Attacker wallet pre-strike probe (low-gas failing txs)

Polymarket's assessment for RD-F-159 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred. Nonce-race exploit (Feb 2026) involved incrementNonce() calls by losing traders — a different pattern from attacker-cluster mempool probing. No external threat-actor mempool probe against CTF Exchange documented. Requires mempool + cluster feed not available without licensed partner.

Sources #

GitHub
Detect and defend against the nonce race exploitpolymarket-nonce-guard — nonce race exploit disclosureretrieved 2026-04-29

Methodology #

Detect whether a wallet in a threat-actor cluster is sending low-gas or intentionally-failing transactions to this protocol (pre-strike reconnaissance pattern).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-159 score not_assessed collected_at 2026-04-29 16:25:39