co-authorship disclosures in Instadapp repositories returned no hits.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure of AI-generated Solidity in production contracts found in Fluid blog, documentation, or governance posts. Fluid architecture described as novel team-authored design.

RD-F-174 green Dependency tree uses EOL Solidity version Deployed core contracts use solc 0.8.21 and 0.8.29 — both on the current supported 0.8.x track. No EOL Solidity version in use.

Response & disclosure hygiene Green 8 4 of 4

RD-F-176 yellow Disclosure SLA public No explicit acknowledgment SLA published by Fluid/Instadapp. Immunefi program page (Category 3: Approval Required) does not state a specific SLA (e.g., '72h acknowledge'). GitHub repo has no SECURITY.md (data cache: security_md_present: false). No standalone disclosure policy page found via web search. Immunefi default response expectations apply but no protocol-committed SLA exists.

RD-F-175 green Disclosure channel exists Active Immunefi bug bounty program: https://immunefi.com/bug-bounty/instadapp/ — Fluid explicitly in scope (Liquidity Layer, Lending Protocol, Vault Protocol). Program active as of 2026-04-29. Data cache confirms: bug_bounty.platform 'immunefi', url confirmed.

RD-F-177 green Prior known-ignored disclosure No evidence of a disclosed vulnerability that was reported to Fluid/Instadapp and not actioned before exploitation. The March 2025 Resolv/USR incident was a contagion from an external exploit (Resolv AWS key compromise), not a pre-disclosed internal Fluid vulnerability. Hacksdatabase grep: 0 Fluid-specific hack files. Data cache: rekt.incidents: []. No prior ignored-disclosure pattern found.

RD-F-178 green CVE/GHSA advisory issued against protocol No CVE or GHSA advisory has been issued against Fluid or Instadapp's core contracts. Web search for 'Fluid protocol CVE GHSA security advisory 2024 2025' returned no relevant results. The March 2025 Resolv/USR event originated in Resolv's infrastructure; any CVE/advisory would be Resolv's not Fluid's. Hacksdatabase grep returned 0 Fluid-specific hack files.

rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol fluid