Avg attacker reconnaissance time for peer-class protocols

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-163 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Attacker wallet reconnaissance time before strike: RouteProcessor2 exploit (2023-04-08) had near-zero pre-strike reconnaissance — contract deployed 4 days before exploit; HYDN disclosed same day as exploit. MISO 2021 attack used embedded contractor relationship (long-horizon supply-chain approach, not mempool-observable reconnaissance). No current pre-strike reconnaissance pattern detected for Sushi contracts. DEX protocol class median reconnaissance window is 30–78 days for USPD-style attacks; Sushi's historical exploits have not followed this pattern.

Sources #

URL
SushiSwap Approve-Related Bug Triggers $3 Million Exploit — Unchained CryptoRouteProcessor2 exploit timeline — 4-day-old contract, same-day disclosure and exploit; no observable pre-strike recon windowretrieved 2026-05-17

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-163 score green collected_at 2026-05-16 19:50:37