Known-exploit function-selector replay

Stake DAO's assessment for RD-F-095 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 v2-deferred signal. No active known-exploit-template selector replay targeting Stake DAO core contracts detected. The Zunami exploit used SDT pool slippage via Sushiswap to manipulate Zunami's totalHoldings() price function — the exploit selector targets Zunami's oracle path, not Stake DAO's contracts. Stake DAO's liquid locker contracts are not the target of any documented active replay pattern. Morpho lending vault modules use standard Chainlink feeds with normal deviation thresholds.

Sources #

URL
Explained: The Zunami Protocol Hack (August 2023) | HalbornZunami exploit analysis — root cause in Zunami's totalHoldings() not in Stake DAO contractsretrieved 2026-05-16

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-095 score green collected_at 2026-05-16 12:29:20