Flash loan >$10M targeting protocol tokens

Pendle Finance's assessment for RD-F-100 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Flash-loan targeting signal (v1 phase-2). Threshold: flash loan >=$ 10M origination with receiver interacting with protocol oracle/market/governor. Penpie's Sept 2024 exploit used Balancer flash loans but the receiver was Penpie's staking contract (not Pendle's core AMM, SY contracts, or TWAP oracle). Rekt DB shows zero Pendle core entries. No flash-loan attack against Pendle core reported.

Sources #

URL
Explained: The Penpie Hack | HalbornHalborn Penpie analysis: Pendle core contracts were not exploitedretrieved 2026-04-29
URL
Penpie Hack: Three SigmaPenpie exploit: flash loan receiver was Penpie PendleStakingBaseUpg, not Pendle coreretrieved 2026-04-29

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-100 score green collected_at 2026-04-28 21:09:40