Post-exploit response score
Yearn Finance's assessment for RD-F-081 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Scored on most-recent incident (#4, 2023-12-16). Compensation: none (legacy contract, not current infrastructure). Transparency: Yearn publicly characterized the contract as '2,100 days old' and unrelated to current vaults. Root-cause: confirmed (Fulcrum iSUSD vs TUSD strategy mismatch). Recovery speed: no war room spun up; external researchers (William Li, PeckShield) detected it. Score 2/5 on incident #4. Historical context: incident #1 scored 4/5 (11-min vault disable, preserved 24M DAI); incident #3 scored 4/5 (war room ~20 min, SEAL911, $2.4M recovered). Pattern shows strong response capability on incidents involving current infrastructure but minimal response for legacy contracts.
Sources #
- URLYearn Finance details $9M yETH exploitThe Block — Yearn $9M yETH exploit post-mortem confirming war room ~20 min and SEAL911 engagementretrieved 2026-05-16
- Yearn Finance 4th Exploit — response qualityhacksdatabase/hacks/yearn-rekt4.md — response characterization for incident #4retrieved 2026-05-16
- Yearn Security Disclosure 2021-02-04Yearn 2021-02-04 disclosure — 11-min response; 24M DAI preservedretrieved 2026-05-16
Methodology #
Curator-score (1–5) the most recent incident response on: compensation completeness, transparency of disclosure, root-cause analysis depth, and operational recovery speed.
See the full factor methodology and distribution across all protocols →