Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.

Sommelier

Lending, Money Markets & CDPsmedium·risk 0.3401·TVL $1M·blast $1M·active
Static profile (Identity / Contract / Dependency / Governance / Reputation)

Identity

Sector
Lending, Money Markets & CDPs
Subsector tags
consumer_app, infra_tooling, general_defiDemo
Chain deployments
Arbitrum, Ethereum, Optimism
Website
https://www.sommelier.xyzDemo
Launch date
Sep 30, 2022
Immutable
noDemo
Permissionless
yesDemo

Contract

Primary address
0xa670d7237398238de01267472c6f13e5b8010fd1
Proxy pattern
none
Upgrade authority
UNKNOWN
Multisig threshold
Compiler
0.8.20
Uses assembly
yesDemo
Bug bounty
noneDemo
Contract addresses
0xa670d7237398238de01267472c6f13e5b8010fd1Demo
Audits tier
2

Dependency

Oracle providers
Chainlink
Bridge dependencies
Stablecoin dependencies
LST / LRT deps
Demo
DEX liquidity venues
curve, balancer, pancakeswapDemo
CEX listings
gateioDemo
Custodian
Demo
KMS provider
gcp_kmsDemo
RPC provider
infuraDemo
Frontend host
cloudflare_pagesDemo
npm lockfile sha
sha256:bd7069ff1383267e3414bf387439fbd421c32b350e5185f5a08bb920a3de3a5dDemo

Governance

Governance type
token_votingDemo
Governance token
0x533a94ec8725dd279d97b62f7b4bc346811451ddDemo
Treasury size
$14.8KDemo
Team size
155Demo
Jurisdiction
USDemo
Incorporated entity
Sommelier FoundationDemo
Anonymous team
noDemo
Security disclosure
noDemo
IR SLA (hours)
Demo

Reputation

GitHub
https://github.com/sommelier/sommelierDemo
Commit velocity (30d)
6Demo
Contributors
39Demo
Twitter
@sommelierDemo
Discord
https://discord.gg/l4m0h1Demo
Last incident
Oct 26, 2025Demo
KYT screening
mixedDemo

Threat History

2 recorded incidents
reentrancyprotocolunknownDemo
$30.7M

On 2025-10-26, Sommelier suffered a reentrancy incident resulting in approximately $30,716,383 in losses. The exploit targeted the protocol layer. A flash loan was used to amplify the attack. Attribution: unknown. This is a demonstration entry — not a real incident.

DEMO:AADAPT.TA0004DEMO:AADAPT.TA0040
access control missingprotocolunattributed_criminalDemo
$13.9M

On 2021-09-14, Sommelier suffered a access control missing incident resulting in approximately $13,862,999 in losses. The exploit targeted the protocol layer. Attribution: unattributed_criminal. This is a demonstration entry — not a real incident.

DEMO:AADAPT.TA0004DEMO:AADAPT.TA0006

Peer Incidents · Method B

12 root-cause predicate matches

Vulnerable to: reentrancy

Matches the reentrancy predicate

27 historical peer events
  • Kyber NetworkDemo
    $2.1M
  • DeribitDemo
    $936K
  • Zora NetworkDemo
    $4.7M
  • Stader LabsDemo
    $16.1M
  • Circle (Circle Payments / Circle APIs)Demo
    $4.9M
  • + 22 more

Vulnerable to: phishing drainer

Matches the phishing drainer predicate

18 historical peer events
  • GoldfinchDemo
    $1M
  • BitgetDemo
    $739.9K
  • OrcaDemo
    $180.8K
  • Ether.fiDemo
    $443.4K
  • Alchemy PayDemo
    $334.2K
  • + 13 more

Vulnerable to: flash loan governance

Matches the flash loan governance predicate

18 historical peer events
  • ThirdwebDemo
    $33.2M
  • LayerZero Labs (physical verification context only)Demo
    $40.2M
  • First Digital USDDemo
    $12.1M
  • Protocol-Native Treasury Agents (DAO-embedded)Demo
    $13.8M
  • F2PoolDemo
    $3.5M
  • + 13 more

Vulnerable to: ice phishing approval

Matches the ice phishing approval predicate

16 historical peer events
  • deBridgeDemo
    $7.5M
  • EulerDemo
    $87.9K
  • Bend DAODemo
    $968.9K
  • Maple FinanceDemo
    $1.4M
  • BlurDemo
    $6.5M
  • + 11 more

Vulnerable to: frontend dns hijack

Matches the frontend dns hijack predicate

12 historical peer events
  • Bridge.xyz / StripeDemo
    $10.4M
  • UK FCA Digital SandboxDemo
    $3.6M
  • Three SigmaDemo
    $2.7M
  • CryptoQuantDemo
    $517.3K
  • Celsius (defunct)Demo
    $22M
  • + 7 more

Vulnerable to: supply chain npm

Matches the supply chain npm predicate

10 historical peer events
  • Beefy FinanceDemo
    $176.2K
  • PowerledgerDemo
    $7.4M
  • UnichainDemo
    $8.8M
  • MEXCDemo
    $1M
  • Mango MarketsDemo
    $915.6K
  • + 5 more

Vulnerable to: kms misconfiguration

Matches the kms misconfiguration predicate

9 historical peer events
  • Stably, Inc. (issuance via regulated partners depending on program)Demo
    $505K
  • MatrixdockDemo
    $4.3M
  • EulerDemo
    $3.6M
  • NosanaDemo
    $1.7M
  • Tron FoundationDemo
    $1.3M
  • + 4 more

Vulnerable to: dvn collapse

Matches the dvn collapse predicate

8 historical peer events
  • Blast, Blockdaemon Wallet +2Demo
    $93.6M
  • Fordefi, XSGDDemo
    $17M
  • Element Finance, QuantozDemo
    $1.1M
  • Mercado Bitcoin, SwellDemo
    $15.3M
  • Internet Computer (DFINITY), Mantle +1Demo
    $10.3M
  • + 3 more

Vulnerable to: signature malleability

Matches the signature malleability predicate

8 historical peer events
  • Ether.fiDemo
    $17.2M
  • Swell NetworkDemo
    $1.2M
  • Immutable protocolDemo
    $4M
  • The SandboxDemo
    $3.9M
  • PancakeSwapDemo
    $656.7K
  • + 3 more

Vulnerable to: regulatory seizure

Matches the regulatory seizure predicate

6 historical peer events
  • RaydiumDemo
    $1.9M
  • CoinDCXDemo
    $29.8M
  • Silo FinanceDemo
    $14M
  • Base BridgeDemo
    $8.3M
  • EigenDADemo
    $101M
  • + 1 more

Vulnerable to: governance proposal malicious

Matches the governance proposal malicious predicate

5 historical peer events
  • Stripe CryptoDemo
    $1.5M
  • Notional V3Demo
    $507.1K
  • Hong Kong Monetary Authority — Ethereum pilotsDemo
    $18.9M
  • FalconXDemo
    $4.8M
  • AvailDemo
    $30.8M

Vulnerable to: prompt injection agent

Matches the prompt injection agent predicate

4 historical peer events
  • LodestarDemo
    $3.2M
  • Ether.fi CashDemo
    $4.6M
  • HTX (Huobi)Demo
    $3.7M
  • SwellDemo
    $403K

Dependency Twins · Method A + B + C ensemble

Top 10 of 25 precomputed
#1

Euler

Lending, Money Markets & CDPs · low
Ensemble
0.548
A · Jaccard0.25
B · Overlap3
C · Cosine0.77
Matches on
  • subsector_tags = general_defi, infra_tooling
  • oracle_providers = Chainlink
  • chain_deployments = Ethereum
  • method_b_root_causes = signature_malleability, kms_misconfiguration, ice_phishing_approval
#2

Immutable protocol

Stablecoin Issuers & Synthetic Dollars · medium
Ensemble
0.471
A · Jaccard0.27
B · Overlap2
C · Cosine0.77
Matches on
  • subsector_tags = consumer_app, general_defi, infra_tooling
  • oracle_providers = Chainlink
  • chain_deployments = Ethereum
  • method_b_root_causes = signature_malleability
#3

Radiant Capital

Lending, Money Markets & CDPs · medium
Ensemble
0.457
A · Jaccard0.27
B · Overlap2
C · Cosine0.72
Matches on
  • subsector_tags = consumer_app, infra_tooling, general_defi
  • oracle_providers = Chainlink
  • chain_deployments = Arbitrum, Ethereum
  • method_b_root_causes = reentrancy, ice_phishing_approval
#4

Swell

Liquid Staking & Restaking · medium
Ensemble
0.457
A · Jaccard0.25
B · Overlap2
C · Cosine0.74
Matches on
  • subsector_tags = consumer_app, general_defi
  • oracle_providers = Chainlink
  • chain_deployments = Ethereum
  • method_b_root_causes = dvn_collapse, prompt_injection_agent
#5

Ether.fi

Liquid Staking & Restaking · high
Ensemble
0.432
A · Jaccard0.18
B · Overlap2
C · Cosine0.73
Matches on
  • subsector_tags = infra_tooling, general_defi, consumer_app
  • oracle_providers = Chainlink
  • chain_deployments = Arbitrum, Ethereum
  • method_b_root_causes = signature_malleability, phishing_drainer
#6

Kelp DAO

Liquid Staking & Restaking · high
Ensemble
0.429
A · Jaccard0.24
B · Overlap2
C · Cosine0.66
Matches on
  • subsector_tags = general_defi, infra_tooling
  • oracle_providers = Chainlink
  • chain_deployments = Arbitrum, Ethereum, Optimism
  • method_b_root_causes = reentrancy, ice_phishing_approval
#7

Sanctum

Liquid Staking & Restaking · critical
Ensemble
0.427
A · Jaccard0.23
B · Overlap2
C · Cosine0.66
Matches on
  • subsector_tags = general_defi, consumer_app
  • oracle_providers = Chainlink
  • method_b_root_causes = reentrancy
#8

Governed protocol (monetary policy–driven)

Stablecoin Issuers & Synthetic Dollars · medium
Ensemble
0.427
A · Jaccard0.33
B · Overlap1
C · Cosine0.83
Matches on
  • kms_provider = gcp_kms
  • subsector_tags = infra_tooling, general_defi, consumer_app
  • oracle_providers = Chainlink
  • chain_deployments = Ethereum
#9

Ether.fi Cash

Lending, Money Markets & CDPs · high
Ensemble
0.426
A · Jaccard0.18
B · Overlap2
C · Cosine0.71
Matches on
  • subsector_tags = consumer_app, general_defi, infra_tooling
  • oracle_providers = Chainlink
  • chain_deployments = Arbitrum, Ethereum
  • method_b_root_causes = supply_chain_npm, prompt_injection_agent
#10

Lodestar

L1 & L2 Network Operators · high
Ensemble
0.421
A · Jaccard0.31
B · Overlap1
C · Cosine0.83
Matches on
  • frontend_host = cloudflare_pages
  • subsector_tags = general_defi, consumer_app, infra_tooling
  • oracle_providers = Chainlink
  • chain_deployments = Arbitrum