Protocol age (days)
A operational history factor in the v1.7.0 rubric. Measured per protocol on a c cadence.
Methodology how we score #
**What this measures** This factor records the number of days between today and the earliest mainnet deployment of any contract currently live under this protocol. Age is measured from on-chain data rather than team announcements and is updated continuously. It serves as the primary eligibility floor for an A grade under rubric v1.7.0, which requires a protocol to have been live for at least twelve months.
**Why it matters** Protocol age is the best single proxy for cumulative battle-testing. Young protocols have had less time to attract white-hat scrutiny, accumulate community monitoring coverage, or demonstrate upgrade discipline under production conditions. The dataset shows a pronounced clustering of exploits in protocols fewer than ninety days old: Eminence Finance was drained on the same day speculative deposits arrived; MobiusDAO was exploited at three days old; Kokomo Finance at under a week. Even for protocols with audits, the early-life period represents the highest-risk window because real production stress has not yet surfaced edge cases.
**Green / Yellow / Red** Green: protocol is live on mainnet for more than twelve months with no major contract redeployment that resets the clock. Yellow: protocol is between six and twelve months old, or is over twelve months old but redeployed core contracts in the trailing year, effectively resetting the battle-testing clock. Red: protocol is fewer than six months old, or any core contract holding user funds was deployed or redeployed within the last ninety days without a re-audit.
**Common gray cases** Protocols that launched on a testnet well before mainnet often claim longer effective age; this factor is scored from mainnet deployment only, not testnet dates, so curator verification of the on-chain deploy block is required.
**Notable historical examples** - **Eminence Finance** ($15M, 2020): Drained within hours of speculative deposits arriving to contracts that had never been publicly announced. - **Grim Finance** ($30M, 2021): Very new protocol at time of exploit; no established monitoring or white-hat community coverage. - **StableMagnet** ($27M, 2021): Exploited weeks after launch before any meaningful audit or review cycle.
Measurement what to look for #
Measure the number of days between today and the earliest mainnet deploy of any currently-live contract for this protocol.
Data & output #
Data source
Etherscan contract creation tx for earliest deployed contract (search by deployer address or protocol docs)
Output format
Green / Yellow / Red
Evidence artifact
Deploy tx hash + deploy block timestamp + days-delta
Confidence signal
green = ≥365 days live; yellow = 90–364 days; red = <90 days; gray = deploy tx not findable
Scored protocols 80 carry this factor #
Protocol RD-F-076
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum green Cap (cUSD / stcUSD) ethereum yellow Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance green Compound V3 (Comet) ethereum green Concrete ethereum yellow Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum green Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum green Hyperliquid arbitrum green Jito solana green Jupiter solana green Jupiter Perpetual Exchange solana green JustLend DAO tron green Kamino Lend solana green Kinetiq hyperliquid yellow Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana green mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum yellow Ondo Finance ethereum gray OpenEden ethereum green Orca solana green PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon green QuickSwap polygon green Raydium solana green Rocket Pool ethereum green Sanctum solana green Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron green Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum green Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum gray Yearn Finance ethereum green Linked hacks 31 historical incidents #
GANA Payment — Leaked Owner Key + EIP-7702 Delegator Contract (onlyEOA Bypass)2025-11-20 · $3M · Leaked Owner Key + EIP-7702 Delegator Contract (onlyEOA Bypass) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 9 days (launched November 11, 2025; exploited November 20, 2025)]
Bunni — Precision/Rounding Error in Custom Liquidity Distribution Function (LDF)2025-09-01 · $8M · Precision/Rounding Error in Custom Liquidity Distribution Function (LDF) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: ~Several months; TVL explosion July 31–Aug 1 2025 (weeks before exploit)]
BetterBank — LP Manipulation + Bonus Minting Exploit (Unregistered LP Pair Bypass)2025-08-25 · $5M · LP Manipulation + Bonus Minting Exploit (Unregistered LP Pair Bypass) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 6 weeks at time of exploit]
causalMobiusDAO — Decimal handling double-multiplication bug in minting function — pennies-to-quadrillions inflation2025-05-11 · $2M · Decimal handling double-multiplication bug in minting function — pennies-to-quadrillions inflation · Protocol age (days since first mainnet deploy) [via cross-hack: Factor 35: Protocol Age < 2 Weeks at Time of Hack] || Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 3 days (launched May 8, exploited May 11, 2025)]
LNDFi (LND.fi) — Admin Backdoor (Malicious Code Injection by Contractor / DPRK Dev)2025-05-09 · $1M · Admin Backdoor (Malicious Code Injection by Contractor / DPRK Dev) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 41 days (from deployment to exploit)]
Loopscale (formerly Bridgesplit) — Oracle Price Manipulation (RateX PT Token Pricing)2025-04-26 · $6M · Oracle Price Manipulation (RateX PT Token Pricing) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 16 days (launched April 10; exploited April 26)]
causalBedrock (uniBTC vault) — Unregistered NATIVE_BTC in SigmaSupplier → disabled supply cap → ETH-to-BTC 1:1 minting (infinite mint)2024-09-25 · $2M · Unregistered NATIVE_BTC in SigmaSupplier → disabled supply cap → ETH-to-BTC 1:1 minting (infinite mint) · Protocol age (days since first mainnet deploy) [via cross-hack: Factor 35: Protocol Age < 2 Weeks at Time of Hack]
Yearn Finance (legacy iearn TUSD V1 vault — deployed 2020) — Flash loan → misconfigured vault (TUSD vault tracking iSUSD/sUSD strategy) → share accounting inflation → Curve yPool drain2023-12-16 · $293K · Flash loan → misconfigured vault (TUSD vault tracking iSUSD/sUSD strategy) → share accounting inflation → Curve yPool drain · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: ~2,100 days (~5.75 years) at time of exploit]
Unibot — Unvalidated arbitrary call in new router — transferFrom injection via approval drain2023-10-31 · $640K · Unvalidated arbitrary call in new router — transferFrom injection via approval drain · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Unibot launched ~2023; new router deployed days before exploit]
Hypr Network — Bridge Contract Reinitialization (OP Stack Unpatched Dev Branch)2023-09-12 · $220K · Bridge Contract Reinitialization (OP Stack Unpatched Dev Branch) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 2 days (launched 2 days before exploit)]
Kannagi Finance — Insider rug — privileged admin withdrawal on behalf of users (MainChef address)2023-07-29 · $1M · Insider rug — privileged admin withdrawal on behalf of users (MainChef address) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Launched ~weeks before rug; newly deployed]
causalJimbo's Protocol — Flash loan + missing slippage control in rebalancing function → liquidity drain2023-05-28 · $8M · Flash loan + missing slippage control in rebalancing function → liquidity drain · Protocol age (days since first mainnet deploy) [via cross-hack: Factor 35: Protocol Age < 2 Weeks at Time of Hack] || Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: v2 was 3 days old at time of hack; v1 was ~2 weeks old and had already failed]
Yearn Finance (iearn yUSDT) — Misconfiguration (copy/paste error) in yUSDT — wrong Fulcrum USDC address used instead of USDT → share price manipulation → 1.2 quadrillion yUSDT minted2023-04-13 · $10M · Misconfiguration (copy/paste error) in yUSDT — wrong Fulcrum USDC address used instead of USDT → share price manipulation → 1.2 quadrillion yUSDT minted · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: yUSDT deployed ~2020; exploited after 1,156 days = ~3.2 years]
causalKokomo Finance — Insider rug — deployer upgraded implementation to malicious contract → drained WBTC deposits2023-03-26 · $4M · Insider rug — deployer upgraded implementation to malicious contract → drained WBTC deposits · Protocol age (days since first mainnet deploy) [via cross-hack: Factor 35: Protocol Age < 2 Weeks at Time of Hack]
Platypus Finance — Flash loan + emergencyWithdraw() solvency check bypass — collateral withdrawal without repaying borrowed USP2023-02-16 · $9M · Flash loan + emergencyWithdraw() solvency check bypass — collateral withdrawal without repaying borrowed USP · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Protocol ~1+ year; USP only 10 days old]
0xbad MEV Bot (on-chain MEV arbitrage contract) — Unprotected flashloan callback — arbitrary execution via callFunction → WETH approval exploit2022-09-27 · $2M · Unprotected flashloan callback — arbitrary execution via callFunction → WETH approval exploit · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 75 days of operation at time of hack]
Nirvana Finance — Flash Loan + AMM Price Manipulation (Treasury Drain)2022-07-28 · $4M · Flash Loan + AMM Price Manipulation (Treasury Drain) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Very new — launched weeks before hack]
Deus DAO (1st incident) — Flash loan → spot price manipulation of Solidex USDC/DEI AMM pool (used as oracle) → user positions liquidated2022-03-15 · $3M · Flash loan → spot price manipulation of Solidex USDC/DEI AMM pool (used as oracle) → user positions liquidated · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: DEI lending contract was recently launched (weeks old at time of exploit)]
Grim Finance — Reentrancy2021-12-18 · $30M · Reentrancy · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Very new (launched weeks before exploit)]
8ight Finance — Admin key compromise — private key shared via Facebook chat and Google Drive → treasury drain2021-12-07 · $2M · Admin key compromise — private key shared via Facebook chat and Google Drive → treasury drain · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: ~7 weeks (launched October 2021; exploited December 7, 2021)]
Snowdog (SnowdogDAO) — Insider front-running — privileged challengeKey knowledge + custom AMM sniping2021-11-25 · $21M · Insider front-running — privileged challengeKey knowledge + custom AMM sniping · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: 8 days (by design)]
Punk Protocol — Unprotected initialize() — delegateCall Forge Address Override2021-08-10 · $9M · Unprotected initialize() — delegateCall Forge Address Override · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Days old (Fair Launch, just opened)]
THORChain — Fake deposit via fake Asgard vault + malicious memo — Bifrost refund logic abuse2021-07-26 · $8M · Fake deposit via fake Asgard vault + malicious memo — Bifrost refund logic abuse · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: MCCN launched early 2021; exploit 10 days after exploit 1]
ChainSwap — Auth bypass in Factory minting contract — sloppy signature check bypassed with fresh addresses2021-07-11 · $4M · Auth bypass in Factory minting contract — sloppy signature check bypassed with fresh addresses · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: ~Several months; second incident came 9 days after first]
Merlin Labs (REKT 3) — Reward Minting Manipulation (Balance Inflation)2021-06-29 · $330K · Reward Minting Manipulation (Balance Inflation) · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: ~5 weeks (launched late May 2021)]
SafeDollar — Infinite Mint via Fee-on-Transfer Reward Accounting Bug2021-06-28 · $248K · Infinite Mint via Fee-on-Transfer Reward Accounting Bug · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Very new (weeks old at time of exploit)]
StableMagnet — Malicious Unverified Library (SwapUtils) — Rugpull with Approval Drain2021-06-24 · $27M · Malicious Unverified Library (SwapUtils) — Rugpull with Approval Drain · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Very new (weeks old)]
AutoShark Finance — Flash loan + SharkMinter balance spoofing → excess native token minting2021-06-01 · $745K · Flash loan + SharkMinter balance spoofing → excess native token minting · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Days to weeks old at time of exploit]
Merlin Labs (REKT 2) — Oracle Mispricing2021-05-27 · $550K · Oracle Mispricing · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: ~2 weeks at first hack]
Cover Protocol (formerly SAFE / SAFE2) — Infinite Mint — Blacksmith Farming Contract Withdrawal Bug2020-12-28 · $9M · Infinite Mint — Blacksmith Farming Contract Withdrawal Bug · Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Cover Protocol was the 3rd rename; launched as COVER in late 2020 — weeks old at time of exploit]
causalEminence Finance (EMN) — Flash loan + bonding curve arbitrage (buy/burn/sell cycle)2020-09-28 · $15M · Flash loan + bonding curve arbitrage (buy/burn/sell cycle) · Protocol age (days since first mainnet deploy) [via cross-hack: Factor 35: Protocol Age < 2 Weeks at Time of Hack]
rubric_version v1.7.0 factor RD-F-076 category 5 carried 80 critical no