Sybil surge of identical-pattern transactions

Save (formerly Solend)'s assessment for RD-F-097 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Sybil surge of identical-pattern transactions. Applicable to Solana: identical transaction bursts from multiple new accounts targeting Solend's pools are detectable on-chain. T-09 phase-2 signal (deferred). No public reports of Sybil transaction surges against Save/Solend contracts in trailing 90 days. The Nov 2022 oracle attack involved spamming Saber transactions to write-lock the pool account — a partial Sybil pattern on the external manipulation side, not on Solend's contract side directly.

Sources #

URL
T-09 Real-Time Signals Specification — v2/deferred table F105T-09 v3.3 deferred signals — F105 Sybil transaction burst deferred: 'PH; rarely hack-class at protocol level'retrieved 2026-05-17
URL
Ackee Blockchain — 2022 Solana Hacks Explained: SolendNov 2022 oracle attack: attacker spammed Saber transactions to write-lock the account, preventing arbitrage from correcting the price — adjacent sybil-like pattern on external pool, not on Solend program directlyretrieved 2026-05-17

Methodology #

Detect multiple new EOAs submitting identical transaction patterns within a short window (sybil setup pattern).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-097 score gray collected_at 2026-05-17 15:20:15