CVE/GHSA advisory issued against protocol
crvUSD (Curve Stablecoin)'s assessment for RD-F-178 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No CVE (NIST NVD) or GHSA (GitHub Security Advisories) issued specifically against crvUSD core contracts (crvUSD token, Controller, LLAMMA, PegKeeper) found in this assessment. Web search for 'CVE crvUSD' and 'GHSA curve stablecoin' returned no relevant CVE/GHSA entries. Note: CVE-2023-42443 was issued against the Vyper compiler itself (not crvUSD contracts), and crvUSD was not affected by the Vyper 0.2.15–0.3.0 vulnerability it documents. GitHub repo (github.com/curvefi/curve-stablecoin) has no GHSA advisories found. Green.
Sources #
- InternalCurve Finance / Vyper Hack Report — hacksdatabasehacksdatabase/hacks/curve-vyper.md — Vyper compiler CVE-class issue; crvUSD not in affected version rangeretrieved 2026-05-16
- Curve Stablecoin GitHub Repositorycurvefi/curve-stablecoin — GitHub repository; no GHSA advisories found in security tabretrieved 2026-05-16
Methodology #
Determine whether a CVE, GHSA, or equivalent public advisory has been issued against this protocol or its code.
See the full factor methodology and distribution across all protocols →