Upstream vulnerability disclosure (last 90d)

Venus Protocol's assessment for RD-F-128 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The March 15, 2026 exploit (44 days before assessment date 2026-04-28) is within the 90-day window and represents active exploitation of the Compound-fork donation vector. The donation vector is now publicly known to be live in unpatched Compound v2 forks, effectively constituting an active disclosure affecting any unpatched Compound fork. This protocol was hit within the 90-day assessment window.

Sources #

URL
Halborn — Venus Protocol March 2026 Hack ExplainedHalborn March 2026 explanationretrieved 2026-04-28
URL
Venus Protocol Rekt IV — March 15 2026 exploit (44 days before assessment)Rekt.news Venus Rekt IV — March 15 2026retrieved 2026-04-28

Methodology #

Determine whether the upstream has a public vulnerability disclosure in the last 90 days that affects this fork's deployed code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol venus factor RD-F-128 score red collected_at 2026-04-28 18:30:49