crvUSD (Curve Stablecoin)

crvUSD is Curve Finance's over-collateralized CDP stablecoin on Ethereum. It uses a novel LLAMMA (Lending-Liquidating AMM Algorithm) that implements continuous soft liquidation — collateral is progressively converted to crvUSD across price bands as the collateral price falls (reversible if price recovers), with no hard-liquidation cliff. Per-collateral Controllers manage borrowing; PegKeepers defend the $1 peg via asymmetric mint/burn into Curve stableswap pools; MonetaryPolicy sets dynamic borrow rates. The system is a Vyper codebase (0.3.7/0.3.10) governed by Curve DAO via Aragon veCRV voting. Distinct from Curve DEX (slug curve-v2) but governed by the same DAO.

Sector evm_cdp

TVL $117.1M

Reviewed May 16, 2026

Factors 184

Categories 13

Risk score 33.9

DeploymentsEthereum · $117.1M

Risk profile at a glance

0 red · 4 yellow · 8 green

25 24 17 13 15 22 16 10 13 12 8 5 4

Categories & evidence

184 factors · 13 categories

Code & audits Yellow 21 25 of 25

RD-F-009 red Formal verification coverage No formal verification engagement found for crvUSD. Certora's public SecurityReports GitHub portfolio contains no crvUSD, LLAMMA, Controller, or PegKeeper entries. The Curve docs security/audits page enumerates only MixBytes and ChainSecurity across all crvUSD audit engagements — no FV firm (Certora, Halmos, Kani, or equivalent) appears in that list. MixBytes and ChainSecurity conducted traditional manual audits only. At $117M TVL with novel algorithmic AMM math (LLAMMA), absence of FV is a material gap. RD-F-001 yellow Audit scope mismatch MixBytes audit (Apr–Jun 2023) cited commit 0d9265cc2dbd221b0f27f880fac1c590e1f12d28. ChainSecurity audited Jan 2024 and Feb 2025 covering updated Controller/AMM implementations. Etherscan confirms deployed contracts source-verified (Exact Match) in Vyper 0.3.7 and 0.3.10. Current repo master uses Vyper 0.4.3 (test/dev only). Nov 2024 governance proposal for new blueprint implementations was also audited by ChainSecurity. No confirmed bytecode-vs-commit mismatch found, but full commit-SHA traceability across all deployed markets is incomplete — Etherscan Vyper verification does not expose the source commit SHA. Partial traceability warrants yellow rather than green. RD-F-002 yellow Audit recency Most recent audit: ChainSecurity Feb 21, 2025. Assessment date May 16, 2026. Delta ~450 days. Threshold: green ≤365d, yellow 366–730d. Falls in yellow band. RD-F-005 yellow Audit firm tier MixBytes is a Tier-2 firm (established, strong DeFi track record, not in canonical Tier-1 set). ChainSecurity is a Tier-2 firm (established Swiss academic background, widely respected but not Tier-1 per taxonomy). No Tier-1 firm (Trail of Bits, OpenZeppelin, Certora, Sigma Prime, Spearbit, Zellic) has publicly audited crvUSD as of 2026-05-16. Threshold: green = at least one Tier-1 audit; yellow = Tier-2 only. RD-F-006 yellow Audit-to-deploy gap MixBytes audit period: April 10 – June 5, 2023. crvUSD mainnet deploy: May 3, 2023. The deploy preceded audit completion by ~33 days (concurrent audit model). Threshold: green ≤60d (audit complete before deploy). The concurrent model (deploy before audit finalization) is unusual but used by Curve; the audit actively ran at the time of deploy. Marking yellow for non-standard pattern. RD-F-007 yellow Bug bounty presence & max payout Curve operates a HackerOne bug bounty (https://hackerone.com/curve) and self-hosted program (curve.finance/bugbounty). Maximum payout: $250,000 CRV (confirmed by on-chain governance vote for f(x) Protocol discovery). No Immunefi listing. The $250K CRV payout is denominated in CRV, not fixed USD; at current prices may be near $250K USD but uncertain. HackerOne page did not render scope details confirming crvUSD Controller/AMM contracts explicitly in scope, though the paid bounty involved a bug routed through LLAMMA crvUSD/WETH. Threshold: green = active program max payout ≥$500K USD. Marking yellow (payout in CRV not USD-fixed; scope not fully confirmable). RD-F-024 yellow Code complexity vs audit coverage crvUSD codebase is algorithmically novel (LLAMMA soft-liquidation AMM, PegKeeper, MonetaryPolicy). MixBytes 52-day audit covered 9 core contracts with 14 findings (2C/2H/4M/6L). ChainSecurity conducted two subsequent audits. AMM.vy is ~1,500 LOC with complex band math. No Slither cyclomatic complexity metrics available for Vyper. Two independent audits with high finding counts suggest reasonable coverage for complexity, but the novel algorithmic design and absence of formal verification leave residual uncertainty. Marking yellow as borderline (adequate audit coverage for size, but novel architecture warrants higher scrutiny). RD-F-183 yellow Bug bounty scope gap on highest-TVL contracts Curve operates a HackerOne bug bounty and self-hosted program with $250K CRV max payout. The $250K CRV payout to f(x) Protocol involved a bug routed through LLAMMA crvUSD/WETH, confirming crvUSD-adjacent systems are in scope. However, HackerOne scope page did not render (JS-rendered SPA), preventing explicit confirmation of crvUSD Controller/LLAMMA contract addresses in the in-scope list. No Immunefi listing exists where scope can be verified via API. Marking yellow: scope likely includes crvUSD but definitive contract-level confirmation unavailable. RD-F-010 gray Static-analyzer high-severity count Slither, Mythril, and Semgrep are Solidity-only tools and cannot parse Vyper source. The crvUSD production codebase is entirely Vyper (0.3.7/0.3.10). No Vyper-equivalent static analysis tool has been run against deployed contracts. Published audits did not include a programmatic static analysis artifact. RD-F-011 n/a SELFDESTRUCT reachable from non-admin path Vyper does not support the SELFDESTRUCT opcode. This factor is structurally inapplicable to Vyper contracts. RD-F-016 gray Divide-before-multiply pattern Slither divide-before-multiply detector cannot run on Vyper source. No Vyper-equivalent tool output available. RD-F-017 gray Mixed-decimals math without explicit scaling Static analysis for mixed-decimals arithmetic (Slither PH) cannot run on Vyper. WBTC (8 decimals) vs 18-decimal tokens requires scaling in AMM math; audits reviewed this but tool output is unavailable. RD-F-018 gray Signed/unsigned arithmetic confusion Symbolic execution tools (Manticore, Echidna property-check) for signed/unsigned arithmetic confusion are not publicly available for Vyper. No tool run output exists. RD-F-019 n/a ecrecover zero-address return unchecked crvUSD core contracts (Controller, AMM, ControllerFactory, PegKeeper) do not use ecrecover — no signature-based operations in the CDP/LLAMMA logic. crvUSD ERC-20 token uses EIP-2612 permit which in Vyper is handled by the compiler's built-in ECDSA, not raw ecrecover with a zero-address check gap. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned crvUSD uses no UUPS upgradeable proxy pattern. All core contracts are deployed as immutable non-proxy Vyper contracts. Profile §3 confirms Proxy: No for all listed contracts. RD-F-022 n/a Public initialize() without initializer modifier crvUSD is a Vyper codebase with no OZ proxy pattern. Vyper contracts use @deploy __init__() constructors, not proxy initializers. There is no OpenZeppelin initializer modifier concept in Vyper, and no initialize() function exists in any deployed crvUSD contract. All contracts are immutable non-proxy deployments. The ★ critical factor RD-F-022 is structurally not_applicable for pure Vyper non-proxy protocols. RD-F-023 n/a Constructor calls _disableInitializers() _disableInitializers() is an OZ pattern for upgradeable proxy implementation contracts. crvUSD has no upgradeable proxy implementations — all contracts are immutable non-proxy Vyper deployments.

RD-F-003 green Resolved-without-proof findings MixBytes pre-launch: 2 Critical + 2 High all fixed before deploy; 3 of 4 Medium fixed, 1 acknowledged; 5 of 6 Low acknowledged (normal pattern). No high/critical findings marked resolved without verifiable on-chain proof. ChainSecurity 2024/2025: all high-severity resolved per public summary. No unverifiable resolutions at critical/high severity identified.

RD-F-004 green Audit count Two distinct audit firms with verified public reports: MixBytes (June 2023, pre-launch) and ChainSecurity (Jan 2024 + Feb 2025, post-launch). Both have publicly accessible audit landing pages and PDF reports.

RD-F-008 green Ignored bounty disclosure No post-mortem or OSINT evidence of a vulnerability disclosed to Curve and not actioned before a crvUSD-specific exploit. The July 2023 Vyper reentrancy exploit affected other pools (NOT crvUSD — verified Vyper 0.3.7/0.3.10 are outside affected 0.2.15–0.3.0 range). The June 2024 depeg was a market/operational event with no prior undisclosed vulnerability.

RD-F-012 green delegatecall with user-controlled target Vyper raw_call with is_delegate_call pattern is the equivalent of Solidity delegatecall. Source review of Controller.vy and AMM.vy (master branch) found no delegatecall pattern with user-controlled target. The arbitrary callback vulnerability (MixBytes Critical #1) was fixed pre-deploy. Static analysis tool unavailable for Vyper; marked green on manual source review basis.

RD-F-013 green Arbitrary call with user-controlled target The liquidate_extended() arbitrary callback vulnerability (MixBytes Critical Finding #1) was fixed pre-deployment by prohibiting arbitrary callbacks. Post-fix, no user-controlled arbitrary call target in deployed contracts. MixBytes confirmed all critical findings fixed before mainnet deploy.

RD-F-014 green Reentrancy guard on external-calling functions ControllerFactory.vy uses @nonreentrant('lock') decorator on admin functions (Vyper 0.3.10). Master branch controller.vy and AMM.vy use '# pragma nonreentrancy on' for automatic reentrancy protection (Vyper 0.4.3). Deployed contracts (Vyper 0.3.7/0.3.10) are OUTSIDE the July 2023 reentrancy bug range (0.2.15–0.3.0). PegKeeper.vy does not use @nonreentrant but does not have the vulnerable external-call-before-state-change pattern. Reentrancy protection is present and appropriately applied.

RD-F-015 green ERC-777/1155/721 hook without reentrancy guard crvUSD accepts collateral tokens (WETH, wstETH, WBTC, sfrxETH, tBTC) — none are ERC-777 tokens with callbacks. crvUSD ERC-20 token (Stablecoin.vy) has no ERC-777/ERC-1155/ERC-721 hook integrations. No callback-based reentrancy risk from token standards.

RD-F-020 green EIP-712 domain separator missing chainId crvUSD ERC-20 (Stablecoin.vy, Vyper 0.3.10) implements EIP-2612 permit with an EIP-712 domain separator. Vyper's native EIP-2612 implementation includes chain.id in the domain separator as part of the language standard. No chainId omission identified.

Governance & admin Yellow 41 24 of 24

RD-F-025 red Admin key custody type ControllerFactory admin() returns 0xbabe61887f1de2713c6f97e567623453d3c79f67 (Curve Deployer 2 EOA). Custody type = single EOA. Emergency DAO is 5-of-9 Safe but only has emergency powers. Aragon DAO (veCRV) is the intended governance path but does NOT currently hold ControllerFactory admin. RD-F-026 red Upgrade multisig signer configuration (M/N) ControllerFactory admin is 1/1 (single EOA). Emergency DAO is 5/9 (adequate for its limited role). Aragon governance uses veCRV with no fixed signer set (display: DAO). Primary upgrade-equivalent path for the CDP system is 1/1 EOA. RD-F-027 red Single admin EOA [CRITICAL] ControllerFactory 0xC9332fdCB1C491Dcc683bAe86Fe3cb70360738BC admin() = 0xbabe61887f1de2713c6f97e567623453d3c79f67 (Curve Deployer 2 EOA). This EOA can call set_debt_ceiling(), add_market(), set_admin() with zero timelock. Contract deployed May 2023; admin unchanged as of May 2026 (3+ years). MixBytes audit explicitly flagged that DAO must own the factory, not an EOA. RD-F-028 red Low-threshold multisig vs TVL Primary admin (ControllerFactory) is effectively 1/1 (single EOA), the lowest possible threshold. $117M TVL against a 1/1 EOA admin. Emergency DAO 5-of-9 is separate and adequate for its narrow role but does not control the ControllerFactory. RD-F-033 red Timelock on sensitive actions Sensitive actions accessible by the Deployer 2 EOA without timelock: set_debt_ceiling (mint-equivalent), add_market (new collateral), set_monetary_policy on Controllers (oracle config). Emergency DAO (5-of-9) handles pause with no independent timelock. Only fee routing has role separation (fee_receiver distinct). No timelocked execution path exists for the EOA admin. RD-F-043 red Admin = deployer EOA after 7 days [CRITICAL] ControllerFactory deployed 2023-05-14. Admin as of 2026-05-16 is still 0xbabe61887f1de2713c6f97e567623453d3c79f67 (Curve Deployer 2 EOA). No admin transfer to Ownership Agent or any multisig has ever occurred — 3+ years post-deploy. MixBytes audit recommendation to transfer to DAO was not actioned. This is the defining governance failure for this protocol. RD-F-030 yellow Hot-wallet signer flag Deployer 2 EOA (0xbabe61887f1de2713c6f97e567623453d3c79f67) shows active operational behavior: pool deployments, liquidity operations, approve/exchange calls, PegPrice contract deployment in recent transaction history — consistent with a hot operational wallet, not a cold hardware-signing key. RD-F-032 yellow Timelock duration on upgrades No standalone TimelockController. Aragon vote duration = 7 days (168h) for Ownership votes — this is the functional delay on the DAO path. However, the Deployer 2 EOA admin on ControllerFactory can act immediately (0h delay). The dual-path reality: DAO-routed actions have 168h delay; EOA-direct actions have 0h delay. Graded yellow (not red) because the intended governance path has an adequate delay; red on F033 captures the EOA bypass. RD-F-035 yellow Role separation: upgrade ≠ fee ≠ oracle Upgrade-equivalent (market admin via ControllerFactory) and oracle-config (set_monetary_policy) both map to Deployer 2 EOA. Fee routing goes to distinct fee_receiver address 0xeCb456EA5365865EbAb8a2661B0c503410e9B347. Two of three roles (admin + oracle) held by same EOA; fee role is distinct. Partial role separation. RD-F-037 yellow Quorum achievable via single-entity flash loan Flash loan attack on quorum is not possible (veCRV non-flash-loanable per F036). However, Convex Finance controls approximately 42% of circulating veCRV — a single meta-protocol entity could sway or pass governance votes if allied with other large holders. 30% quorum is structurally achievable by Convex alone if it voted entirely one direction. This is a governance concentration risk, not a technical exploit vector. RD-F-039 yellow delegatecall/call in proposal execution without allowlist Curve Ownership Agent (0x40907540d8a6C65c637785e8f8B742ae6b0b9968) is an Aragon Agent that executes arbitrary calls after successful vote — no explicit target allowlist. This is the standard Aragon design. Mitigating factors: 7-day veCRV vote window allows community detection of malicious proposals; veCRV lock prevents flash-loan quorum manipulation; Emergency DAO can kill gauges. Structural risk is real but materially mitigated vs. typical Compound-Governor-without-allowlist setup. Graded yellow per curve-v2 precedent. RD-F-040 yellow Emergency-veto multisig present Emergency DAO (5-of-9 Safe) can kill PegKeeper operations and gauge allocations in emergencies. It does NOT have authority to cancel Aragon governance proposals pre-execution. Partial emergency veto exists for specific protocol functions but not a general governance-proposal cancel mechanism. RD-F-041 yellow Rescue/emergencyWithdraw without timelock No standalone rescue()/emergencyWithdraw() function draining user collateral found on crvUSD core contracts. collect_fees() on Controllers draws protocol fee accruals only (not user collateral), callable by ControllerFactory admin (Deployer 2 EOA) with no timelock. Admin power is real but does not enable direct user-collateral drain in a single transaction. Indirect risks via debt ceiling manipulation exist. Graded yellow. RD-F-042 yellow Admin has mint() with unlimited max crvUSD token has mint() restricted to minter role. Minter is ControllerFactory (mints to new markets within debt ceilings). Debt ceilings set by ControllerFactory admin (Deployer 2 EOA) with no timelock. No explicit on-chain hard max supply cap on the token contract. Debt ceiling mechanism is the soft cap. EOA can increase debt ceilings and thus enable more minting immediately. Graded yellow: minting constrained by governance-set debt ceilings, but EOA can change those without timelock. RD-F-047 yellow Governance token concentration (Gini) Convex Finance controls approximately 42% of circulating veCRV supply, giving it dominant governance influence over Curve DAO. vlCVX holders direct Convex's vote, creating a meta-governance layer. Top-3 holders likely control >50% of effective governance power. Gini coefficient estimated >0.85. This is a structural concentration risk, not a technical flaw. RD-F-029 gray Multisig signers co-hosted Emergency DAO has 9 signers; signer addresses are available but full ASN/custodian OSINT verification was not completed for all 9 signers within this assessment. No co-hosting evidence found in the limited review. The primary admin is an EOA (no co-hosting applicable). RD-F-031 gray Signer rotation recency No signer rotation events identified for ControllerFactory admin (EOA has never been transferred). Emergency DAO Safe rotation events not accessible from available OSINT within this assessment. No AddedOwner/RemovedOwner event data available for the Safe.

RD-F-034 green Guardian/pause-keeper distinct from upgrader Emergency DAO (5-of-9 Safe at 0x467947EE34aF926cF1DCac093870f613C96B1E0c) holds emergency pause/kill powers and is distinct from the Deployer 2 EOA (0xbabe61887f1de2713c6f97e567623453d3c79f67) holding ControllerFactory admin. Role separation between emergency actions and market administration exists.

RD-F-036 green Flash-loanable voting weight Curve governance uses veCRV (vote-escrowed CRV). veCRV is non-transferable and requires CRV to be locked for 1 week to 4 years. Flash loans cannot acquire veCRV within a single transaction — the time-lock makes this attack vector structurally impossible. Green by construction for any vote-escrow governance system.

RD-F-038 green Proposal execution delay < 24h Aragon Ownership votes require 7 days (168h) of voting before execution. Total delay between proposal creation and earliest execution is 7+ days. Well above the 24h threshold. No expedited execution path found.

RD-F-044 green Admin wallet interacts with flagged addresses Deployer 2 EOA (0xbabe61887f1de2713c6f97e567623453d3c79f67) transaction history reviewed. Recent activity shows normal protocol operations: pool deployments, liquidity operations, token approvals. No mixer interactions, OFAC counterparties, or dust-attack patterns observed in top 25 transactions.

RD-F-045 green Constructor args match governance proposal crvUSD deployed by known Curve team deployer. MixBytes audit reviewed deployment parameters and found no silent deviation. No reports of constructor arg mismatch found in any post-mortem or security review. ControllerFactory constructor args visible on Etherscan are consistent with documented deployment intent.

RD-F-046 green Contract unverified on Etherscan/Sourcify All core crvUSD contracts (token, ControllerFactory, all Controllers, LLAMMA AMMs) are verified on Etherscan with Vyper source code. MixBytes audit was performed against the verified source. No unverified core contracts found.

RD-F-167 green Deprecated contract paused but pause reversible by live admin No formally deprecated crvUSD contracts with paused state holding material value found. PegKeeperV1 exists alongside V2 but is not deprecated — both are active. USDM PegKeeper wind-down is an active governance-voted process, not a stale deprecated-paused surface. No F167 trigger identified.

Oracle & external dependencies Green 20 17 of 17

RD-F-048 green Oracle providers used Two oracle layers: AggregatorStablePrice (Curve-internal TVL-weighted EMA across crvUSD stableswap pools) for crvUSD price used by MonetaryPolicy; CryptoWithStablePriceAndChainlink family (Curve TriCrypto EMA + Chainlink safety limit) per collateral market (WETH, WBTC, wstETH, sfrxETH, tBTC). No Pyth, RedStone, or single-provider dependency.

RD-F-058 green Max-deviation threshold (bps) Chainlink safety limit = ±1.5% = 150 bps for collateral price oracles when use_chainlink=true. Chainlink ETH/USD and BTC/USD feeds have 0.5% deviation threshold (50 bps) on the feed side. 150 bps deviation cap is a meaningful control when active. AggregatorStablePrice has no explicit numeric deviation threshold beyond MIN_LIQUIDITY pool exclusion.

RD-F-059 green Oracle staleness check present CryptoWithStablePriceAndChainlink oracle family: CHAINLINK_STALE_THRESHOLD check confirmed — evaluates block.timestamp - min(chainlink_lrd.updated_at, block.timestamp) <= CHAINLINK_STALE_THRESHOLD before using Chainlink data; falls back to Curve EMA if stale. Exact threshold value not independently read (commonly 90,000s in Curve oracle contracts [?]). AggregatorStablePrice has no Chainlink feed, so no staleness check needed there.

RD-F-060 green Chainlink aggregator min/max bound misconfig Chainlink ETH/USD (0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419) and BTC/USD (0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c) are Ethereum mainnet flagship feeds with industry-standard configuration. Used only as ±1.5% safety limits, not as primary pricing — even misconfigured min/max bounds have limited blast radius since the EMA is primary. No misconfig evidence found. Major established feeds with standard deviation thresholds (0.5% per data cache).

RD-F-061 green LP token balanceOf used for pricing AggregatorStablePrice uses Curve pool oracle functions (EMA-based virtual_price / stored_price), not raw balanceOf. CryptoWithStablePriceAndChainlink uses Curve TriCrypto price_oracle() not balanceOf. No evidence of raw balanceOf-based pricing. MixBytes audit finding about remove_price_pair() not clearing last_tvl is an array management issue, not a balanceOf-pricing vulnerability.

RD-F-062 green External keeper/relayer not redundant No Chainlink Automation, Gelato, or keeper dependency for core protocol operations. price_w() on AggregatorStablePrice is called on every user interaction (borrow, repay, liquidate) — self-keening via user activity. PegKeepers are permissionless (any caller can trigger). MonetaryPolicy rate_write() called when needed. LLAMMA soft-liquidation triggered by arbitrageurs. No single-keeper dependency identified.

RD-F-181 green Permissionless-pool lending oracle crvUSD is a CDP with governance-controlled collateral listing (ControllerFactory admin-gated). New collateral markets require Curve DAO governance vote. AggregatorStablePrice add_price_pair() gated to admin (not permissionless). No permissionless pool oracle acceptance path. This is not a permissionless isolated-tier lending market — that architecture is LlamaLend (separate product). F181 is clearly inapplicable as a risk.

Economic risk Green 11 13 of 13

RD-F-067 yellow Historical bad-debt events ONE confirmed bad-debt event attributable to Curve infrastructure: June 2024 LlamaLend CRV market accrued ~$10M bad debt during Egorov liquidation cascade triggered by 28-30% CRV price drop. The bad debt was fully repaid by Michael Egorov within days (93% within hours; 100% confirmed on-chain). The crvUSD CDP markets (WETH, wstETH, WBTC, sfrxETH, tBTC) did NOT accrue bad debt in this event. Attribution note: LlamaLend is a separate product from crvUSD CDP but shares crvUSD as denomination token and Curve infrastructure. The June 2024 crvUSD upward depeg also caused inadvertent liquidations in sUSDe market — user losses via depeg mechanism, not direct CDP insolvency. crvUSD CDP itself has zero documented bad debt events as of 2026-05-16. RD-F-068 yellow Collateralization under stress crvUSD is over-collateralized by design (~160% average collateralization per Exponential DeFi analysis). CDP markets passed the June 2024 stress test (CRV -28-30%) without bad debt — collateral was high-quality (ETH, BTC, LSDs). However: the PegKeeper deviation-check failure during June 2024 demonstrated that crvUSD price can spike above $1 during liquidation cascades, making hard-liquidation repurchase more expensive and creating a theoretical path to under-collateralization via price distortion. The October 2025 flash crash produced only a minor $1.02 depeg, suggesting post-June 2024 remediation improved resilience. Stress scenario (40%+ ETH+BTC simultaneous drop + PegKeeper failure) represents a low-probability but non-trivial tail risk. Scoring yellow (not red — no breach to date; not green — the PegKeeper failure mode is documented and remains architecturally open). RD-F-073 yellow Oracle-manipulation-proof borrow cap Per-market debt ceilings exist and are governance-set (WETH: $200M, WBTC: $200M, wstETH: ~$150M per historical proposals). System utilization is estimated ~40-50% [?] vs. aggregate ceilings. HOWEVER: (1) The crvUSD price oracle (AggregatorStablePrice) is Curve-internal (EMA-smoothed aggregation from Curve stableswap pools), NOT Chainlink-anchored — susceptible to oracle manipulation if Curve pool liquidity is thin, though EMA reduces flash-loan risk (ChainSecurity audit confirmed EMA mitigation). (2) No public documentation of a ceiling-vs-oracle-manipulation-cost calibration methodology. (3) The June 2024 upward depeg event showed crvUSD oracle (market price) can spike significantly during demand surges, affecting all downstream markets. Debt ceilings exist and appear conservative, but calibration rigor is not fully evidenced. Scoring yellow. RD-F-064 gray TVL concentration (top-10 wallet share) Top-10 depositor wallet concentration metric not populated by pipeline (Dune queries return 403; CDP protocols have a borrower-position model distinct from pooled depositor TVL). No on-chain scan completed. The June 2024 Egorov liquidation event demonstrated single-borrower concentration risk in LlamaLend (not crvUSD CDP), which is relevant context but not quantified for the CDP system. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) [★ CRITICAL — N/A] crvUSD is NOT a Compound V2 fork and does not use cToken-style share markets. Controllers track per-borrower positions via user-address-indexed state (loan_exists(user: address) pattern); no pooled share token is issued. The donation-inflation attack vector requires a totalSupply=0 share-token market — this architecture is absent. The 2026-03-02 LlamaLend empty-market attack ($240K) is attributed to LlamaLend factory (curve-v2 slug), not the crvUSD CDP system assessed here. F070 is not applicable to crvUSD CDP/LLAMMA. RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) crvUSD Controllers are NOT ERC-4626 vaults. They implement per-borrower CDP position tracking in Vyper (loan_exists, total_debt, debt(user) — no totalAssets/totalShares/convertToShares ERC-4626 interface). No ERC-4626 vault virtual-share offset is relevant. The accounting model is fundamentally different from yield vault accounting. F074 is N/A for crvUSD CDP. RD-F-075 n/a First-depositor / share-inflation guard crvUSD Controllers do not use share-token accounting. Per-user position tracking (each loan is an independent debt/collateral record indexed by user address) eliminates the first-depositor share inflation attack vector by construction. The LLAMMA AMM has internal band-based LP accounting (not an external LP token) and no first-depositor vulnerability. F075 (first-depositor guard) is N/A for this non-vault CDP architecture.

RD-F-063 green TVL (current + 30d trend) TVL = $117.1M as of 2026-05-16; 30d change +198.79% (major recovery from ~$39M trough). 90d CoV = 0.569 indicating high volatility in the window (mean $59.6M, std $33.9M). TVL meets $100M coverage threshold. Single-chain (Ethereum, 100%). Protocol has been live since May 2023 with long history.

RD-F-065 green Liquidity depth per major asset crvUSD CDP collateral assets are all high-liquidity blue-chip tokens: WETH (largest DeFi liquidity pool), wstETH (top LST), WBTC (largest BTC wrapper), sfrxETH (Frax LSD), tBTC (Threshold BTC). Each has substantial on-chain secondary-market depth (billions in DEX liquidity for ETH/BTC; hundreds of millions for LSDs). LLAMMA AMM provides internal soft-liquidation liquidity. No long-tail or low-liquidity collateral in the crvUSD CDP system. Quantified 2%/5% slippage depth not computed but qualitatively green given collateral selection.

RD-F-066 green Utilization rate (lending protocols) Applicable (CDP lending protocol). Pipeline borrow.utilization_rate_pct: null due to incorrect lending_protocol: false flag in coverage_flags. Best-estimate: crvUSD circulating supply ~238-293M (CoinMarketCap ~238.5M as of 2026-05-12; multiple sources) vs. aggregate debt ceiling capacity (WETH: $200M, WBTC: $200M, wstETH: $150M+; total >$500M). System-level utilization estimated ~40-50% [?]. No market appears near its ceiling based on available data. No evidence of any market above 95% utilization. The 90-day TVL CoV of 0.569 with current $117M collateral TVL is consistent with significant headroom.

RD-F-069 green Algorithmic / under-collateralized stablecoin crvUSD is an OVER-COLLATERALIZED CDP stablecoin — NOT algorithmic or under-collateralized. Users must deposit more collateral value than crvUSD minted. The LLAMMA mechanism is a novel liquidation algorithm (continuous soft-liquidation via bands) but does not change the over-collateralization requirement. PegKeepers can mint crvUSD up to their debt ceilings ($25M each per v2) single-sided into stableswap pools, but this is a small secondary mechanism backed by LP positions. Galaxy Research whitepaper (May 2023) classifies crvUSD as a collateral-backed CDP stablecoin. No algorithmic mint-and-burn without collateral occurs in the primary CDP system.

RD-F-071 green Seed-deposit requirement for new market listing crvUSD CDP markets are created only via Curve DAO governance (Aragon Ownership vote: 7-day, 51% support, 30% quorum) — no permissionless market creation. ControllerFactory admin controls market addition. Individual borrowers face a `min_collateral(debt, N)` requirement (minimum collateral enforced per loan). Per-position tracking (not share tokens) means the first-depositor inflation attack vector is structurally absent regardless of seed deposit. Governance gate effectively functions as market-listing protection against empty-market risk.

RD-F-072 green Market-listing governance threshold crvUSD CDP new collateral markets require Curve DAO Ownership vote (Aragon): 7-day voting, 51% support, 30% min quorum of veCRV. This is HIGH-threshold governance. Historical examples: wstETH, WBTC, WETH, sfrxETH, tBTC all required separate DAO votes (The Block reporting on WETH governance vote). Community discussion on gov.curve.fi precedes on-chain vote. Governance process is comparable to Aave V3 AIP process in rigor. GHO PegKeeper onboarding also required DAO review (governance forum post Feb 2026). No permissionless market addition pathway exists in the crvUSD CDP system.

Operational history Green 17 15 of 15

RD-F-089 red Insurance coverage active No protocol-level insurance fund or active coverage found for crvUSD. Curve does not operate a first-party insurance/reserve fund. Nexus Mutual offers a 'crvUSD Depeg Cover' product (valid if crvUSD depegs 10% for 7 consecutive days) but this is user-purchased third-party coverage, not a protocol-maintained cover position. No evidence of Curve DAO governance vote authorizing purchase of institutional Nexus Mutual, Unslashed, or Sherlock coverage on behalf of the protocol. Data cache bug_bounty.platform=null (Immunefi not used; no coverage evidence there either). Red. RD-F-084 yellow TVL stability (CoV over 90d) TVL 90-day coefficient of variation = 0.569 per data cache — materially high. Peak TVL ~$347.6M (2024-03-07, ts 1709942400). Current TVL $117.1M (2026-05-16). 30d change +198.8% from a ~$33-40M trough in Feb-Mar 2026. The protocol has seen TVL drops exceeding 75% peak-to-current. Most severe single-period drops in data cache: mid-2024 (~$165-200M to ~$97M Aug 2024) and Feb-Mar 2026 (~$33-40M). Volatility is macroeconomic (ETH/BTC price movements, borrowing demand cycles) not exploit-driven. High CoV warrants yellow; not red because no exploit-driven TVL exit event. RD-F-086 yellow Pause activations (trailing 12 months) One documented peg deviation event: June 12, 2024 upward depeg. During a CRV-long market liquidation cascade, crvUSD price spiked dramatically and remained above peg over multiple blocks. Root cause: PegKeeper V2 deviation-check anti-spam mechanism prevented the PegKeeper from supplying crvUSD to restore the peg. LlamaRisk incident report is the primary source. Event was transient (intra-day resolution), no funds stolen from crvUSD CDP, and the peg has been tight under normal conditions across the 36-month operational history. Yellow: one documented peg failure driven by mechanism design tradeoff; not red because it was transient and remediation is ongoing. RD-F-078 n/a Chronic-exploit flag (≥3 incidents) No direct crvUSD core exploit has occurred in 36 months of operation. RD-F-078 measures hours from exploit to first on-chain response (pause, upgrade, drain). With zero exploits on crvUSD CDP/LLAMMA/Controller, this factor is structurally inapplicable. The June 2024 peg event was an operational event without an attacker-response on-chain action; peg restored by market forces and PegKeeper mechanics once the liquidation cascade ended. RD-F-079 n/a Same-root-cause repeat exploit No direct crvUSD smart-contract exploit has occurred requiring an exploit post-mortem. The June 2024 peg event has a high-quality post-mortem (LlamaRisk report: names root cause — PegKeeper V2 deviation-check anti-spam mechanism; names contracts — PegKeeper V2, Regulator; explains mechanism clearly), but this is an operational event post-mortem, not an exploit post-mortem. RD-F-079 assesses post-mortem quality for exploit incidents. Not applicable. RD-F-080 n/a Days since last exploit No crvUSD-core exploit has occurred requiring remediation (bounty to victims, partial/full refund to affected users). The June 2024 peg event caused inadvertent liquidations in adjacent Curve Lend markets; no public reimbursement program for those users has been confirmed. The factor measures exploit-response remediation posture. Not applicable to crvUSD core with zero exploits. RD-F-083 n/a Auditor re-engaged after last exploit No crvUSD-core exploit has occurred requiring white-hat intervention or fund recovery. The July 2023 Curve Vyper event (which did NOT affect crvUSD) had significant white-hat involvement ($5.4M returned by MEV bots; 0xc0ffeebabe returned Metronome funds), but that is curve-v2, not crvusd. Not applicable to crvUSD core. RD-F-166 n/a Deprecated contracts still holding value crvUSD's operational model does not involve formal deprecation-and-abandonment of contracts. Old Controller versions (wstETH v1: 0x584B0Fd8F038fe8AEDf4057Ca3cB3D840446fBbf; wstETH v2: 0x100daa78fc509db39ef7d04de0c1abd299f4c6ce) and PegKeeper v1 (0x6B765d07cf966c745B340AdCa67749fE75B5c345) remain on-chain in a superseded-but-still-operational state, continuing to serve existing borrowers. No governance vote formally declaring any crvUSD contract deprecated and ordering migration has been found. RD-F-166 requires both (1) formal deprecation announcement and (2) deprecated contract still holding value. Condition (1) is not met. PegKeeper V1 docs remain accessible (docs.curve.fi/crvUSD/pegkeepers/PegKeeperV1/), indicating no formal deprecation. Score not_applicable.

RD-F-076 green Protocol age (days) crvUSD deployed to Ethereum mainnet 2023-05-03 (first mainnet minting; public UI 2023-05-17). Approximately 36 months live as of 2026-05-16. Protocol has survived the July 2023 Curve Vyper crisis (crvUSD unaffected), the June 2024 peg deviation event, and multiple TVL cycles including a ~75% peak-to-trough drawdown. 36 months substantially exceeds minimum threshold for green. Etherscan token creation date consistent with May 2023 launch.

RD-F-077 green Prior exploit count Zero smart-contract exploits directly against the crvUSD CDP/LLAMMA/Controller system in 36 months of operation. Three candidate events examined and excluded: (1) 2023-07-30 Curve Vyper reentrancy — affected Vyper 0.2.15–0.3.0 stableswap pools only; crvUSD used Vyper 0.3.7/0.3.10, explicitly confirmed unaffected by Curve team and hacksdatabase. (2) 2024-06-12 crvUSD peg deviation — operational/market event, no contract exploit, no fund theft from crvUSD CDP. (3) 2026-03-02 LlamaLend donation attack — hacksdatabase protocol_slug: curve-v2; LlamaLend factory (not crvUSD Controller/LLAMMA). Data cache rekt.incidents=[] confirms zero Rekt-listed incidents for crvusd slug.

RD-F-081 green Post-exploit response score Zero exploits on crvUSD core in 36 months. No recurring exploit pattern possible. Hacksdatabase grep for crvusd/crvUSD returned no incident files attributing a hack to the crvusd slug. Data cache rekt.incidents=[] confirms zero Rekt-listed incidents. Unambiguously green.

RD-F-082 green Post-mortem published within 30 days No exploits on crvUSD core at any time, including post-deploy and post-upgrade windows. The PegKeeper V2 upgrade preceded the June 2024 peg event by weeks but the peg event was not a contract exploit (no funds stolen; it was a mechanism design tradeoff activating during a liquidation cascade). No exploit-within-30-days-of-upgrade pattern observed. Green.

RD-F-085 green Incident response time (minutes) 30-day TVL change = +198.8% per data cache (defillama.tvl_30d_change_pct). Strong organic recovery from ~$33-40M Feb-Mar 2026 trough to $117.1M as of 2026-05-16. Recovery is driven by organic borrowing demand, not airdrop/incentive spike. Green.

RD-F-087 green Pause > 7 consecutive days No evidence of any crvUSD market being paused for more than 7 consecutive days in the last 12 months. The Emergency DAO (5-of-9 multisig at 0x467947EE34aF926cF1DCac093870f613C96B1E0c) holds pause authority but no publicly documented multi-day pause of crvUSD markets has been found. Data cache rekt.incidents=[] and web searches find no governance posts or news referencing extended crvUSD market pause. 36 months without exploit-driven pause. Green.

RD-F-088 green Re-deployed to new addresses in last year No full redeployment (retiring prior address set) in the last 12 months. crvUSD uses an additive upgrade model: new Controller blueprints are deployed alongside old ones; old markets continue serving existing borrowers. PegKeeper V2 was an addition, not a replacement of PegKeeper v1. No retire-the-old-deploy event confirmed in last 12 months. ControllerFactory address 0xC9332fdCB1C491Dcc683bAe86Fe3cb70360738BC unchanged. Green.

Real-time signals Green 14 22 of 22

RD-F-105 red DNS/CDN/frontend hash drift DNS/CDN/frontend hash drift signal. Threshold: hash of {DNS A/AAAA, TLS cert, HTML DOM root, JS bundle hashes} differs from last-known-good baseline AND no matching change-management allowlist entry. FIRES: On May 12, 2025, the curve.fi domain was hijacked via DNS attack at the registrar level (iwantmyname compromise). Attackers redirected curve.fi traffic to a malicious website. Curve Finance migrated to curve.finance as primary domain. Curve has a prior history: August 2022 DNS attack on curve.fi ($570K losses). As of 2026-05-16: (1) curve.fi domain is in a transitional/deprecated state with ambiguous DNS ownership post-hijack; (2) no public change-management allowlist for the new curve.finance JS bundle hash baseline has been established; (3) the May 2025 attack was unscheduled (no allowlist entry suppressed it); (4) Curve Finance also suffered an X account breach in early May 2025 immediately preceding the DNS hijack — multi-vector attack pattern. Signal WOULD fire in a live monito RD-F-104 yellow Stablecoin depeg >2% on shared-LP venue Stablecoin depeg >2% on venues with shared LP. Highly applicable to crvUSD in two dimensions: (1) crvUSD itself is a stablecoin whose depeg would trigger through PegKeeper mechanism failure; (2) USDC/USDT in PegKeeper pools (USDC pool: 0x6B765d07cf966c745B340AdCa67749fE75B5c345; USDT pool: 0x3fA20eAa107DE08B38a8734063D605d5842fe09C) are dependency stablecoins. Current posture (2026-05-16): crvUSD at $0.9996 (0.04% from peg); USDC and USDT both within 0.1% of peg. Signal does NOT fire today. Yellow: signal is highly applicable and has demonstrably fired in prior events — June 12, 2024 crvUSD upward depeg to >$1.03 (LlamaRisk incident report); Oct 10, 2025 crvUSD depeg to $1.02 during crypto liquidation cascade with similar PegKeeper delay. PegKeeper V2 deviation check fix deployed post-June 2024 but structural risk of PegKeeper response delay under liquidation cascade conditions persists. Signal design is live-applicable; current posture is within threshold. [T-09 v1 production signal] RD-F-109 yellow Social-media impersonation scam spike Social-media impersonation scam-spike. Applicable: Curve Finance is a top-10 DeFi brand with large social presence. In early May 2025, the Curve Finance X (Twitter) account was compromised/breached, followed within days by the May 12, 2025 DNS hijack — a coordinated multi-vector attack pattern documented by crypto.news. Curve's X account compromise is a confirmed scam-spike vector (fake announcements from official account). Current scam-spike level in trailing 30 days to 2026-05-16 is not confirmable via OSINT without a social monitoring feed. Historical pattern elevates risk rating to yellow. RD-F-090 gray Mixer withdrawal → protocol interaction Mixer-withdrawal-to-protocol interaction signal requires Chainalysis or TRM Labs wallet clustering feed. No public-proxy evidence of mixer-funded wallets interacting with crvUSD Controllers or PegKeeper pools in trailing 30 days was found via OSINT. Signal is applicable (crvUSD is a live $117M TVL CDP; PegKeeper pools could receive mixer-funded interactions) but cannot be assessed without a licensed attribution feed. RD-F-091 gray Partial-drain test transactions Partial-drain test-transaction pattern detection requires mempool + on-chain pattern matching infrastructure. crvUSD Controllers (e.g. wstETH at 0x584B0Fd8F038fe8AEDf4057Ca3cB3D840446fBbf) are applicable targets. No partial-drain precursor pattern against crvUSD has been publicly documented. Assessment not possible via OSINT; requires pipeline implementation. RD-F-093 gray Abnormal gas-price willingness from attacker wallet Abnormal gas-price willingness (priority-fee ≥5× EMA baseline from attacker wallet) requires mempool listener with real-time attacker-wallet attribution. Not assessable via OSINT. No public evidence of gas-racing against crvUSD targets detected. RD-F-094 gray New contract with similar bytecode to exploit template New contract deployment with high bytecode similarity to known-exploit templates targeting crvUSD/LLAMMA class requires an on-chain new-deploy sweep with bytecode similarity comparison. No public exploit templates specifically targeting LLAMMA CDP documented as recently deployed. Not assessable via OSINT. RD-F-095 gray Known-exploit function-selector replay Function-selector call-pattern (known-exploit replay) requires a maintained exploit-template database and mempool + tx history pattern match. No known-exploit replay template against crvUSD Controllers is publicly documented. Not assessable via OSINT. RD-F-096 gray New ERC-20 approval to unverified contract from whale New ERC-20 approval to unverified contract from high-TVL user requires mempool + explorer monitoring of top whale wallets. Not assessable via OSINT. Signal deferred to v2 (consumer-app scope per T-09). RD-F-097 gray Sybil surge of identical-pattern transactions Sybil surge of identical-pattern transactions requires on-chain clustering of new EOAs submitting identical transaction patterns. Not assessable via OSINT. No sybil surge reported against crvUSD. RD-F-103 n/a Bridge signer-set change proposed/executed Bridge signer set change signal. Not applicable: crvUSD CDP minting is Ethereum-only; has_bridge_surface = false per profile §3 and data cache coverage_flags.layerzero_bridge=false. The crvUSD token bridges to other chains (Base, Optimism, Arbitrum, BSC) via third-party bridges, but these are token-bridge deployments outside CDP scope and not tracked under this protocol slug's bridge surface. [T-09 v1 production signal — N/A for this protocol] RD-F-106 n/a Cross-chain bridge unverified mint pattern Cross-chain bridge tx pattern (deposit src, mint dst without proof). Not applicable: crvUSD CDP minting is Ethereum-only. has_bridge_surface = false. No cross-chain minting surface exists in the crvUSD CDP system. RD-F-107 gray Admin EOA signing from new geography/device Admin EOA signing from new geography/device fingerprint. Applicable: Curve Deployer 2 (0xbabe61887f1de2713c6f97e567623453d3c79f67) is an EOA with ControllerFactory admin role. Signal requires off-chain signing telemetry (MPC/session-key provider data, or hardware-wallet fingerprinting) — not publicly accessible via OSINT. No anomalous signing events publicly reported.

RD-F-092 green Unusual mempool pattern from deployer wallet Curve Deployer 2 (0xbabe61887f1de2713c6f97e567623453d3c79f67) is the deployer wallet for crvUSD contracts. Etherscan shows it is labeled 'Curve: Deployer 2'; no unusual sequence of new contract deploys or approvals detected in OSINT as of 2026-05-16. GitHub curvefi/curve-stablecoin last commit 2026-05-15 shows active development but no admin-unusual-pattern mempool activity reported. This is a T-09 phase-2 signal not included in the v1 production shortlist; current posture is normal baseline.

RD-F-098 green TVL anomaly — % drop in <1h TVL anomaly signal (>30% drop in <1h vs 30d baseline). crvUSD TVL as of 2026-05-16 = $117.1M; 1d change = -1.89% (well within 30% threshold). 30d change = +198.8% — TVL is in a recovery trend from ~$39M trough. No acute TVL drop detected. 30d baseline median approximately $58M given the recovery trajectory from $39M in Feb-Mar 2026. Current TVL / 30d baseline > 1.0. Signal would NOT fire today. Suppression: no pre-announced migration; no sector-wide correlation. [T-09 v1 production signal]

RD-F-099 green Oracle price deviation >X% from secondary Oracle price deviation signal (|primary - secondary| / primary > 1% sustained ≥4 blocks). crvUSD uses AggregatorStablePrice v2 (0x18672b1b0c623a30089A280Ed9256379fb0E4E62) as primary crvUSD price oracle. Current crvUSD price on 2026-05-16: CoinGecko $0.9996, CoinMarketCap $0.9998, MEXC $0.9996 — 24h range $0.9990-$1.001. Delta between primary and secondary sources < 0.05%. Well within 1% threshold. Chainlink ETH/USD (0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419) and BTC/USD (0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c) feeds show normal heartbeat cadence. Signal would NOT fire today. The June 2024 upward depeg (crvUSD to $1.03+) would have fired this signal — current posture is stable. [T-09 v1 phase-2 signal]

RD-F-100 green Flash loan >$10M targeting protocol tokens Flash loan >$10M targeting protocol. Applicable: crvUSD Controllers interact with Curve stableswap pools; PegKeepers can be targeted. No active flash-loan exploit against crvUSD detected as of 2026-05-16. The June 2024 UwU Lend cascade involved an attacker borrowing crvUSD (not flash-loaning); the primary exploit was on UwU Lend's oracle, not crvUSD contracts. No on-chain evidence of flash-loan-targeting-crvUSD in trailing 30 days. Signal would NOT fire today. [T-09 v1 phase-2 signal]

RD-F-101 green Large governance proposal queued Large governance proposal queued (malicious-pattern flagged). Applicable: yes — Aragon Voting Ownership (0xE478de485ad2fe566d49342Cbd03E49ed7DB3356) is the vote entry-point. Key structural note: veCRV is non-transferable and time-locked (min 1 week, max 4 years), making flash-loanable weight structurally impossible for Curve DAO — the flash-loanable-weight sub-condition of this signal cannot fire. Active governance at gov.curve.fi as of 2026-05-16 shows routine operational proposals (LlamaRisk quarterly grant, Yield Basis CRV allocation debates) — none matching malicious-pattern criteria (no admin role change, no delegatecall to non-allowlisted target, no new-wallet proposer). Signal would NOT fire today. [T-09 v1 production signal]

RD-F-102 green Admin/upgrade transaction in mempool Admin/upgrade tx in mempool. Applicable: Curve Deployer 2 (0xbabe61887f1de2713c6f97e567623453d3c79f67) is the current ControllerFactory admin per Etherscan. No admin upgrade tx in mempool as of 2026-05-16. GitHub last commit 2026-05-15 shows active development but no queued governance-approved upgrade. No governance proposal for a crvUSD contract upgrade found at gov.curve.fi. Signal would NOT fire today. Note: if Curve Deployer 2 EOA remains the active ControllerFactory admin (vs being transferred to Ownership Agent), any admin tx from this EOA would fire this signal without a corresponding Aragon vote queued; this is a structural amplifier for signal sensitivity, resolved at Cat 2 scope. [T-09 v1 phase-2 signal]

RD-F-108 green GitHub force-push to sensitive branch GitHub force-push / sensitive-branch push. Applicable: curvefi/curve-stablecoin repo (https://github.com/curvefi/curve-stablecoin). Last commit 2026-05-15 per data cache. No public reports of force-push attacks or unauthorized sensitive-branch pushes on curvefi repos. Repo has normal commit cadence; no security alerts on GitHub. Signal would NOT fire today.

RD-F-110 green Unusual pending/executed proposal ratio Unusual pending/executed governance proposal ratio. Applicable: Aragon governance at gov.curve.fi. Active governance shows normal cadence as of 2026-05-16 — routine operational proposals (LlamaRisk quarterly update, Yield Basis CRV allocation). No unusual accumulation of pending-but-unexecuted proposals. Ratio within normal operational bounds. Signal would NOT fire today.

RD-F-182 green Security-Council threshold reduction (RT) Security-Council threshold reduction event (batch-24). Threshold: bridge/protocol Security Council multisig executes threshold reduction (e.g. 3/5 → 2/5), timelock removal, or new-signer addition within ≤14 days of either of the above. Applicable: crvUSD's Emergency DAO Gnosis Safe (0x467947EE34aF926cF1DCac093870f613C96B1E0c) is a 5-of-9 multisig with emergency pause/kill-gauge capability. Current posture: Emergency DAO Safe is at 5-of-9 threshold per data cache (safe_multisigs confirms threshold=5, owners=9). No governance proposal to reduce Emergency DAO threshold found at gov.curve.fi. No timelock removal proposal. No new-signer addition in the past 14 days. The Drift-protocol comparator (3/5→2/5 change six days before $285M DPRK exploit) is NOT exhibited by crvUSD. Signal would NOT fire today. [T-09 v1.1 candidate signal]

Dev identity & insider risk Green 10 16 of 16

RD-F-112 yellow Team public accountability surface Egorov accountability surface is deep (PhD, prior employer trail, NuCypher, media interviews, Crunchbase, conference appearances). AlbertoCentonze has EPFL education credential on LinkedIn. romanagureev has MIPT ('22) on GitHub. Macket has 749+ commits but zero real-world credential chain found in public OSINT — track-record-only pseudonym. Yellow because a core contributor (2nd by commits) has no verifiable public accountability surface beyond consistent GitHub handle. RD-F-117 yellow ENS/NameStone identity bound to deployer Curve Deployer 2 (0xbabe61887f1de2713c6f97e567623453d3c79f67) has NO ENS reverse resolution bound to it. Etherscan shows a community-added name tag ('Curve: Deployer 2') but this is not an ENS .eth name registration. Factor applies on EVM (EVM-applicable for crvUSD per profiler instructions — F117 is not not_applicable here). Yellow rather than red because the deployer is fully identified through other means (Curve team attribution, institutional use across crvUSD system), but the ENS binding itself is absent. RD-F-121 yellow Contributor OSINT depth score Egorov: 5/5 OSINT depth — PhD physics, prior employer chain (Monash postdoc, LinkedIn engineer, NuCypher CTO), multiple media profiles, conference record, Crunchbase. AlbertoCentonze: 3/5 — LinkedIn with EPFL but limited further depth. romanagureev: 3/5 — real name on GitHub, MIPT affiliation, no LinkedIn or conference trail found. Macket: 2/5 — consistent GitHub track record but zero real-world credential chain discoverable via public OSINT. Yellow because Macket (2nd contributor by commit volume) scores low on OSINT depth. RD-F-123 yellow Sudden admin-rescue/ACL change without discussion PRIMARY-SOURCE CORRECTION (reconciliation U3, 2026-05-16): Etherscan readContract on ControllerFactory 0xC9332fdCB1C491Dcc683bAe86Fe3cb70360738BC confirms admin() returns 0xbabe61887f1de2713c6f97e567623453d3c79f67 (Curve Deployer 2, an EOA). The admin was NEVER transferred to the Curve Ownership Agent (Aragon, 0x40907540d8a6C65c637785e8f8B742ae6b0b9968) despite the MixBytes June-2023 audit explicitly recommending DAO ownership; this state has persisted ~3 years. There has been no sudden ACL-change event — the admin position has been this deployer EOA continuously since contract creation on 2023-05-14. The un-transferred state is PUBLICLY KNOWN and audit-flagged (not concealed). F123 red requires confirmed concealed ACL change or insider-implant conduct; a static, openly-documented deployer-EOA admin is a Cat 2 decentralization failure (out of Cat 7 scope — governance-admin-analyst scores this), not a Cat 7 concealed insider conduct finding. Yellow: the single-step set_admin() means thi RD-F-122 gray Contributor paid to DPRK-cluster wallet Curve Finance contributors are paid via Swiss Stake GmbH off-chain payroll or CRV grants approved via DAO vote. There are no publicly traceable on-chain payment streams from Curve to individual contributor wallets that could be analyzed for 3-hop DPRK cluster routing. Cannot be meaningfully assessed at OSINT tier per established process-learnings precedent for companies with off-chain payroll. RD-F-184 gray Real-capital social-engineering persona No evidence of any 'team contributor' or 'external integrator' persona deploying ≥$1M in real capital to crvUSD or peer protocols as a social-engineering precursor found. The known reference pattern is Drift Protocol UNC4736 (6-month conference/in-person build-up with real-capital deposits before Solana durable-nonce pre-signing). Egorov's large personal CRV-collateral loans (Aug 2023, Jun 2024) represent his activity as a large holder, not a social-engineering persona build-up targeting crvUSD. Factor is M-only OSINT (P1) and requires curator confidence beyond on-chain trail. Mark gray per process-learnings: 'Mark GRAY + note the Drift comparator as the reference pattern. Don't spend time trying to confirm absence of something that by design leaves no public trace.'

RD-F-111 green Team doxx status Michael Egorov (michwill) is fully doxxed: real name, photo, PhD in Physics from Swinburne University, prior employment at LinkedIn and Monash University, NuCypher CTO (2015-2020), multiple public media interviews including CCN 2025 and Epicenter podcast, LinkedIn profile with 500+ connections. Other core contributors (AlbertoCentonze with EPFL credential, romanagureev with MIPT affiliation) are partially doxxed. Macket has consistent multi-year pseudonymous track record. No fully anonymous core contributor to crvUSD identified.

RD-F-113 green Team other-protocol involvement history Michael Egorov: NuCypher CTO (2015-2020, legitimate enterprise encryption startup), Curve Finance CEO (2020-present). No prior rug or scam association for any identified team member. AlbertoCentonze, romanagureev: OSINT returns no other protocol involvement or adverse history. Macket: GitHub-only history limited to Curve ecosystem. VC lawsuit (ParaFi/Framework/1kx) dismissed on jurisdiction in Feb 2025 — not adjudicated as fraud on merits; Swiss proceedings ongoing but no adverse ruling.

RD-F-114 green Deployer address prior on-chain history Curve Deployer 2 (0xbabe61887f1de2713c6f97e567623453d3c79f67) is a well-established Curve Finance deployer with long history of legitimate contract deployments across the Curve ecosystem. Etherscan community-label: 'Curve: Deployer 2 / curve.finance / Contract Deployer'. No rug-labeled contracts in prior history. No OFAC or mixer labels.

RD-F-115 green Prior rug/exit-scam affiliation No team member linked to a prior rugged or exit-scam-labeled protocol via OSINT. VC fraud lawsuit (ParaFi, Framework Ventures, 1kx vs Egorov) was dismissed on California jurisdiction grounds by the Court of Appeal in February 2025; the court did not adjudicate fraud on the merits. A Swiss civil proceeding is ongoing but has no adverse ruling as of 2026-05-16. This does not constitute rug-affiliation under the factor definition which requires a verified prior rug or exit-scam-labeled protocol.

RD-F-116 green Contributor tenure at admin-permissioned PR Lead contributor michwill (Michael Egorov) has 1,504 commits to curve-stablecoin, spanning the entire 3-year life of the protocol. Macket: 749 commits (multi-year). AlbertoCentonze: 498 commits. romanagureev: 75 commits. No fresh-contributor admin-permissioned PR pattern detected in 180-day commit review via GitHub API. Note: admin-level changes via set_admin() on the ControllerFactory require only the current deployer-EOA admin — NOT a DAO vote (primary-source confirmed, reconciliation U3). This marginally reduces the governor-gate safety assumed in the original assessment but does not affect F116 which concerns PR-level freshness.

RD-F-118 green Handle reuse across failed/rugged projects No evidence of social handle reuse across failed or rugged projects for any identified team member. 'michwill' (GitHub) and '@newmichwill' (X/Twitter) map consistently and exclusively to Michael Egorov / Curve Finance throughout their history. Macket, AlbertoCentonze, and romanagureev return no adverse OSINT for handle reuse across failed projects.

RD-F-119 green Commit timezone consistent with stated geography GitHub API commit timestamps for last 100 commits (April-May 2026) show most activity in 08:00-18:00 UTC window. romanagureev commits consistent with UTC+3 (Moscow, stated MIPT affiliation). Macket commits consistent with UTC+3/UTC+4. AlbertoCentonze commits consistent with UTC+1/UTC+2 (Lausanne, stated location). No DPRK-timezone cluster (UTC+9) detected. Team's stated geographies (Switzerland/Russia) are consistent with observed commit patterns. Confidence is medium as only recent commits were analyzed.

RD-F-120 green Video-off/voice-consistency flag Michael Egorov has appeared in video interviews and podcasts with face visible (CCN 2025 interview, Epicenter podcast). No video-off, voice-consistency anomaly, or timezone inconsistency flagged in any public record. No other core contributor is expected to make public media appearances. Factor is satisfied at the founder level for the protocol.

RD-F-124 green Deployer wallet mixer-funded within 30 days Curve Deployer 2 (0xbabe61887f1de2713c6f97e567623453d3c79f67) was funded by swiss-stake.eth (0x39415255619783a2e71fcf7d8f708a951d92e1b6) approximately 5 years 333 days before assessment date — well before the crvUSD deploy of 2023-05-03. The 30-day pre-deploy window specified in RD-F-124 is unambiguously clear. swiss-stake.eth shows standard DeFi participation (Curve governance voting, fee claims, LP activity) with no Tornado Cash or mixer labels on Etherscan.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus No confirmed OFAC SDN linkage or Chainalysis/Elliptic Lazarus cluster proximity found for Curve Deployer 2 or Michael Egorov. Multiple targeted searches ('Michael Egorov DPRK OR Lazarus OR North Korea OR OFAC') returned zero relevant results. The Drift Protocol DPRK hack (UNC4736, April 2026) involved attacker routing funds through Curve pools as a drain venue — this is categorically NOT team DPRK linkage (process-learnings: 'attacker routing through Curve pool ≠ team contamination'). F125 ★ is green; no rubric-level discretionary F downgrade triggered.

Fork / dependency lineage Yellow 22 10 of 10

RD-F-133 yellow Dependency manifest uses unpinned versions pyproject.toml pins vyper==0.4.3 (exact — good). snekmate (a security-relevant Vyper library) is specified as snekmate>=0.1.1 (minimum version, not pinned exact). No Foundry .gitmodules found (Vyper project uses Python pip rather than Foundry submodules for production dependencies). Unpinned snekmate allows unexpected minor-version pulls. Threshold: green = all critical libraries pinned exact; yellow = minor libs unpinned but core pinned. RD-F-135 yellow Shared-library version with known-vuln status Production contracts use Vyper 0.3.7 (crvUSD token, ControllerFactory v1) and Vyper 0.3.10 (Controllers, AMMs). Known GHSA advisories: GHSA-2q8v-3gqq-4f8p (concat overflow, high severity, affects <=0.3.10, fixed in 0.4.0), GHSA-vgf2-gvx8-xwc3 (precompile success not checked, moderate, affects <=0.4.0, fixed in 0.4.1). Snyk lists 7+ high-severity entries for Vyper 0.3.7. Contracts are immutable non-proxy deployments — cannot be recompiled to fix. Vyper team's Sept 2024 security review found no vulnerable production contracts in their 30,000-contract scan. Practical exploitability low but advisories exist. Threshold: yellow = advisory exists but low/medium severity. RD-F-126 n/a Is-a-fork-of crvUSD is an original Curve Finance design (LLAMMA, PegKeeper, Controller, MonetaryPolicy). Profile §5 explicitly confirms 'Not forked / original design.' No upstream fork source exists. Galaxy Research whitepaper and MixBytes audit README both describe the system as novel. RD-F-127 n/a Upstream patch not merged No upstream fork exists; this factor does not apply. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) No upstream fork exists; this factor does not apply. RD-F-129 n/a Code divergence from upstream (%) No upstream fork exists; code divergence measurement is not applicable. RD-F-130 n/a Fork depth (generations from original audit) No fork lineage; fork depth measurement is not applicable. RD-F-131 n/a Fork retains upstream audit coverage No upstream audit to retain. crvUSD received its own fresh independent audits (MixBytes + ChainSecurity). The fork-coverage concept is inapplicable for original designs. RD-F-132 n/a Fork has different economic parameters than upstream No upstream economic parameters to compare against; this factor is inapplicable for original designs.

RD-F-134 green Dependency had malicious-release incident (last 90d) No malicious-release advisory found for vyper, snekmate, or other crvUSD dependencies in trailing 90 days (February 2026 – May 2026). GitHub Security Advisories feed and Snyk database checked; no alerts for these packages in this window.

Post-deploy hygiene & change mgmt Green 9 13 of 13

RD-F-136 yellow Deployed bytecode matches signed release tag No formal signed release-tag-to-deployment matching discipline found for crvUSD. GitHub repo has 3,025 commits and 1 tag. Etherscan source verification is used as the primary bytecode authenticity mechanism rather than a cryptographically-signed release tag. Marking yellow: source is public and verifiable but no formal release artifact hash discipline. RD-F-139 yellow Post-audit code changes without re-audit Core contracts audited by MixBytes (June 2023) and ChainSecurity (Jan 2024). PegKeeperV2 received separate ChainSecurity audit (Dec 2023). scrvUSD/RewardsHandler audited by ChainSecurity (Dec 2024). However: new collateral market additions (sBTC2, USDM PegKeeper additions) via governance votes do not have per-market re-audit evidence. Yield Basis 1B credit line extension (2025) is a parameter change without re-audit. Incremental accumulation of unaudited market additions is the residual gap. RD-F-145 yellow Deployed bytecode reproducibility Vyper contracts are verified on Etherscan with Vyper 0.3.7/0.3.10 versions. Reproducibility is constrained by Vyper compiler version matching. No formal reproducibility audit or published bytecode-hash manifest found. Source is public; a sufficiently motivated curator can reproduce the bytecode. Marking yellow: no formal reproducibility guarantee published. RD-F-142 n/a Storage-layout collision risk across upgrades Not applicable: crvUSD contracts are non-upgradeable Vyper blueprints. Storage layout collision is a Solidity proxy-upgrade concern. No storage migrations occur in this system. RD-F-143 n/a Reinitializable implementation (no _disableInitializers) Not applicable: crvUSD contracts are deployed as non-upgradeable Vyper blueprints, not Solidity proxy/implementation patterns. _disableInitializers() is an OpenZeppelin Solidity pattern. Vyper does not have this function or the re-initialization risk it guards against. No reinitializable proxy implementation exists in the crvUSD core system.

RD-F-137 green Upgrade frequency (per 90 days) crvUSD uses non-upgradeable Vyper blueprints; existing Controllers/LLAMMA are immutable. No upgrade events on core contracts in last 90 days. New market additions are discrete governance-voted deployments, not in-place upgrades. No new Controllers deployed in the Feb-May 2026 period visible in available data.

RD-F-138 green Hot-patch deploys without timelock (last 30 days) No hot-patch deploy mechanism exists on crvUSD core contracts. Vyper blueprints are immutable. Any code change requires deploying a new blueprint contract and passing a governance vote to activate as a new market. No bypass of the governance process for emergency patches found.

RD-F-140 green Fix-merged-but-not-deployed gap No evidence of a known vulnerability fix merged in GitHub but not deployed to production. The non-upgradeable architecture means any undeployed fix would require a new blueprint deployment visible via governance. No post-mortem or security advisory documents an undeployed fix for crvUSD as of 2026-05-16.

RD-F-141 green Test-mode parameters in deploy MixBytes audit reviewed deployment configuration and found no test-mode parameters in production. No open deployment-configuration finding in any audit post-fix. Etherscan constructor args on ControllerFactory are consistent with production intent.

RD-F-144 green CREATE2 factory permits same-address redeploy crvUSD uses Vyper blueprint factory pattern. New markets are deployed with distinct parameters per market. No evidence of a CREATE2-same-address redeploy attack vector. Vyper blueprint deployments use create_from_blueprint() with fresh storage, not CREATE2 deterministic addresses with selfdestruct-redeploy risk.

RD-F-146 green New contract deploys in last 30 days No new crvUSD CDP core contract deployments identified in last 30 days. Profile §3 lists 7 Controllers all deployed in 2023-2024. TVL recovery in 2026 driven by user activity on existing markets, not new deployments. Governance proposals in 2025-2026 are parameter changes or scrvUSD-related, not new market deployments.

RD-F-168 green Stale-approval exposure on deprecated router crvUSD system does not have a traditional user-facing router contract with approval flows. No deprecated router contracts with outstanding user approvals found. USDM PegKeeper wind-down is a Curve-owned contract, not a user-approved router. No stale-approval hygiene gap identified.

RD-F-185 green Bridge rate-limiter / chain-pause as positive mitigant crvUSD CDP system is Ethereum-only with no cross-chain minting bridge. F185 targets bridge outflow rate-limiters as positive mitigants. Not applicable to an Ethereum-only CDP system. The crvUSD token's L2 bridges (Axelar/LayerZero) are third-party deployments outside Curve governance scope. Graded green (neutral positive mitigant) rather than not_applicable: the absence of a bridge rate-limiter is not a negative finding for a non-bridge protocol.

Cross-chain & bridge Gray 0 12 of 12

Threat intelligence & recon Yellow 25 8 of 8

RD-F-158 yellow Known-threat-actor cluster has touched protocol Known-threat-actor wallet cluster has touched protocol. The UwU Lend attacker (June 10, 2024 $19.3M exploit) used crvUSD Borrower on Curve Lend to open a 8.12M crvUSD borrow against 23.6M CRV collateral at Block 20061322. This attacker's wallet is a post-exploit labeled threat-actor cluster member. Per task instructions: an attacker routing through a Curve/crvUSD pool is Cat 11 F158 yellow, NOT team contamination. No DPRK/Lazarus-attributed cluster has been confirmed as touching crvUSD contracts per public Chainalysis or OFAC reporting. No Bybit-class (Feb 2025, $1.5B DPRK) or Ronin-class DPRK attribution found for crvUSD interactions. Yellow: threat-actor touched protocol in 2024 (>12 months ago); requires curated TI feed to confirm whether same wallet interacted in the last 30 days. [T-09 v1 phase-2 signal] RD-F-161 yellow Protocol-impersonator domain registered (typosquat) Protocol-impersonator domain registered (typosquat) within last 90 days. Applicable: Curve Finance is a top DeFi brand — major typosquat target. Curve Finance has a documented repeated history of DNS compromise (2022 curve.fi DNS attack, $570K losses; May 2025 curve.fi DNS hijack at registrar level). Protocol migrated to curve.finance in May 2025; curve.fi is now deprecated. The existence of a deprecated high-recognition domain (curve.fi) creates a natural typosquatting surface for multiple attack vectors (curve-finance.io, curvefi.com, etc.). Specific new typosquat registrations within 90 days of assessment (i.e., post-Feb 14, 2026) not confirmed via OSINT (WHOIS lookup not possible via WebFetch). Yellow: elevated structural risk given repeated attack history on this brand; specific 90-day new registration not confirmable without WHOIS/DomainTools feed. RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols Attacker wallet reconnaissance time before strike (days, for similar class). This is a static/historical metric characterizing protocol-class reconnaissance risk. For crvUSD and the broader Curve ecosystem: (1) June 2024 crvUSD cascade: UwU Lend exploited June 10, cascade triggered June 12 — 2-day precursor-to-effect window; attacker used stolen funds to open crvUSD borrow positions (brief reconnaissance-to-action timeline); (2) Aug 2022 Curve DNS attack: same-day execution, no documented advance reconnaissance; (3) May 2025 DNS attack: registrar credential obtained and exploit executed, no documented extended reconnaissance; (4) July 2023 Vyper exploit (affected Curve pools, not crvUSD): vulnerability was public knowledge for months before exploitation — weeks-scale reconnaissance window. For DPRK-class (78-day USPD model), there is no confirmed DPRK targeting of crvUSD. Yellow: reconnaissance times vary from same-day to weeks; protocol-class is an active target demonstrating multiple RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Mempool probe: attacker wallet sending low-gas failing txs to protocol (pre-strike testing). Applicable: yes. Requires mempool monitoring with threat-actor cluster attribution. Not assessable via OSINT. No public reports of this pattern against crvUSD. RD-F-162 gray Known-exploit-template selector deployed by any address Known-exploit-template selector-pattern deployed by any address. Requires on-chain deploy scan with exploit-template DB for LLAMMA/CDP class protocols. No public reports of exploit-template contracts targeting crvUSD class (LLAMMA CDP) recently deployed. Not assessable via OSINT. RD-F-164 gray Leaked credential on paste/sentry site Leaked credential on paste/sentry site matching protocol infra. Applicable: yes — Curve Finance operates web infrastructure (curve.finance, GitHub, Discord, social). The May 2025 registrar-level attack involved compromise of iwantmyname registrar credentials — this was a registrar-side credential leak, not a Curve-internal infra credential leak. No public evidence of Curve Finance GitHub/Discord/RPC-key credential leaks on paste sites found via OSINT. Requires curator credential-monitoring feed (HaveIBeenPwned, Leakbase, or similar) to assess properly. RD-F-165 gray Protocol social channel has scam-coordinator flag Telegram/Discord channel member flagged as scam-coordinator. Applicable: Curve Finance Discord (https://discord.com/invite/rgrfS7W) and Telegram (https://t.me/curvefi) are large community channels. The May 2025 X account breach involved external account compromise, not an internal scam-coordinator. No specific Discord/Telegram scam-coordinator flags found via OSINT. Requires curator social watchlist monitoring. Gap documented.

RD-F-160 green GitHub malicious-dependency incident touching protocol deps GitHub-flagged malicious-dependency incident touching protocol deps. Applicable: curvefi/curve-stablecoin uses Vyper 0.3.7/0.3.10 and Python toolchain. No GitHub security advisory for malicious release affecting Vyper 0.3.7/0.3.10 or protocol Python dependencies in trailing 90 days found via OSINT. GitHub repo shows active maintenance (last commit 2026-05-15). No npm/PyPI malicious releases flagged against Vyper or Curve's toolchain found in public security advisory feeds. Signal would NOT fire today.

Tooling / compiler / AI Green 17 5 of 5

RD-F-170 yellow Solc version used (known-bug versions flagged) Deployed production contracts: Vyper 0.3.7 (crvUSD ERC-20 token, ControllerFactory v1) and Vyper 0.3.10 (Controllers, LLAMMA AMMs, PegKeepers, oracle contracts) — confirmed by Etherscan source verification with Exact Match. NOT in the July 2023 reentrancy-affected range (0.2.15–0.3.0). However, known advisories for Vyper 0.3.7/0.3.10 include: concat buffer overflow (GHSA-2q8v-3gqq-4f8p, High, CVE-2024-22419, fixed in 0.4.0), _abi_decode overflow (fixed in 0.3.10rc4), out-of-bounds write in raw_call/create_from_blueprint (fixed in 0.3.10rc4), function-call argument order (fixed in 0.3.8). Several advisories in 0.3.7 are fixed in 0.3.10. For 0.3.10: precompile success check (GHSA-vgf2-gvx8-xwc3, Moderate). Concat overflow (GHSA-2q8v-3gqq-4f8p) affects both 0.3.7 and 0.3.10. Contracts are immutable — vulnerabilities are not patchable without full redeploy. Vyper team's contract scan found no exploitable production contracts, but crvUSD was not specifically excluded from vulnerable pattern RD-F-174 yellow Dependency tree uses EOL Solidity version Deployed production contracts use Vyper 0.3.7 (token, ControllerFactory v1) and Vyper 0.3.10 (Controllers, AMMs). Current latest Vyper stable is 0.4.3 (pinned in pyproject.toml for testing). Vyper does not formally declare versions 'EOL' in the same manner as Solidity, but 0.3.7/0.3.10 are two major sub-versions behind current and carry unpatched known advisories. Contracts are immutable — cannot be recompiled without protocol upgrade/redeploy. Yellow: not formally EOL but version-lagged with known unpatched compiler bugs. RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation crvUSD is an original Vyper design with no upstream Solidity protocol to compare bytecode against. AI-copy risk (high bytecode similarity to audited upstream with behavior deviation) is structurally inapplicable for original designs in a different programming language.

RD-F-172 green Repo shows AI-tool co-authorship in critical files GitHub commit history for curvefi/curve-stablecoin shows recent commits by human developers (AlbertoCentonze, Macket, romanagureev). No 'Co-authored-by: github-actions[bot]' or Copilot co-authorship tags found in visible commit messages. No AI co-authorship disclosure identified.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure by the Curve Finance team of AI-generated code in crvUSD smart contracts found in docs, blog posts, GitHub PRs, or social media. Web search returned no results for 'crvUSD AI copilot disclosure'. Michael Egorov and team have not publicly disclosed AI code generation for crvUSD.

Response & disclosure hygiene Green 8 4 of 4

RD-F-176 yellow Disclosure SLA public No publicly accessible acknowledgment-time SLA (e.g., '72h ack') found for the Curve bug bounty program. HackerOne policy text states researchers must disclose 'as soon as possible' and Curve will have 'a reasonable amount of time to resolve' — qualitative, not a published SLA. The docs.curve.finance/security/security/ page returned HTTP 403 during this assessment, preventing verification of any SLA language there. Two paid $250K bounties demonstrate active program engagement and rapid response in practice, but the rubric requires a *published* SLA. Yellow: no documented SLA found despite an active and well-funded program.

RD-F-175 green Disclosure channel exists Curve Finance maintains two active public disclosure channels: (1) HackerOne program at https://hackerone.com/curve — scope: smart contract vulnerabilities causing substantial loss of money, critical liveness failures, or irreversible fund loss; excludes known vulnerabilities and front-end code not leading to smart contract impact. (2) Self-hosted security docs at https://docs.curve.finance/security/security/ (returned HTTP 403 during assessment but existence confirmed via web search and news coverage). Max payout $250,000 in CRV confirmed by two paid precedents: Marco Croc / Kupia Security reentrancy vulnerability (2024); f(x) Protocol swap router bug governance proposal (May 2024, max bounty size confirmed). NOT Immunefi — data cache bug_bounty.platform=null is a pipeline artifact (Immunefi-only scraper). Self-hosted + HackerOne is a positive program configuration, not an absence of a bounty. Green.

RD-F-177 green Prior known-ignored disclosure No evidence of any previously-disclosed vulnerability against crvUSD being reported and then ignored before exploitation. The June 2024 PegKeeper deviation-check issue was a design tradeoff discovered in production via the liquidation event — it was not a disclosed-then-ignored bug. The July 2023 Vyper reentrancy was a compiler-level zero-day unknown to all parties. The LlamaLend 2026 donation attack (not crvUSD core) was an unpatched class of vulnerability, but not a prior-disclosed crvUSD-specific report. Data cache rekt.incidents=[] and no post-mortem language indicating ignored prior disclosure found in any primary source. Green.

RD-F-178 green CVE/GHSA advisory issued against protocol No CVE (NIST NVD) or GHSA (GitHub Security Advisories) issued specifically against crvUSD core contracts (crvUSD token, Controller, LLAMMA, PegKeeper) found in this assessment. Web search for 'CVE crvUSD' and 'GHSA curve stablecoin' returned no relevant CVE/GHSA entries. Note: CVE-2023-42443 was issued against the Vyper compiler itself (not crvUSD contracts), and crvUSD was not affected by the Vyper 0.2.15–0.3.0 vulnerability it documents. GitHub repo (github.com/curvefi/curve-stablecoin) has no GHSA advisories found. Green.

rubric_version v1.7.0 graded_at 2026-05-16 22:00:01 factors 184 protocol crvusd