Known-exploit function-selector replay

Pendle Finance's assessment for RD-F-095 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

v1-deferred signal. Known-exploit selector replay pattern requires an exploit-template DB. Penpie's exploit used `batchHarvestMarketRewards` (Penpie-specific selector), not a Pendle core selector. No known-exploit replay active on Pendle core.

Sources #

URL
Penpie Hack: Auditing the $27M Reentrancy Exploit | Three SigmaPenpie exploit used batchHarvestMarketRewards in Penpie's PendleStakingBaseUpg — not a Pendle core selectorretrieved 2026-04-29

Methodology #

Detect whether a call-pattern matches a known-exploit replay template (specific selector sequence and calldata shape) against this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-095 score not_assessed collected_at 2026-04-28 21:09:40