defirisk.co
rubric v1.7.0

CREATE2 factory permits same-address redeploy

A post-deploy hygiene & change mgmt factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor identifies whether the protocol uses a CREATE2 factory that permits redeployment to the same contract address with different bytecode — either via a selfDestruct-and-redeploy pattern or via a factory configuration that does not enforce deterministic address uniqueness. If redeployment is possible, the address ceases to be a reliable identifier for a specific contract's code.

**Why it matters** CREATE2 factories that permit redeployment enable metamorphic contract attacks: an attacker (or a malicious governance proposal) can deploy an apparently-safe contract to a known address, accumulate user approvals or deposits, then self-destruct and redeploy a malicious version at the same address. The Tornado Cash governance attack in 2023 demonstrated this vector: a trojan governance proposal used CREATE2's malicious-contract-swap capability to deploy a contract that accumulated votes under an apparently benign façade, then swapped to a malicious implementation. The attack was executed at the governance layer; a protocol using a redeployable CREATE2 factory for its own core contracts carries the same risk in its own upgrade process.

**Green / Yellow / Red** Green is assigned when the protocol does not use CREATE2 deployment for upgradeable core contracts, or when the factory is configured to prevent redeployment via a one-time-nonce burn or equivalent. Yellow covers use of CREATE2 for peripheral contracts with no self-destruct capability in the deployer. Red is assigned when core protocol contracts are deployed via CREATE2 with no guard against redeployment to the same address.

**Common gray cases** This factor is grayed when the protocol does not use CREATE2 in its deployment architecture, or when the factory used is a well-audited standard implementation with verified non-redeployable configuration.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether a CREATE2 factory deployment allows redeployment to the same address with different bytecode (via selfdestruct + redeploy pattern).

Data & output #

Data source
Source inspection for CREATE2 factory pattern + `selfdestruct` in factory logic on Etherscan-verified source
Output format
Green / Yellow / Red
Evidence artifact
Factory contract address + source excerpt showing redeploy path
Confidence signal
green = no same-address redeploy possible; red = CREATE2 redeploy to same address with different bytecode possible; gray = protocol does not use CREATE2 factory (N/A) or source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-144
Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum green Beefy Finance ethereum gray BENQI avalanche green BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance green Compound V3 (Comet) ethereum green Concrete ethereum green Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum green Ethena ethereum not_assessed ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum green Fluid ethereum not_assessed Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum green Hyperliquid arbitrum not_applicable Jito solana not_applicable Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana green Meteora solana not_applicable mETH Protocol ethereum green Midas ethereum not_applicable Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum green Orca solana not_applicable PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon green QuickSwap polygon green Raydium solana not_applicable Rocket Pool ethereum green Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum green StakeWise v3 ethereum gray Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron green Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum green Synapse Protocol ethereum green Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc not_assessed Wormhole ethereum gray Yearn Finance ethereum green
0 red · 0 yellow · 54 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-144 category 9 carried 80 critical no