Post-exploit response score
Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-081 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
May 2025 exploit response scored against 5-dimension rubric: (1) Detection: BlockSec Phalcon auto-detected; vault paused automatically within ~1 hour — strong. (2) Public communication: blog published ~1-2 days post-exploit — fast. (3) Root-cause transparency: blog describes 'situational vulnerability' and 'behavioral edge case rather than flawed logic' — somewhat defensive; general description of unwrap/1:1 mechanism without specific code diff at time of publication; promised 'full technical audit diff' deferred to ETA June 3. (4) Remediation: router redeployment committed; caps/guards credited for loss containment; no user funds lost. (5) Auditor re-engagement: not confirmed at post-mortem publication time. Scored yellow: fast operational response, partial transparency quality on root cause and deferred technical diff. Previously not_applicable (zero SC exploits); now graded on merits of May 2025 exploit.
Sources #
- URLUsual Blog — Sky Vault Arbitrage Recap: Contained and ControlledUsual official post-mortem — Sky Vault Arbitrage Recap: Contained and Controlled — describes response, action plan, root cause framingretrieved 2026-05-17
- Binance Square — Usual Protocol pauses contract after USD0 exploitBinance Square — 'within the first hour after the exploit, Usual Protocol clarified that no liquidity was drained and user funds were not affected. The protocol paused its smart contracts following BlockSec detection'retrieved 2026-05-17
Methodology #
Curator-score (1–5) the most recent incident response on: compensation completeness, transparency of disclosure, root-cause analysis depth, and operational recovery speed.
See the full factor methodology and distribution across all protocols →