Deprecated contracts still holding value
Yearn Finance's assessment for RD-F-166 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Hacksdatabase yearn-rekt4.md (2023-12-16 incident) confirms approximately $214K sUSD is permanently locked inside the exploited iearn TUSD V1 vault (0x73a052500105205d34daf004eab301916da8190f) — described as 'mathematically unreachable and visible on-chain as permanent collateral damage' because the legacy code does not recognize sUSD as a valid asset. This exceeds the $100K threshold for red. All V1 vaults are deprecated per Yearn docs; additional residual balances across other deprecated V1 contracts are plausible but not enumerated. The TUSD vault alone confirms the red condition.
Sources #
- URLrekt.news — Yearn rekt4 (2023-12-16)rekt.news yearn-rekt4 — corroborates permanently locked sUSD in the TUSD V1 vault post-exploitretrieved 2026-05-16
- Yearn Finance — vaults overview confirming V1 deprecationYearn docs confirming all V1 vaults are deprecatedretrieved 2026-05-16
- Yearn Finance 4th Exploit — locked funds in deprecated vaulthacksdatabase/hacks/yearn-rekt4.md — ~$214K sUSD permanently locked in deprecated iearn TUSD V1 vault 0x73a052500105205d34daf004eab301916da8190fretrieved 2026-05-16
Methodology #
Determine whether contracts marked deprecated by a protocol announcement still hold >$100K in assets.
See the full factor methodology and distribution across all protocols →