Known-exploit-template selector deployed by any address

Raydium's assessment for RD-F-162 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 11 threat intel signal (v1-deferred). Dec 2022 exploit template (withdraw_pnl + SyncNeedTake manipulation) has been removed from current AMM v4 program via post-exploit upgrade (Dec 17, 2022). Any exploit-template contract mimicking Dec 2022 patterns would fail against current bytecode. No new exploit-template instruction pattern specific to current Raydium programs (CLMM, CPMM, Stable) identified in public post-mortems or security research. The Drift April 2026 attack used a fake token + oracle (not an exploit-template against Raydium programs). Solana instruction discriminator monitoring differs from EVM selector monitoring but concept is applicable. Green because: primary historical exploit template is mitigated at contract level; no current template identified.

Sources #

URL
Raydium Protocol Exploit Incident Analysis — CertiKCertiK: Dec 2022 exploit analysis — AmmParams manipulation via compromised owner key; parameters subsequently removedretrieved 2026-04-29
URL
Raydium Detailed Post-MortemPost-mortem: withdraw_pnl, SyncNeedTake, SetLpSupply, SyncK removed via Dec 17 2022 program upgrade — exploit template mitigatedretrieved 2026-04-29

Methodology #

Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-162 score not_assessed collected_at 2026-04-29 12:31:55