defirisk.co
rubric v1.7.0

Known-exploit function-selector replay

Yearn Finance's assessment for RD-F-095 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-exploit replay selector pattern. Applicable: exploits 2 (2023-04-13, yUSDT share inflation) and 4 (2023-12-16, TUSD share inflation) used identical root cause in different vaults — same function selector pattern theoretically detectable. No known active replay attempt detected via public sources. Requires live selector-pattern DB + mempool sweep. production pipeline signal not yet implemented.

Sources #

  • Internal
    Yearn hacksdatabase — repeat exploit selector patternhacksdatabase/hacks/yearn2-rekt.md exploit tx: '0xd55e43c1…', '0x8db0ef33…'; hacksdatabase/hacks/yearn-rekt4.md exploit tx: '0x78921ce8d0361193b0d34bc76800ef4754ba9151a1837492f17c559f23771c43'. Identical root cause across two events suggests detectable selector pattern.retrieved 2026-05-16

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-095 score gray collected_at 2026-05-16 08:34:32