defirisk.co
rubric v1.7.0

Same-root-cause repeat exploit

Wormhole's assessment for RD-F-079 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

- Finding: FALSE. The Feb 2022 exploit (Solana sysvar account confusion) has not recurred. The Feb 2022 Immunefi white-hat disclosure (uninitialized EVM proxy) is a different root-cause class (proxy initialization, not sysvar validation). No repeat of either root cause found. - Light: green

Sources #

  • Curator note
    Extracted from 05-ops-history.md — RD-F-079; no URL cited in originalretrieved 2026-04-28

Methodology #

Determine whether the protocol has been exploited ≥2 times via the same root-cause cluster.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-079 score gray collected_at 2026-04-28 01:38:43