Incident response time (minutes)

Convex Finance's assessment for RD-F-085 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Mar 2022 vlCVX event: Convex was 'recently made aware' of the issue (Popcorn team disclosure) and published the Medium post and deployed v2 on same day (March 4, 2022). Response was rapid. Exact response-time in minutes from notification to first public statement is not documented in the Medium post or secondary sources. Dec 2021 OZ event: Immunefi-mediated, multisig strengthened before details shared — the process took multiple days of coordination but the patching was done promptly. Specific minutes for last incident (Mar 2022) not determinable from public record.

Sources #

URL
Convex Finance Bug Causes CVX Token to Sink on Forced Token Unlock — CoinDeskCoindesk reporting confirming March 4, 2022 date of CVX token drop and contract migrationretrieved 2026-05-16
URL
Vote-Locked CVX Contract Migration — Convex Finance MediumConvex Medium post dated March 4, 2022 — same-day response, no sub-day timestamp availableretrieved 2026-05-16

Methodology #

Measure the time in minutes from the first exploit transaction to the first official team statement for the most recent incident.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-085 score yellow collected_at 2026-05-16 02:41:28