Avg attacker reconnaissance time for peer-class protocols

Lista DAO's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Peer-class reconnaissance time assessment for CDP + lending protocol class. Oracle-manipulation attacks (which constitute the primary risk class for lista-dao given Dec 2022 incident history) are typically same-block to hours — near-instant, <7 days. Key-compromise-dependent attacks (e.g., Bybit-style, Ronin-style) involve 14–78 days of reconnaissance. Lista-dao is exposed to both classes. Mixed-class peer-group average: estimated 7–29 days (yellow threshold). Insufficient hack DB sample specific to BSC CDP protocols to compute precise mean.

Sources #

URL
TRM Labs: Bybit Hack — Lazarus reconnaissanceTRM Labs Bybit hack — Lazarus reconnaissance timeline for key-compromise class attacksretrieved 2026-05-12
URL
Halborn: Ankr and Helio Hacks November 2022Halborn post-mortem on Dec 2022 Ankr/Helio incident — oracle-latency vector, near-instant strikeretrieved 2026-05-12

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lista-dao factor RD-F-163 score yellow collected_at 2026-05-12 17:54:05