defirisk.co
rubric v1.7.0

Attacker wallet pre-strike probe (low-gas failing txs)

Yearn Finance's assessment for RD-F-159 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Mempool probe: attacker wallet sending low-gas failing txs to Yearn contracts. No such probing detected via public mempool sources. Requires live mempool feed + threat-actor wallet cluster list. production pipeline signal not yet implemented (T-09 §3.3 F159 is a sub-pattern of RD-F-100 bundled for v2). Historical Yearn attackers used short-fuse tactics, not extended mempool-probe reconnaissance.

Sources #

  • Curator note
    T-09 v2-deferred note for mempool probe signalT-09 §3.3: F159 'mempool probe' is v2-deferred; to be bundled into RD-F-100 as probe sub-pattern. No live implementation.retrieved 2026-05-16

Methodology #

Detect whether a wallet in a threat-actor cluster is sending low-gas or intentionally-failing transactions to this protocol (pre-strike reconnaissance pattern).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-159 score gray collected_at 2026-05-16 08:34:32