New ERC-20 approval to unverified contract from whale

Yearn Finance's assessment for RD-F-096 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

New ERC-20 approval to unverified contract from high-TVL user. Applicable to Yearn V3 ERC-4626 vault pattern. No specific alerts identified for Yearn as of 2026-05-16. Requires mempool + explorer sweep. V2-deferred per T-09 (moves to consumer-app scope).

Sources #

Curator note
T-09 consumer-app deferral note for F102T-09 §3.3: F102 'new ERC-20 approval to unverified contract' is user-level, not protocol-level; moves to consumer app scope.retrieved 2026-05-16

Methodology #

Detect whether a top-TVL depositor grants a new token approval to an unverified contract that interacts with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-096 score gray collected_at 2026-05-16 08:34:32