DNS/CDN/frontend hash drift

Frax Finance's assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 signal. Historical: Nov 2023 DNS hijack of frax.com and frax.finance via Name.com registrar-level compromise — resolved within ~24h, no funds lost. Post-incident domain security posture: no public confirmation of DNSSEC deployment, no certificate-transparency monitoring feed publicly documented, no hash-baseline for production JS bundles established. No current DNS/frontend drift detected via available public channels as of 2026-05-17. Yellow posture: prior exploited attack surface (registrar-level) confirmed; structural vulnerability persists without evidence of remediation. T-09 phase-2 signal (requires external monitoring stack for production). Current state: no-fire today per observable evidence, but structural gap means the signal would not reliably alert if drift occurred.

Sources #

URL
crypto.news — Frax Finance DNS hijack Nov 2023Frax Finance DNS hijack details: Name.com registrar-level compromise, hackers hijacked frax.com and frax.financeretrieved 2026-05-17
URL
CoinDesk — Frax Finance DNS hijack Nov 2023Nov 2023 DNS hijack: frax.com and frax.finance hijacked via Name.com, resolved within 24h, no funds lostretrieved 2026-05-17

Methodology #

Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-105 score yellow collected_at 2026-05-16 20:44:31