Known-exploit function-selector replay

Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-095 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-exploit selector-pattern replay signal (T-09 phase-2 signal tier). No known exploit replay pattern exists for Liquity's CDP/stability-pool architecture. Zero protocol-layer exploits in v1 history (2021-2026). Feb 2025 v2 Stability Pool vulnerability was discovered pre-launch by the team (zero user funds at risk, not a replay of a prior attack pattern).

Sources #

URL
V2 Redeployment Updates — Liquity BlogLiquity v2 redeployment post confirming pre-launch vulnerability discovery with zero user fund loss; not an exploit replayretrieved 2026-05-16

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquity factor RD-F-095 score green collected_at 2026-05-16 10:35:50