Prior exploit count
crvUSD (Curve Stablecoin)'s assessment for RD-F-077 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Zero smart-contract exploits directly against the crvUSD CDP/LLAMMA/Controller system in 36 months of operation. Three candidate events examined and excluded: (1) 2023-07-30 Curve Vyper reentrancy — affected Vyper 0.2.15–0.3.0 stableswap pools only; crvUSD used Vyper 0.3.7/0.3.10, explicitly confirmed unaffected by Curve team and hacksdatabase. (2) 2024-06-12 crvUSD peg deviation — operational/market event, no contract exploit, no fund theft from crvUSD CDP. (3) 2026-03-02 LlamaLend donation attack — hacksdatabase protocol_slug: curve-v2; LlamaLend factory (not crvUSD Controller/LLAMMA). Data cache rekt.incidents=[] confirms zero Rekt-listed incidents for crvusd slug.
Sources #
- InternalCurve Finance / Vyper Hack Report — hacksdatabasehacksdatabase/hacks/curve-vyper.md — Vyper 0.2.15–0.3.0 affected; crvUSD 0.3.7/0.3.10 confirmed unaffectedretrieved 2026-05-16
- Curve LlamaLend Donation Attack 2026 — hacksdatabasehacksdatabase/hacks/curve-llamalend-2026-rekt.md — protocol_slug: curve-v2; LlamaLend not crvUSD CDPretrieved 2026-05-16
- crvUSD Upward Depeg (June 12, 2024) Incident Report — LlamaRiskLlamaRisk crvUSD Upward Depeg Incident Report 2024-06-12 — operational event, no exploitretrieved 2026-05-16
Methodology #
Count the number of distinct incidents in the hack database affecting this protocol.
See the full factor methodology and distribution across all protocols →