New ERC-20 approval to unverified contract from whale

Venus Protocol's assessment for RD-F-096 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred per T-09 §3.3. September 2025 Lazarus attack involved victim signing a malicious delegation transaction (approval to attacker contract) — exactly the pattern RD-F-096 monitors. Not wired in v1 production pipeline.

Sources #

URL
Protos — September 2025 Venus phishing attack (attacker contract 0x7fd8...202a)https://protos.com/fears-of-27m-venus-protocol-hack-turn-out-to-be-phishing-attack-on-power-user/retrieved 2026-04-28

Methodology #

Detect whether a top-TVL depositor grants a new token approval to an unverified contract that interacts with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-096 score not_assessed collected_at 2026-04-28 18:30:49