Flash loan >$10M targeting protocol tokens

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-100 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 signal. Flash loans targeting Sushi contracts: RouteProcessor2 exploit (2023) used Aave/dYdX flash loans as part of the attack amplification, but that exploit is remediated. Core v2/v3 AMM pools are themselves flash-loan sources; governance via SUSHIPOWAH (xSUSHI snapshot-block) is not susceptible to real-time flash-loan manipulation. No flash loan ≥$10M with Sushi-contract receiver detected in recent blocks as of 2026-05-17. Routine flash arb is suppressed per signal definition (clean round-trip arb).

Sources #

URL
SushiSwap DEX Hack Explained — HackenRouteProcessor2 exploit — Aave/dYdX flash loans used in 2023 attack, now remediatedretrieved 2026-05-17

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-100 score green collected_at 2026-05-16 19:50:37