New ERC-20 approval to unverified contract from whale

Dolomite's assessment for RD-F-096 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 signal tier (v2/deferred). The 2024 exploit was caused by stale ERC-20 approvals to a deprecated 2019 contract; Dolomite published revoke.cash guidance post-exploit. For current v2: no evidence of high-TVL user granting new approvals to unverified contracts. Requires continuous mempool monitoring not currently implemented.

Sources #

URL
2024 Dolomite Hack: Check If You're AffectedRevoke.cash guidance post-Dolomite exploit on stale approvalsretrieved 2026-05-16

Methodology #

Detect whether a top-TVL depositor grants a new token approval to an unverified contract that interacts with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dolomite factor RD-F-096 score gray collected_at 2026-05-16 11:12:56