Chronic-exploit flag (≥3 incidents)
Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-078 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Incident count = 3 (MISO 2021, Kashi 2022, RouteProcessor2 2023). Equals the ≥3 chronic threshold. Chronic flag fires. Root causes are all distinct (supply-chain contractor / stale-oracle lending / router callback), so this is NOT a same-root-cause chronic pattern — that distinction is captured separately in F079.
Sources #
- InternalJayPegs Automart (MISO/SushiSwap) hack report — hacksdatabasehacksdatabase/hacks/jaypegs-automart.mdretrieved 2026-05-17
- SushiSwap RouteProcessor2 exploit hack report — hacksdatabasehacksdatabase/hacks/sushi-yoink-rekt.mdretrieved 2026-05-17
- Beyond the market risk: Kashi KashiPairMediumRiskV1 logic bug (BlockSec)BlockSec Medium — Kashi exploit primary sourceretrieved 2026-05-17
Methodology #
Determine whether the protocol has ≥3 distinct incidents in the hack database.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol sushi factor RD-F-078 score red collected_at 2026-05-16 19:50:37