Same-root-cause repeat exploit

Aerodrome Finance's assessment for RD-F-079 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

All 3 incidents share root-cause cluster 'DNS/domain hijack via registrar attack'. 2023 events used Porkbun social engineering; 2025 used NameSilo insider â€” same attack class. Yellow (not red) because: incidents are frontend-only with no protocol-layer SC compromise; team made partial mitigations between events (ENS mirrors, registrar migration). Green threshold (no repeat root cause) is not met.

Sources #

URL
Explained: The Aerodrome Finance Hack (November 2025)Halborn analysis confirming DNS/domain root cause class across incidentsretrieved 2026-05-04
URL
Velodrome and Aerodrome DEXs Face Frontend AttacksCryptoPotato â€” Velodrome and Aerodrome DEXs face frontend attacks (Porkbun root cause)retrieved 2026-05-04

Methodology #

Determine whether the protocol has been exploited ≥2 times via the same root-cause cluster.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aerodrome factor RD-F-079 score yellow collected_at 2026-05-04 19:56:03