Post-exploit response score
Beefy Finance's assessment for RD-F-081 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No direct Beefy exploit occurred, but the May 2024 Sonne Finance upstream exploit is the primary analog: some Beefy Optimism vault users suffered partial losses when Sonne Finance was drained for $20M. Response quality: (1) Speed — Beefy paused 9 Sonne-dependent vaults 'within minutes,' which is rapid; however Optimism vaults partially drained before the pause was executed, resulting in user losses despite the speed. (2) Transparency — Beefy communicated via X post on the day of the incident; no structured post-mortem from Beefy's perspective was published. Sonne published its own post-mortem. (3) Compensation — Beefy directed affected users to monitor Sonne's recovery process; Beefy treasury did not top up partial losses for the 2024 event. (4) Re-audit — not triggered for Beefy contracts (root cause was in Sonne's contracts). Overall response quality ~3/5: rapid operational action, weak post-mortem depth from Beefy's own perspective, no direct user compensation for losses. Yellow. Hi
Sources #
- URLBeefy Finance X post: Sonne Finance exploit response (2024-05-15)Beefy X announcement on Sonne Finance exploit and vault suspensionretrieved 2026-05-16
- Beefy Finance Incident Report: The BUNNY rescue (2021-04)BUNNY rescue incident report — full user compensation for 2021 coding error; response quality baselineretrieved 2026-05-16
- Binance News: Beefy Finance urgently suspends 9 Sonne Vaults (2024-05-15)Binance Square summary: Beefy suspended 9 Sonne vaults; some Optimism vault users experienced partial losses; Base vaults fully savedretrieved 2026-05-16
Methodology #
Curator-score (1–5) the most recent incident response on: compensation completeness, transparency of disclosure, root-cause analysis depth, and operational recovery speed.
See the full factor methodology and distribution across all protocols →