Flash loan >$10M targeting protocol tokens
Yearn Finance's assessment for RD-F-100 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Flash-loan origination targeting protocol. Historical pattern: exploits 1 (2021-02-04 — 116K ETH dYdX + 99K ETH Aave + 134M USDC Compound flash loans), 2 (2023-04-13 — 10,000 USDT input exploited share inflation via Fulcrum misconfiguration, not a flash loan per se but flash-loan-enabled share accounting), 4 (2023-12-16 — 30M USDC Morpho flash loan used for donation attack). Current V3 vault architecture does not use spot-price-dependent share valuation, reducing the flash-loan manipulation attack surface materially. However, legacy immutable V1/V2 vaults remain on-chain with residual user balances (confirmed by hacksdatabase). The structural residue of legacy vaults means flash-loan targeting of Yearn contracts is not zero-risk. No large flash loan targeting Yearn contracts detected as of 2026-05-16. Phase-2 signal; not live. Yellow: elevated structural residual from legacy vault surface.
Sources #
- URLRekt.news — Yearn Finance 2021 exploitRekt.news yearn-rekt (2021): confirmed flash loan attack mechanics. Rekt.news yearn-rekt4 (2023-12): Morpho flash loan as exploit mechanism.retrieved 2026-05-16
- Yearn hacksdatabase — flash loan exploitation historyhacksdatabase/hacks/yearn-rekt1.md: 116K ETH dYdX + 99K ETH Aave + 134M USDC Compound flash loans used in exploit 1 (2021-02-04). hacksdatabase/hacks/yearn-rekt4.md: 30M USDC Morpho flash loan used in exploit 4 (2023-12-16).retrieved 2026-05-16
Methodology #
Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.
See the full factor methodology and distribution across all protocols →