defirisk.co
rubric v1.7.0

Known-exploit function-selector replay

Balancer (v2 + v3)'s assessment for RD-F-095 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-exploit function-selector replay | Applicable: Yes — batchSwap selector with CSP-targeting calldata is documented | The November 2025 attack pattern involves batchSwap sequences exploiting _upscaleArray rounding in v2 ComposableStablePools. Attack is documented publicly. No confirmed replay selector pattern deployed against remaining v2 CSP pools in assessment window. Requires selector pattern index not maintained in this static assessment. | Threshold: Specific selector sequence and calldata shape matching known Balancer-class exploit template | Would fire: No

Sources #

  • Audit
    https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/retrieved 2026-05-05

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-095 score gray collected_at 2026-05-05 12:41:36