Chronic-exploit flag (≥3 incidents)

Yearn Finance's assessment for RD-F-078 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

4 confirmed distinct incidents in hack database (2021-02-04, 2023-04-13, 2023-11-30, 2023-12-16). Threshold for CHRONIC flag fires at ≥3. Binary flag = red. CHRONIC badge determination (PD-022 same-root-cause ≥3) is borderline — the identical Fulcrum-misconfiguration class has 2 events; broader 'legacy immutable/abandoned' meta-class has 3 events within 8 months — requires_curator_input for final badge call. F078 scores red on incident count alone (4 ≥ 3).

Sources #

Internal
Yearn Finance Hack Reports — all 4 incidentshacksdatabase/hacks/yearn-rekt1.md, yearn2-rekt.md, yearn-rekt3.md, yearn-rekt4.md — 4 distinct confirmed incidentsretrieved 2026-05-16
URL
rekt.news leaderboard — Yearn Finance entriesrekt.news Yearn coverage corroborating all 4 incidents (2021, 2023-04, 2023-11, 2023-12)retrieved 2026-05-16

Methodology #

Determine whether the protocol has ≥3 distinct incidents in the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-078 score red collected_at 2026-05-16 08:34:32