Prior exploit count

Save (formerly Solend)'s assessment for RD-F-077 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Two confirmed distinct smart-contract incidents: (1) 2021-08-19 — insecure admin-check in process_update_reserve_config; $0 direct loss, $16K user compensation paid by team, full remediation within 98 min. (2) 2022-11-02 — oracle price manipulation via thin-liquidity Saber USDH pool; $1.26M bad debt; ~$900K recovered from attacker; DAO proposals SLND5/SLND6 made users whole. Scored yellow: users suffered no final loss (DAO fully compensated), but two distinct incidents occurred and one involved unrecovered bad debt absorbed by the protocol. The 2022 SLND1/SLND2 governance controversy is excluded per U20 (no contract exploited, $0 loss). Nirvana Finance Solend-as-venue entry is excluded per U4/U22.

Sources #

URL
2022 Solana Hacks Explained: SolendAckee Blockchain — 2022 Solana Hacks Explained: Solend (technical analysis of Nov 2022 oracle attack)retrieved 2026-05-17
URL
DeFi Protocol Solend Struck by $1.26M Oracle ExploitCoinDesk — DeFi Protocol Solend Struck by $1.26M Oracle Exploit (Nov 2, 2022)retrieved 2026-05-17
URL
USDH Price Manipulation — Impact on Isolated PoolsSolend Nov 2022 oracle attack post-mortem — USDH price manipulation impact on isolated poolsretrieved 2026-05-17
URL
SLND-INCDT-01 Report (Public)SLND-INCDT-01 public report — Aug 2021 incidentretrieved 2026-05-17

Methodology #

Count the number of distinct incidents in the hack database affecting this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-077 score yellow collected_at 2026-05-17 15:20:15