Known-exploit-template selector deployed by any address
Hyperlane's assessment for RD-F-162 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Open GitHub issue #8589 (filed 2026-04-14, OPEN as of 2026-05-17, 33 days elapsed) describes a critical ERC4626 vault insolvency bug in HypERC20Collateral and HypNative Warp Route contracts. The reporter confirms having 4 passing Foundry PoC tests against real contracts at $132.67M TVS. Technical details withheld pending private disclosure but the vulnerability class (ERC4626 vault insolvency during normal operation) is publicly known. A working exploit template exists in the researcher's possession. No evidence of exploit-template contract deployment found in public on-chain data. Yellow: PoC exists; exploit template in researcher's hands but not publicly deployed; active public disclosure window creates elevated risk.
Sources #
- GitHubHyperlane Critical Warp Route Vulnerability DisclosureGitHub issue #8589 — reporter confirms: critical vulnerability, ERC4626 vault insolvency, HypERC20Collateral and HypNative Warp Routes, 4 passing Foundry PoC tests against real contracts; filed 2026-04-14; OPEN as of 2026-05-17retrieved 2026-05-17
Methodology #
Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.
See the full factor methodology and distribution across all protocols →