Flash loan >$10M targeting protocol tokens

Veda (BoringVault)'s assessment for RD-F-100 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 signal. No flash-loan attack against Veda's primary contracts publicly reported. Protocol uses Chainlink aggregator feeds (not DEX spot oracles) which are resistant to single-block manipulation, materially reducing flash-loan oracle attack surface compared to DEX-oracle-dependent protocols. Merkle-root verification constrains what operations the Manager can execute, limiting flash-loan attack vectors.

Sources #

URL
Veda Immunefi bug bounty — no active incidents listedVeda uses Chainlink oracle feeds (19 feeds; not DEX spot oracles) per data cache; no flash-loan incidents reported on rekt.news or Immunefiretrieved 2026-05-17

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-100 score gray collected_at 2026-05-17 12:41:22