defirisk.co
rubric v1.7.0

New ERC-20 approval to unverified contract from whale

GMX v2 (GMX Synthetics)'s assessment for RD-F-096 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No documented large-user approval to unverified contract interacting with GMX v2 at assessment date. GMX v2 pull-oracle / keeper architecture means users primarily interact via signed orders (not direct approvals to protocol contracts), which reduces the attack surface relative to lending protocols. GM token (LP token) approvals to unverified contracts would still be applicable. Requires on-chain approval monitoring. Gray — not confirmed by public data.

Sources #

  • Docs
    https://docs.gmx.io/docs/trading/v2/retrieved 2026-05-05

Methodology #

Detect whether a top-TVL depositor grants a new token approval to an unverified contract that interacts with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-096 score gray collected_at 2026-05-05 11:15:06