defirisk.co
rubric v1.7.0

Known-exploit-template selector deployed by any address

Stake DAO's assessment for RD-F-162 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No contract deployment matching a known-exploit-template selector pattern targeting Stake DAO's architecture detected in public data. The Zunami exploit used SDT pool slippage manipulation to attack Zunami's own totalHoldings() oracle — the exploit template targets Zunami's code path, not Stake DAO's locker contracts. Stake DAO's non-upgradeable locker contracts (CurveYCRVVoter 0x52f541764) are not exposed to the flash-loan reentrancy template class (e.g., Vyper 0.2.15-0.3.0 reentrancy) that affected Curve pools directly in July 2023. No new exploit-template deployments targeting Stake DAO's specific architecture detected.

Sources #

  • URL
    Zunami Protocol Incident Analysis | CertiKZunami exploit analysis — root cause in Zunami's totalHoldings() not in Stake DAO locker contracts; SDT pool was collateral in the price manipulation, not the vulnerable pathretrieved 2026-05-16

Methodology #

Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol stake-dao factor RD-F-162 score green collected_at 2026-05-16 12:29:20