Avg attacker reconnaissance time for peer-class protocols
Aerodrome Finance's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Cat 11: avg attacker reconnaissance time for peer-class protocols (DEX). DEX class spans two recon patterns: (1) flash-loan AMM manipulation (C2 cluster) — near-instant, <1 day recon; (2) social engineering / DNS class (C15 cluster, Aerodrome's documented attack surface) — days to weeks of planning. Aerodrome's three documented incidents were all DNS/registrar class requiring social-engineering setup time (planning the NameSilo insider approach, researching Porkbun registrar controls). Weighted assessment: yellow (7–29 days for the DNS-attack subclass which is Aerodrome's demonstrated vector). The near-instant flash-loan subclass is less relevant given veAERO lock mechanism mitigates governance flash-loan attacks.
Sources #
- URLAerodrome Finance Hack Explanation — HalbornT-09 §2: C2 cluster (flash-loan) near-instant; C15 cluster (DNS/frontend) 30 min – 4h exploitation window AFTER access achieved, implying prior planning. Profile §10: three frontend incidents requiring social-engineering planning.retrieved 2026-05-04
Methodology #
Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.
See the full factor methodology and distribution across all protocols →