defirisk.co
rubric v1.7.0

Known-exploit function-selector replay

Uniswap (v2 + v3)'s assessment for RD-F-095 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2+V3 combined: No known V2 or V3 core exploit function-selector pattern exists (zero protocol-level exploits in history). V2 TWAP consumer failures exploited downstream logic, not V2 selectors. Requires exploit-template DB and selector-pattern index not available in static assessment. Gray per methodology.

Detail #

Signal fires when call-pattern matches a known-exploit replay template (selector sequence, calldata shape). For V2 and V3: no such template exists for the core contracts. The V2 TWAP oracle consumer failures (Visor Finance, Inverse Finance) used standard V2 swap and oracle-read functions — these are normal protocol interactions, not attack-specific selector sequences. Gray per methodology: selector-pattern monitoring not configured.

Sources #

  • Docs
    T-09 Real-Time Signals — RD-F-095 deferredT-09 v1 signal scope — RD-F-095 is v1-deferred (P2)retrieved 2026-05-12

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-095 score gray collected_at 2026-05-12 10:36:11