Post-mortem published within 30 days

crvUSD (Curve Stablecoin)'s assessment for RD-F-082 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No exploits on crvUSD core at any time, including post-deploy and post-upgrade windows. The PegKeeper V2 upgrade preceded the June 2024 peg event by weeks but the peg event was not a contract exploit (no funds stolen; it was a mechanism design tradeoff activating during a liquidation cascade). No exploit-within-30-days-of-upgrade pattern observed. Green.

Sources #

URL
PegKeeper V2 Upgrade Governance Proposal — Curve Governance ForumPegKeeper V2 governance proposal — upgrade preceded June 2024 event; event was operational, not an exploit of new coderetrieved 2026-05-16

Methodology #

Determine whether a public post-mortem was published within 30 days of the most recent incident.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol crvusd factor RD-F-082 score green collected_at 2026-05-16 19:09:40