defirisk.co
rubric v1.7.0

New ERC-20 approval to unverified contract from whale

QuickSwap's assessment for RD-F-096 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Signal requires live mempool monitoring of ERC-20 approvals from high-TVL users to unverified contracts. T-09 v2 deferred. Prior exploit context: May 2022 GoDaddy DNS hijack involved fraudulent router approvals ($107.6K). This approval-vector risk is real for QuickSwap but the signal cannot be assessed in static context.

Sources #

  • URL
    QuickSwap GoDaddy Domain Hijack post-mortemQuickSwap GoDaddy domain hijack May 2022: attacker's frontend induced users to approve funds to attacker contract — approval-based attack vector confirmed for this protocolretrieved 2026-05-16

Methodology #

Detect whether a top-TVL depositor grants a new token approval to an unverified contract that interacts with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-096 score not_assessed collected_at 2026-05-16 08:48:31