defirisk.co
rubric v1.7.0

Sybil surge of identical-pattern transactions

Uniswap (v2 + v3)'s assessment for RD-F-097 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2+V3 combined: V2 and V3 are permissionless AMMs — high transaction volumes from many addresses are expected normal operation. Sybil-surge attacks are applicable to protocols with permissionless-pool oracle surfaces (Rhea Finance class); V2/V3 AMM model does not accept oracle inputs from permissionless pools. Signal not fireable against this architecture in static assessment. Gray per methodology.

Detail #

Signal fires when multiple new EOAs submit identical transaction patterns within a short window (sybil setup). For V2 and V3: the relevant oracle attack vector (permissionless-pool oracle manipulation) does not apply — V2 and V3 do not read external oracle prices during swap execution. The V2 TWAP oracle is manipulable by moving pool price within a block, but this is not a sybil-based attack pattern — it is done by a single large swap, not by many identical transactions. Gray: signal architecture mismatch with V2/V3 AMM model; monitoring not configured in static assessment.

Sources #

  • Docs
    T-09 Real-Time Signals — RD-F-097 deferredT-09 v1 signal scope — RD-F-097 is v1-deferred (P2); structural mismatch for non-oracle-consuming AMMsretrieved 2026-05-12

Methodology #

Detect multiple new EOAs submitting identical transaction patterns within a short window (sybil setup pattern).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-097 score gray collected_at 2026-05-12 10:36:11