New ERC-20 approval to unverified contract from whale

Uniswap (v2 + v3)'s assessment for RD-F-096 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2+V3 combined: User-level signal, not protocol-level. Permit2 (0x000000000022D473030F116dDEE9F6B43aC78BA3) is the canonical V3 approval management contract — approvals to it are expected and benign. No approvals from high-TVL V3 LPs to unverified contracts detected from public sources. Signal infrastructure (user-level approval monitoring) not configured in static assessment. Gray per methodology.

Detail #

Signal fires when a whale or top-TVL depositor grants a new approval to an unverified contract interacting with the protocol. For Uniswap V3: the expected approval path is ERC-20 token -> Permit2 (0x000000000022D473030F116dDEE9F6B43aC78BA3) which is a verified and well-known contract. Approvals directly to SwapRouter or SwapRouter02 are also expected. The risk this signal monitors is a user approving an *unverified* contract that then drains their approved tokens. No such pattern detected. Gray: user-level monitoring infrastructure not configured in static assessment.

Sources #

Etherscan
Permit2 Contract — Uniswap LabsPermit2 0x000000000022D473030F116dDEE9F6B43aC78BA3 — verified canonical approval contractretrieved 2026-05-12

Methodology #

Detect whether a top-TVL depositor grants a new token approval to an unverified contract that interacts with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-096 score gray collected_at 2026-05-12 10:36:11