defirisk.co
rubric v1.7.0

New contract with similar bytecode to exploit template

Uniswap (v2 + v3)'s assessment for RD-F-094 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2+V3 combined: No V2 or V3 core exploit template exists in published form (zero direct protocol-level exploits in 6+ years of combined operation). SIR.trading (March 2025) used V3 callbacks against a downstream protocol — not a V3 core exploit. No exploit-template deployment detected. Requires bytecode-similarity index not available in static assessment.

Detail #

The signal fires when a freshly deployed contract has high bytecode similarity to a known-exploit-template targeting this protocol. For V2 and V3: no exploit template for the core AMM contracts exists. V2 TWAP oracle consumer failures (Visor, Inverse Finance) exploited the downstream protocols, not V2 core. V3 callbacks (flash callbacks, swap callbacks) can be misused by downstream integrators but V3 core itself has not been directly exploited. Gray per methodology: bytecode-similarity monitoring not configured in static assessment.

Sources #

  • Curator note
    Uniswap V2+V3 zero direct exploit historyZero direct protocol-level exploit history for V2 (2020-2026) and V3 (2021-2026) — no exploit template existsretrieved 2026-05-12

Methodology #

Detect whether a freshly deployed contract has high bytecode similarity to a known exploit template targeting this protocol class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-094 score gray collected_at 2026-05-12 10:36:11