Prior exploit count
Uniswap (v2 + v3)'s assessment for RD-F-077 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
V2: 0 direct protocol exploits in 72 months. V3: 0 direct protocol exploits in 60 months. July 2022 phishing targeted user wallets via social engineering — protocol not exploited. V2 oracle consumer failures (Visor Finance, Inverse Finance) are consumer protocol failures, NOT V2 exploits — V2 TWAP worked as designed. Combined: green (0 direct protocol exploits).
Detail #
Hacksdatabase grep over all 45 files referencing 'uniswap': no file records a direct V2 or V3 protocol exploit. Profile §10 seed list confirms zero V2 or V3 smart-contract-level incidents. Visor Finance (Dec 2021, ~$8.2M loss): the hack was a Visor Finance vVISR deposit() reentrancy + ownership bypass — V2 contracts operated as designed. Visor was a V3 LP manager that consumed V2 as a price oracle; V2 TWAP worked correctly. Inverse Finance Apr 2022 (~$15.6M) and Jun 2022 (~$5.8M): flash loan AMM oracle manipulation exploited Inverse Finance's oracle consumer logic — V2 TWAP accumulator worked as designed and V2 docs explicitly warn about manipulation cost. July 2022 phishing (~$4.7–8M): fake UniswapLP token airdrop targeting V3 LP addresses — social engineering, not a smart contract exploit. Protocol TVL was not touched. The Universal Router reentrancy (GHSA-7m37-cx35-qgmr) was patched before deployment — no user funds were ever at risk, so it is not an incident. REKT News, DeFiYield, SlowMist: no Uniswap protocol-level entry found in research. Score: green.
Sources #
- URLInverse Finance hack Apr 2022 (oracle consumer failure)Inverse Finance Apr 2022 — consumer failure, not V2 exploitretrieved 2026-05-12
- Hacksdatabase grep result — no direct protocol exploit entryHacksdatabase grep: 45 files reference 'uniswap'; none are direct V2/V3 protocol exploit records; no uniswap-rekt.md file existsretrieved 2026-05-12
- Visor Finance hack (V2 oracle consumer failure)Visor Finance hack — consumer failure, not V2 exploitretrieved 2026-05-12
- Halborn — Explained: The Inverse Finance Hack (June 2022)Inverse Finance June 2022 flash-loan oracle attack ($1.26M USDT+wBTC) — consumer-side mis-integration of Uniswap V2 spot TWAP, not a V2 protocol failureretrieved 2026-05-12
- HackRead — Uniswap V3 LPs Lose Millions in Fake Token Phishing AttackJuly 2022 fake-token phishing campaign against Uniswap V3 LPs, $4.7M ETH stolen — protocol itself NOT exploited (CZ initially called "potential exploit", later clarified phishing-only)retrieved 2026-05-12
Methodology #
Count the number of distinct incidents in the hack database affecting this protocol.
See the full factor methodology and distribution across all protocols →