Stale-approval exposure on deprecated router

Rocket Pool's assessment for RD-F-168 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Multiple deprecated deposit pool versions exist (v1.0 at 0x4d05e3d4, v1.1 at 0x2cac916b, v1.2 at 0xDD3f50F8). Users who interacted with older versions may have residual ERC-20 token approvals to deprecated contracts. Rocket Pool has published protocol upgrade guidance but no formal revoke-notice or approval wind-down event documented. 4+ year protocol age with 3 major deposit pool versions makes material residual approvals likely. Cannot quantify without subgraph query.

Sources #

Etherscan
Rocket Pool: Deposit v1.0 | EtherscanDeprecated Deposit Pool v1.0retrieved 2026-05-04
Etherscan
Rocket Pool: Deposit Pool v1.1 | EtherscanDeprecated Deposit Pool v1.1retrieved 2026-05-04

Methodology #

Count the number of active user approvals (ERC-20 `allowance`) to deprecated router or protocol contracts.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol rocket-pool factor RD-F-168 score yellow collected_at 2026-05-04 15:40:28