Chronic-exploit flag (≥3 incidents)

crvUSD (Curve Stablecoin)'s assessment for RD-F-078 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No direct crvUSD core exploit has occurred in 36 months of operation. RD-F-078 measures hours from exploit to first on-chain response (pause, upgrade, drain). With zero exploits on crvUSD CDP/LLAMMA/Controller, this factor is structurally inapplicable. The June 2024 peg event was an operational event without an attacker-response on-chain action; peg restored by market forces and PegKeeper mechanics once the liquidation cascade ended.

Sources #

URL
crvUSD Upward Depeg (June 12, 2024) Incident Report — LlamaRiskLlamaRisk incident report — confirms operational event, not exploit requiring on-chain emergency responseretrieved 2026-05-16
Internal
crvUSD Protocol Profile §10 — Known Incidentscrvusd 00-profile.md §10 — zero smart-contract exploits on crvUSD coreretrieved 2026-05-16

Methodology #

Determine whether the protocol has ≥3 distinct incidents in the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol crvusd factor RD-F-078 score not_applicable collected_at 2026-05-16 19:09:40