defirisk.co
rubric v1.7.0

Known-exploit-template selector deployed by any address

Cap (cUSD / stcUSD)'s assessment for RD-F-162 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 v2-deferred. No live exploit-template DB or new-contract-deploy sweep. Cap uses UUPS proxy + AccessControl + TimelockController architecture — a class for which known-exploit-template contracts (unprotected initialize, upgradeToAndCall replay) exist. No specific exploit-template deployment targeting Cap found in OSINT. Requires live contract-deploy scan with bytecode selector fingerprint matching.

Sources #

  • Internal
    Taxonomy Cat 11 — RD-F-162 exploit-template selector patternresearch/outputs/03-taxonomy.md Cat 11 RD-F-162 definitionretrieved 2026-05-17

Methodology #

Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-162 score gray collected_at 2026-05-17 10:56:24