Post-exploit response score

A operational history factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor is a curator-assigned score from 1 to 5 evaluating the protocol's response to its most recent incident across four dimensions: user compensation (restitution offered and delivered), transparency (public communication timeliness and completeness), root-cause depth (post-mortem technical precision), and operational recovery (time to restore normal function). A score of 5 represents exemplary response on all four dimensions; a score of 1 represents silence or denial.

**Why it matters** Post-exploit response quality is a leading indicator of whether a future incident will be handled well. Protocols that respond poorly -- by going silent, providing vague post-mortems, or failing to compensate affected users -- demonstrate governance and operational cultures that increase systemic risk. In contrast, protocols that publish detailed post-mortems within thirty days, offer structured compensation, and commission re-audits signal that security is treated as a continuous process rather than a one-time checkbox. The dataset shows consistent correlation between poor response scores and subsequent second exploits.

**Green / Yellow / Red** Green: score of 4 or 5, indicating timely public communication, full root-cause disclosure, meaningful compensation effort, and rapid operational recovery. Yellow: score of 2 or 3, indicating partial disclosure, delayed communication, or incomplete compensation. Red: score of 1, indicating silence, denial, or team abandonment following the incident.

**Common gray cases** For protocols with multiple incidents, this score applies to the most recent incident only. If the most recent incident is ongoing (fewer than thirty days elapsed) and no post-mortem has been published, the field is marked gray pending curator assessment.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Curator-score (1–5) the most recent incident response on: compensation completeness, transparency of disclosure, root-cause analysis depth, and operational recovery speed.

Data & output #

Data source

Protocol post-mortem document + governance forum announcements + news coverage

Output format

Green / Yellow / Red

Evidence artifact

Post-mortem URL + curator score sheet (1–5 per sub-dimension) + curator sign-off

Confidence signal

green = score ≥4; yellow = score 2–3; red = score 1 or no response; gray = no prior exploits (N/A)

Scored protocols 80 carry this factor #

Protocol RD-F-081

Aave v3 ethereum yellow Across Protocol ethereum not_applicable Aerodrome Finance base yellow Axelar Network ethereum green Babylon Protocol bitcoin gray Balancer (v2 + v3) ethereum yellow Beefy Finance ethereum yellow BENQI avalanche not_applicable BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum gray Chainlink CCIP ethereum gray Circle USYC binance not_applicable Compound V3 (Comet) ethereum yellow Concrete ethereum not_applicable Convex Finance ethereum yellow crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum yellow deBridge ethereum gray Dolomite ethereum green dYdX v4 (dYdX Chain) dydx yellow EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum gray Fluid ethereum yellow Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum gray Hyperliquid arbitrum yellow Jito solana gray Jupiter solana gray Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana gray Kinetiq hyperliquid not_applicable Lido ethereum green Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum gray Lista DAO bsc yellow Lombard Finance ethereum gray M^0 ethereum gray Maple Finance ethereum yellow Marinade Finance solana yellow Meteora solana not_applicable mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum gray Ondo Finance ethereum gray OpenEden ethereum gray Orca solana not_applicable PancakeSwap bsc yellow Pendle Finance ethereum gray Polymarket polygon yellow QuickSwap polygon gray Raydium solana yellow Rocket Pool ethereum gray Sanctum solana gray Save (formerly Solend) solana yellow Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum gray Spiko stellar gray Stake DAO ethereum not_applicable StakeWise v3 ethereum yellow Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron not_applicable Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum yellow Symbiotic ethereum gray Synapse Protocol ethereum yellow Uniswap (v2 + v3) ethereum gray USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum yellow Veda (BoringVault) ethereum not_applicable Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum yellow

Linked hacks 4 historical incidents #

Balancer V2 (Composable Stable Pools) — `_upscale()` rounding-down compounded across 65+ micro-swaps2025-11-03 · $128M · `_upscale()` rounding-down compounded across 65+ micro-swaps · Auto-linked by C.4 triage 2026-05-07

GMX V1 — Cross-Contract Reentrancy via Order-Keeper Callback2025-07-09 · Cross-Contract Reentrancy via Order-Keeper Callback · Auto-linked by C.4 triage 2026-05-07

Euler Finance — Donation Function Bypassing Health Check (Logic Bug in EIP-14 upgrade)2023-03-13 · $197M · Donation Function Bypassing Health Check (Logic Bug in EIP-14 upgrade) · Auto-linked by C.4 triage 2026-05-07

Curve Finance (curve.fi frontend) — DNS nameserver compromise → malicious frontend injection → approval harvesting2022-08-09 · $575K · DNS nameserver compromise → malicious frontend injection → approval harvesting · Auto-linked by C.4 triage 2026-05-07

rubric_version v1.7.0 factor RD-F-081 category 5 carried 80 critical no