New contract with similar bytecode to exploit template

Raydium's assessment for RD-F-094 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 6A precursor signal (v1-deferred). Raydium programs use Solana BPF bytecode (compiled Rust/Anchor), not EVM bytecode. EVM bytecode similarity detection tooling does not apply. The Drift April 2026 DPRK attack deployed a fake token (CVT) and a controlled price oracle — not a contract mimicking Raydium program bytecode. No Raydium-targeting exploit-contract deployment with similar bytecode identified. Concept is applicable in principle (attacker could deploy a contract mimicking Raydium instruction patterns) but Solana BPF similarity tooling is not defined in the T-09 signal spec. Assessed gray due to tooling gap.

Sources #

URL
The Drift Protocol Hack: How Privileged Access Led to a $285 Million Loss — ChainalysisDrift April 2026 attack: attacker deployed fake CVT token and oracle, not a Raydium-bytecode-similar contractretrieved 2026-04-29
Curator note
Assessment curator noteSolana BPF bytecode similarity tooling not defined in T-09; concept applicable but mechanically requires Solana-specific implementationretrieved 2026-04-29

Methodology #

Detect whether a freshly deployed contract has high bytecode similarity to a known exploit template targeting this protocol class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-094 score not_assessed collected_at 2026-04-29 12:31:55