defirisk.co
rubric v1.7.0

Leaked credential on paste/sentry site

Convex Finance's assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Applicable. Convex runs infra endpoints (vote.convexfinance.com, docs.convexfinance.com). No public evidence of Convex credential dumps on paste/sentry sites found in search results. Team is anonymous — public key rotation and credential hygiene practices are opaque (no SIRT email, no security.md: security_md_present: false in data cache). Requires paste-site/credential-dump monitoring feed for authoritative assessment. Gray pending that feed.

Sources #

  • Internal
    Convex Finance data cache — security.md absent.research/protocols/convex-finance/00-data-cache.json — github.security_md_present: falseretrieved 2026-05-16
  • Internal
    Convex Finance profile — security channels.research/protocols/convex-finance/00-profile.md — Section 9: no security.md in GitHub repo, no published SIRT contactretrieved 2026-05-16

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-164 score gray collected_at 2026-05-16 02:41:28