Same-root-cause repeat exploit

Aave v3's assessment for RD-F-079 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No two incidents share the same root-cause cluster. CRV (oracle/market manipulation on v2), stable rate (accounting bug — pre-exploit patch, $0 loss), periphery (dust accumulation, unprotected sweep), rsETH/Kelp (external bridge DVN misconfiguration, collateral contamination). Four distinct root causes across four incidents.

Sources #

Governance
Aave v2/v3 Security Incident (November 4, 2023)Stable rate security incident Nov 2023retrieved 2026-04-27
Governance
rsETH Incident Report — root cause: LayerZero 1/1 DVN misconfiguration on Kelp sidersETH Incident Reportretrieved 2026-04-27

Methodology #

Determine whether the protocol has been exploited ≥2 times via the same root-cause cluster.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-079 score green collected_at 2026-04-27 23:28:46