Known-exploit-template selector deployed by any address

Pendle Finance's assessment for RD-F-162 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-exploit-template selector-pattern deployed (Cat 11). Threshold: contract deployed with selector matching known-exploit template for this protocol class. Penpie's Sept 2024 exploit used a malicious SY token to exploit Penpie's permissionless market registration — this is a Penpie-specific selector pattern, not a Pendle core exploit template. No known-exploit template for Pendle core contracts (Router, PT/YT factory, PY-YT-LP Oracle) has been documented. No current deployment of such a template publicly identified.

Sources #

URL
The PenPie Hack: Understanding the Reentrancy Exploit | AuditOnePenpie exploit was a novel reentrancy on Penpie's batchHarvestMarketRewards — no Pendle core selector template existsretrieved 2026-04-29

Methodology #

Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-162 score green collected_at 2026-04-28 21:09:40