Known-exploit function-selector replay

Polymarket's assessment for RD-F-095 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred. Nonce-race exploit via incrementNonce() on CTF Exchange disclosed 2026-02-19 (@itslirrato on X) — this is a loss-avoidance pattern by losing traders, not a theft-class exploit. V2 migration likely addresses this. No catastrophic selector-replay documented. Not in v1 scope.

Sources #

GitHub
Detect and defend against the nonce race exploit on Polymarket's CTF ExchangeGitHub: polymarket-nonce-guard by TheOneWhoBurnsretrieved 2026-04-29

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-095 score not_assessed collected_at 2026-04-29 16:25:39