Known-exploit-template selector deployed by any address
Uniswap (v2 + v3)'s assessment for RD-F-162 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
V2+V3 combined: No confirmed exploit-template contract deployment targeting V2 or V3 core contracts identified in the 30-day assessment window. V2 and V3 have zero protocol-level direct exploit history in 6+ years of combined operation — no exploit template for these specific protocols exists in published form. SIR.trading (March 2025) exploited V3 callbacks against a downstream protocol (not V3 core). Requires bytecode-similarity monitoring not configured. Green based on available public sources.
Detail #
Signal fires when a contract is deployed by any address containing a function-selector pattern matching a known-exploit template for a protocol of this class. For V2 and V3: no such exploit template exists. The V2 TWAP oracle consumer failures (Visor Finance, Inverse Finance) exploited the *consumer* protocols (their use of V2 TWAP), not V2 core contracts themselves. SIR.trading (March 2025) misused V3 pool callback interfaces in a downstream protocol integration — the exploit template targets the downstream protocol, not V3 core. No publicly documented exploit template targeting V2 or V3 core contracts. Green: no active exploit-template deployment detected from public sources; definitive coverage requires bytecode-similarity indexing not available in static assessment.
Sources #
- URLRekt.news leaderboardRekt.news — no exploit-template deployments against Uniswap V2/V3retrieved 2026-05-11
Methodology #
Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.
See the full factor methodology and distribution across all protocols →