defirisk.co
rubric v1.7.0

Curve Finance

Curve Finance is the original StableSwap and CryptoSwap AMM protocol, written in Vyper. It provides concentrated liquidity for pegged assets (stablecoins, LSTs) via the StableSwap invariant and for volatile assets via the CryptoSwap invariant. Governed by veCRV-weighted Aragon DAO voting. Covers the full protocol umbrella: StableSwap v1, CryptoSwap v2, Stableswap-NG, Twocrypto-NG, and Tricrypto-NG. Excludes crvUSD (separate slug).

Sector dex
TVL $1.7B
Reviewed May 12, 2026
Factors 184
Categories 13
Risk score 15.6
DeploymentsEthereum · $1.6B
01

Risk profile at a glance

0 red · 3 yellow · 10 green
25 24 17 13 15 22 16 10 13 12 8 5 4
02

Categories & evidence

184 factors · 13 categories
Code & audits Green 15 25 of 25
RD-F-009 red Formal verification coverage No Certora, Halmos, or equivalent formal verification engagement found for Curve core pool contracts. Certora's public portfolio does not list Curve Finance. Web search for Curve Finance formal verification returned no Curve-specific results. Mathematical invariants have been academically studied but not formally verified via automated provers. RD-F-001 yellow Audit scope mismatch Multiple audits exist for NG contracts (ChainSecurity tricrypto-ng 2023-06-23, MixBytes stableswap-ng Sept-Oct 2023, ChainSecurity FeeSplitter 2024-09-25). Exact deployed-bytecode-to-audit-commit-SHA matching is infeasible via public sources (audit PDFs binary, audit index 403); Etherscan verification of NG contracts at Vyper 0.3.10 is confirmed. Legacy v1 pools compiled with Vyper 0.2.15/0.3.0 were not audited for the compiler-level reentrancy guard bug exploited July 2023 — a structural scope gap now partially remediated as those pools are drained and abandoned. RD-F-002 yellow Audit recency Most recent audit with disclosed date is ChainSecurity FeeSplitter 2024-09-25 (~550 days ago). Most recent NG pool audit is MixBytes stableswap-ng Oct 2023 (~910 days). NG pool contracts have not been re-audited post the 2023 MixBytes/ChainSecurity engagements; recency is borderline but acceptable for a protocol with ongoing active audits and a $250K bug bounty payout in May 2024. RD-F-003 yellow Resolved-without-proof findings MixBytes stableswap-ng audit (Sept-Oct 2023) found 3 critical, 5 high, 12 medium, 21 low issues; all stated as acknowledged or fixed. On-chain proof of individual finding resolutions is not independently verifiable via public sources (audit PDFs binary). No post-mortem evidence of unpatched critical or high audit finding exploited. Protocol's self-disclosure claims all findings resolved. RD-F-006 yellow Audit-to-deploy gap Exact deploy-to-audit-end delta not independently verifiable without commit SHA matching (PDFs binary). Indicative: ChainSecurity tricrypto-ng audit dated 2023-06-23; tricrypto-ng factory deployed summer-fall 2023, estimated delta <180 days. FeeSplitter audit 2024-09-25 announced on Curve X. No evidence of pre-audit deployment found; insufficient data for precise delta measurement across all NG contracts. RD-F-024 yellow Code complexity vs audit coverage NG contracts are complex multi-thousand-line Vyper AMM math implementations. MixBytes stableswap-ng audit engaged 3 auditors over approximately 7 weeks (Sept-Oct 2023). ChainSecurity tricrypto-ng audit was June 2023. Zealynx notes 'complex financial mathematics' as a persistent risk. No audit firm has declined coverage or flagged complexity as blocking, but the mathematical complexity of the StableSwap and CryptoSwap invariants means audit coverage is necessarily bounded. RD-F-183 yellow Bug bounty scope gap on highest-TVL contracts Curve runs a self-managed bug bounty (max $250K, no Immunefi listing). The program scope is not publicly machine-readable (curve.finance/bugbounty returns 403). It is not independently verifiable whether all highest-TVL contracts are explicitly in-scope. The May 2024 $250K Marco Croc payout demonstrates the program is active. Self-managed nature means scope gaps are not auditable in the way Immunefi programs are. Data cache shows bug_bounty.platform: null confirming no Immunefi integration. RD-F-010 gray Static-analyzer high-severity count Slither and Semgrep do not support Vyper. Mythril has partial Vyper support but no public run on Curve contracts found. No Vyper-native static analysis CI output is publicly available for Curve contracts. Factor cannot be assessed via standard tools for Vyper codebases. Needs Vyper-specific tool run. RD-F-016 gray Divide-before-multiply pattern Slither divide-before-multiply detector does not run on Vyper. No published Vyper-native equivalent analysis found for Curve contracts. Manual audit reviews (ChainSecurity, MixBytes) found no arithmetic ordering issues of severity >= medium in NG contracts. Cannot be programmatically assessed. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned Curve contracts are non-upgradeable (no UUPS, no transparent proxy, no proxy pattern at pool level). VotingEscrow.vy and all pool contracts are deployed as immutable implementations. _authorizeUpgrade is an OZ Solidity UUPS pattern not applicable to Vyper non-proxy contracts. RD-F-022 n/a Public initialize() without initializer modifier Curve is a Vyper codebase with no Solidity initialize()/initializer modifier pattern. All contracts use Vyper __init__() constructors called once at deployment. No proxy-with-separate-initializable-implementation pattern. This factor is structurally not applicable for Vyper non-proxy contracts. Confirmed across CurveStableSwapNG.vy, CurveTricryptoOptimizedWETH.vy, VotingEscrow.vy, ERC20CRV.vy. RD-F-023 n/a Constructor calls _disableInitializers() _disableInitializers() is an OZ Solidity pattern not applicable to Vyper contracts with __init__() constructors. Curve's Vyper contracts have no OZ dependency and no upgradeable proxy pattern.
RD-F-004 green Audit count Minimum 4 distinct audit firms confirmed: Trail of Bits (2020, exchange pool contracts), Quantstamp (2020-08-05 DAO contracts; 2020-10-15 diff audit), MixBytes (2020-07-22 DAO; 2021-09-27; 2023-06-05 crvUSD; 2023 stableswap-ng), ChainSecurity (2021-09-27 ETH/sETH; 2021-09-29 Tricrypto; 2022-04-01 Twocrypto; 2023-06-23 Tricrypto-NG; 2024-09-25 FeeSplitter). 4+ independent firms with overlapping coverage across deployed contract sets.
RD-F-005 green Audit firm tier Trail of Bits (Tier-1) and ChainSecurity (Tier-1) engaged across the protocol lifetime. Quantstamp (Tier-2) and MixBytes (Tier-2/boutique) provide additional coverage. Two Tier-1 firms across a 6-year history is strong posture for a protocol of this scale and complexity.
RD-F-007 green Bug bounty presence & max payout Active self-managed bug bounty at curve.finance/bugbounty. Maximum payout $250,000 confirmed via May 2024 Marco Croc payout for reentrancy vulnerability. Submissions to security@curve.fi. Not on Immunefi (self-managed); data cache bug_bounty.platform: null is a pipeline gap. Program existence and max payout independently confirmed.
RD-F-008 green Ignored bounty disclosure No evidence of Curve ignoring a disclosed vulnerability before exploit. July 2023 was a Vyper compiler-level bug undiscoverable by application-level audit. May 2024 Marco Croc finding paid at maximum bounty ($250K) and remediated. No pattern of ignored disclosures in post-mortems.
RD-F-011 green SELFDESTRUCT reachable from non-admin path Inspection of CurveTricryptoOptimizedWETH.vy (0.3.10), CurveStableSwapNG.vy (0.3.10), VotingEscrow.vy (0.2.4), ERC20CRV.vy (0.2.4) — no selfdestruct or suicide opcode found. Vyper 0.3.10 does not expose a selfdestruct equivalent. Legacy contracts confirmed no self-destruct via direct source inspection.
RD-F-012 green delegatecall with user-controlled target Vyper does not natively support delegatecall at the language level. Inspection of core pool contracts shows no delegatecall patterns. Pool contracts are non-upgradeable and make only standard interface calls to external contracts (tokens, wrappers). Confirmed across CurveTricryptoOptimizedWETH.vy, CurveStableSwapNG.vy, VotingEscrow.vy.
RD-F-013 green Arbitrary call with user-controlled target In NG contracts (Vyper 0.3.10), raw_call usage is restricted to WETH wrap/unwrap and ETH transfer to msg.sender — not arbitrary user-controlled targets. Legacy pools used raw_call for ETH transfer callbacks; those pools are effectively abandoned post-July 2023 exploit. No open arbitrary-call pattern in current NG contracts.
RD-F-014 green Reentrancy guard on external-calling functions NG contracts (CurveTricryptoOptimizedWETH.vy, CurveStableSwapNG.vy) use @nonreentrant('lock') on all state-mutating externally-callable functions: exchange(), add_liquidity(), remove_liquidity(), remove_liquidity_one_coin(), claim_admin_fees(). Compiled with Vyper 0.3.10 which correctly implements storage slot assignment for reentrancy guards (fix landed in 0.3.1, per official Vyper post-mortem). Legacy pools with broken guards are effectively abandoned post-exploit.
RD-F-015 green ERC-777/1155/721 hook without reentrancy guard Curve pool contracts do not integrate ERC-777 token hooks. StableSwapNG supports standard ERC-20, oracle-equipped, rebasing, and ERC-4626 vault tokens but not ERC-777. NG contracts have @nonreentrant on all external-call paths. MixBytes audit confirmed fix of rebasing token balance accounting issues.
RD-F-017 green Mixed-decimals math without explicit scaling CurveStableSwapNG.vy explicitly handles rate_multipliers for decimal normalization of different token types. NG contracts were specifically designed to support mixed-decimal tokens including ERC-4626 vaults with variable decimals. MixBytes audit confirmed fix of rebasing token balance accounting. Decimal normalization is a core design feature of Curve's AMM.
RD-F-018 green Signed/unsigned arithmetic confusion Vyper uses explicit integer types (uint256, int256) with no implicit signed/unsigned confusion; implicit casts are compile-time errors. No public audit finding flags signed/unsigned confusion in NG contracts. Vyper's type system structurally prevents this class of error.
RD-F-019 green ecrecover zero-address return unchecked No ecrecover usage found in pool contracts or governance contracts reviewed. CurveTricryptoOptimizedWETH.vy and VotingEscrow.vy confirmed without ecrecover. NG contracts implement EIP-2612 permit via Vyper's built-in signature verification, not raw ecrecover.
RD-F-020 green EIP-712 domain separator missing chainId CurveTricryptoOptimizedWETH.vy implements EIP-2612/EIP-712 with domain separation initialized in __init__ (includes chainId per EIP-712 standard). No audit finding flags missing chainId in Curve's permit implementation.
Governance & admin Green 17 24 of 24
RD-F-047 red Governance token concentration (Gini) Convex Finance controls approximately 53%+ of circulating veCRV supply. In December 2025, Convex + Yearn addresses accounted for ~90% of votes against a governance proposal. Top-1 entity (Convex) controls >50% of effective veCRV — Gini coefficient estimated >0.90. De-facto single-entity majority over Ownership votes if Convex acts as a bloc. RD-F-028 yellow Low-threshold multisig vs TVL Emergency DAO is 5-of-9 at $1.72B TVL — exactly at peer norm boundary for >$1B TVL protocols. eDAO powers are explicitly limited to killing pools/gauges (not fund drain), which partially mitigates the threshold-relative-to-TVL concern. Full DAO upgrade governance requires veCRV supermajority. RD-F-029 yellow Multisig signers co-hosted 9 eDAO signers are described as 'a mix of the Curve team and prominent figures within the DeFi community.' Signer identities not publicly enumerated in accessible sources; cannot confirm independent custody/infrastructure from OSINT alone. RD-F-032 yellow Timelock duration on upgrades No TimelockController contract. Aragon 7-day vote duration (604,800 seconds) serves as effective timelock for Ownership/Parameter votes (168h >> 48h threshold = green on those tracks). However, Emergency DAO actions use 24-hour voting window (< 48h threshold). Overall yellow because the emergency path is below the 48h green threshold. RD-F-033 yellow Timelock on sensitive actions Ownership/upgrade/fee actions: timelocked via 7-day Aragon vote. Parameter changes: timelocked via 7-day vote. Emergency eDAO actions (kill pool, kill gauge): 24-hour vote only — no 7-day timelock. The rescue/kill path for emergency is not subject to the full 7-day delay. 3-of-5 action types effectively timelocked at 7 days; emergency 'kill' is not. RD-F-039 yellow delegatecall/call in proposal execution without allowlist Aragon EVMScript executor uses runScript() which performs calls (and potentially delegatecall) to target contracts. No explicit on-chain target allowlist in curve-aragon-voting Voting.sol. Governance guard is the 7-day vote + 30% quorum + 51% support requirement — social/economic guard, not cryptographic allowlist. Execution script must pass governance; veCRV lock requirement makes rapid exploitation difficult but not impossible given Convex concentration. RD-F-040 yellow Emergency-veto multisig present Emergency DAO (5-of-9) can kill pools and gauges — a form of operational veto. However, eDAO cannot cancel in-progress or queued governance votes/proposals. There is no governance-vote-cancellation mechanism analogous to a Compound Guardian role. The operational kill-switch exists but not the proposal-veto function. RD-F-041 yellow Rescue/emergencyWithdraw without timelock Emergency DAO can kill pools (freeze deposits/swaps, NOT withdrawals) and kill gauges via 5-of-9 multisig without a 7-day timelock (24h eDAO vote). Explicitly confirmed: eDAO 'unable to take action to pause the pool or handle user funds in any way.' This is a limited operational kill-switch, not a full fund-drain rescue function. Yellow (not red) because direct fund drain is not possible via this path. RD-F-167 yellow Deprecated contract paused but pause reversible by live admin Legacy Curve pools compiled with vulnerable Vyper 0.2.15/0.2.16/0.3.0 remain live (as of July 2023 exploit; some may have been killed/emptied post-exploit but others remain). Emergency DAO retains kill-switch (pause state) over these pools, and the pause state is reversible by 5-of-9 eDAO action. Deprecated surface with live admin scope. RD-F-030 gray Hot-wallet signer flag Cannot assess signer address behavioral patterns (hot-wallet vs. hardware-wallet heuristics require on-chain nonce velocity and gas-price jitter analysis via RPC — not available in this assessment). Data cache provides 9 owner addresses but no behavioral output. RD-F-044 gray Admin wallet interacts with flagged addresses Cannot assess without Chainalysis/TRM cluster feed or equivalent. Ownership Agent (0x40907540) executes DAO-voted actions only. No curator watchlist data available. RD-F-045 gray Constructor args match governance proposal Pool deployments via NG factory do not individually require governance proposals. Governance proposals for parameter/ownership changes appear on gov.curve.finance. Cannot verify constructor arg matching without specific proposal-by-proposal audit. Not feasible for thousands of pool deployments.
RD-F-025 green Admin key custody type Full DAO + Aragon vote as timelock. Ownership voting: 30% quorum + 51% support + 7-day mandatory lock. Emergency DAO is 5-of-9 multisig for limited actions only. No single EOA admin on any core contract.
RD-F-026 green Upgrade multisig signer configuration (M/N) Emergency DAO: 5-of-9 Safe multisig (threshold=5, owner_count=9 per data cache). Full DAO governance for upgrades: displayed as 'DAO' (veCRV-weighted, no fixed signer set).
RD-F-027 green Single admin EOA No single admin EOA. All protocol admin power routes through veCRV-weighted Aragon DAO (7-day vote). Emergency Admin is 5-of-9 multisig. Deployer address (0xc4ad0ef33a0a4dda3461c479ccb6c36d1e4b7be4) does not retain any current admin role.
RD-F-031 green Signer rotation recency No evidence of recent eDAO signer-set changes or threshold reduction. The 5-of-9 composition has been consistently referenced across 2023–2025 incident reports and governance documentation. No Drift-style threshold reduction pattern identified.
RD-F-034 green Guardian/pause-keeper distinct from upgrader Emergency DAO (5-of-9, guardian/pauser role) is entirely separate from the Ownership Agent (protocol upgrade/governance executor). The eDAO cannot execute upgrades; the Ownership DAO cannot directly kill pools without a vote. Role separation is structurally enforced by Aragon's two-DAO architecture.
RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle Upgrade: Ownership Agent (0x40907540) via governance vote. Fee collection/burning: via governance vote through Ownership Agent. Oracle config: Curve AMM pools use internal EMA oracles (no external oracle admin role for core DEX pools). Roles are functionally separated by the Aragon two-agent architecture.
RD-F-036 green Flash-loanable voting weight veCRV is non-transferrable. CRV must be locked (1 week to 4 years) to obtain veCRV. Flash loans cannot acquire veCRV by any mechanism. Voting power is time-decay-weighted checkpointed balance of locked CRV. Definitively not flash-loanable. Strongest anti-flash-loan governance design in DeFi.
RD-F-037 green Quorum achievable via single-entity flash loan N/A by construction: veCRV is non-transferrable and cannot be flash-loaned. No single entity can achieve quorum via flash loan. Relevant governance concentration risk is long-term accumulation (Convex), not flash loans.
RD-F-038 green Proposal execution delay < 24h Ownership votes: 7-day (168h) mandatory before execution. Parameter votes: 7-day (168h). eDAO emergency: 24-hour voting window. All standard governance actions well above 48h green threshold. Emergency eDAO is 24h but eDAO powers are limited (no fund drain).
RD-F-042 green Admin has mint() with unlimited max CRV token has asymptotic supply cap ~3.03B enforced by piecewise linear inflation schedule. Minter contract enforces assert _total_supply <= self._available_supply(). No admin-callable unbounded mint function. The DAO controls gauge weights (which pools earn emissions) but cannot override the inflation schedule or mint outside it.
RD-F-043 green Admin = deployer EOA after 7 days Protocol governance transferred to Aragon DAO at launch in August 2020. Deployer 0xc4ad0ef33a0a4dda3461c479ccb6c36d1e4b7be4 (labeled 'Curve: Deployer 1') does not hold current admin rights on any core governance or pool contract. Ownership is with the Aragon DAO system.
RD-F-046 green Contract unverified on Etherscan/Sourcify Core governance contracts (VotingEscrow, GaugeController, Minter, CRV token, all Voting Apps, eDAO Safe) are verified on Etherscan. NG factory blueprints are Vyper-verified. All protocol-profile-listed contracts are verified.
Oracle & external dependencies Yellow 22 17 of 17
RD-F-049 yellow Oracle role per asset Oracle role breakdown: (1) Swap pricing: no oracle (internal AMM invariant). (2) StableSwap-NG rate oracle for yield-bearing tokens: Primary rate source per pool, set at deployment, immutable — serves pool re-pegging (not swap pricing). (3) CryptoSwap v2 internal EMA: provides price_oracle() function consumed by downstream protocols — Curve itself does not use it for swap execution. Role architecture is clear but the immutable rate oracle in StableSwap-NG creates a permanent dependency on each token's upstream rate provider. RD-F-050 yellow Dependency graph (protocols depended upon) Dependency graph: (1) Token-specific rate oracle per StableSwap-NG pool (wstETH -> Lido stETH.getPooledEthByShares(), cbETH -> Coinbase exchange rate). (2) Vyper 0.3.10 compiler (historical load-bearing; legacy pools used 0.2.15/0.2.16/0.3.0 which caused July 2023 $60.6M exploit). (3) LayerZero for CRV/crvUSD cross-chain (suspended April 19, 2026). (4) Canonical rollup bridges for L2 pools. No Chainlink dependency on core Ethereum pools. Yellow: multiple dependencies with meaningful failure modes, especially the Vyper compiler history and the LayerZero suspension. RD-F-051 yellow Fallback behavior on oracle failure StableSwap-NG: no fallback oracle behavior. _stored_rates() performs raw_call with no try/catch — if the external rate oracle reverts, the entire call stack reverts (pool frozen for swaps involving that asset). CryptoSwap v2 internal EMA: no external oracle dependency, cannot fail externally. No documented circuit breaker, secondary oracle, or last-known-price fallback for StableSwap-NG rate oracles. Fallback behavior is effectively: pool freeze on oracle failure. RD-F-052 yellow Breakage analysis per dependency Breakage analysis: (1) Rate oracle reverts: StableSwap-NG pool containing that token type is frozen for swaps. LPs may still be able to remove liquidity if remove_liquidity path avoids _stored_rates(). No user debt risk (DEX). (2) LayerZero bridge failure: CRV/crvUSD cross-chain unavailable on BNB/Sonic/Avalanche/Fantom/Etherlink/Kava — already realized via suspension. Core Ethereum TVL ($1.62B) unaffected. (3) Internal EMA oracle manipulation: risk falls on protocols using Curve pool price_oracle() as input, not Curve itself. (4) Vyper compiler: legacy pools with 0.2.15/0.2.16/0.3.0 remain live — any new reentrancy surface would affect those pools specifically. RD-F-054 yellow TWAP window duration CryptoSwap v2 (Tricrypto-NG) internal EMA: ma_time parameter configurable 60s–7d (values 87–872541 in Vyper units, where value = window / ln(2)). Default is deployment-specific. Admin can change via commit_new_parameters() (requires factory admin) + apply_new_parameters() (3-day delay). A very short ma_time (near 60s minimum) in a low-liquidity pool would be manipulation-vulnerable. StableSwap-NG: no TWAP window — uses token exchange rate directly. Yellow: the minimum allowed window (60s) is below the 30-min threshold in the taxonomy, even if current deployment values are likely longer. RD-F-056 yellow Single-pool oracle (no medianization) StableSwap-NG rate oracle: single source per token type (wstETH -> Lido only via one address, cbETH -> Coinbase only via one address). No medianization across multiple venues. Single point of failure: if the token's upstream rate contract is compromised or returns a wrong value, the pool uses that wrong rate. CryptoSwap v2 EMA: single pool, single EMA — no medianization. Mitigated: these are canonical protocol-level rates (not DEX spot prices), and their manipulation would require exploiting the Lido or Coinbase protocol itself. RD-F-057 yellow Circuit breaker on price deviation No circuit breaker identified for StableSwap-NG rate oracle or CryptoSwap v2 EMA. CryptoSwap v2 has an informal spike cap: new last_prices[k] capped at 2 * price_scale[k] before EMA update (tweak_price() function) — prevents extreme single-trade spikes from propagating into the oracle. This is not a formal circuit breaker (no pause or revert-if-deviation logic). StableSwap-NG: no deviation check on rate oracle output. RD-F-058 yellow Max-deviation threshold (bps) CryptoSwap v2: informal 2x price_scale cap (see F057) — no explicit basis-point parameter. StableSwap-NG: no deviation threshold at all on rate oracle output. The 2x cap in CryptoSwap v2 prevents oracle spikes from single trade from being more than 2x last price_scale, but this is not a configured threshold parameter — it is a hardcoded design choice. Confidence medium because exact behavior requires simulation of edge cases. RD-F-059 yellow Oracle staleness check present No staleness check on StableSwap-NG rate oracle. _stored_rates() performs raw_call(..., is_static_call=True), asserts response length == 32, but does NOT check updatedAt timestamp or any maximum age. CryptoSwap v2 internal EMA: staleness is self-managed by EMA decay (uses block.timestamp delta in tweak_price()) — staleness concern applies to EXTERNAL users of the price_oracle() output, not to Curve's own swap logic which only uses internal pool balances. RD-F-180 yellow Immutable oracle address [★ CRITICAL-CANDIDATE — F180 PD-017 flag for T-14 post-launch promotion assessment] StableSwap-NG pools declare rate_oracles: immutable(DynArray[uint256, MAX_COINS]) — oracle addresses set at pool deployment, permanently fixed. No admin setter exists. No staleness check in _stored_rates(). Pattern matches F180 failure mode (oracle address not programmatically replaceable). Mitigated: Curve DEX (this slug) has no borrow/liquidation mechanics — rate oracles affect pool re-pegging (AMM curve shape), not user debt liquidation. CryptoSwap v2 (Tricrypto-NG): EMA oracle IS admin-replaceable via factory admin + 3-day timelock (commit_new_parameters / apply_new_parameters) — GREEN for CryptoSwap v2. Net: YELLOW for StableSwap-NG rate oracle class. Explicitly flagged for T-14 promotion review: should F180 ★ apply at full severity for DEX protocols with no liquidation surface? RD-F-060 n/a Chainlink aggregator min/max bound misconfig N/A — Curve DEX does not consume Chainlink feeds in swap pricing or rate oracle logic. The 19 Chainlink feed addresses in data cache are from integrating protocols referencing Curve pools as oracle source. No Chainlink aggregator dependency exists for Curve's own pool operations. RD-F-181 n/a Permissionless-pool lending oracle N/A — DEX protocol, not lending. RD-F-181 applies to lending protocols that accept spot prices from permissionless DEX pools as collateral oracle (Rhea Finance NEAR class). Curve DEX (slug curve-v2) has no borrow/lending mechanics (data cache: borrow.present: false). Per process-learnings DEX template: F181 N/A by factor definition for non-lending protocols.
RD-F-048 green Oracle providers used Curve AMM pools use no external price oracle for swap pricing. Swap price derived from pool balances via StableSwap/CryptoSwap invariant. StableSwap-NG uses token-specific rate oracles (wstETH rate from Lido, cbETH rate from Coinbase) for yield-bearing token rebasing — not external market price feeds. The 19 Chainlink feed addresses in data cache are feeds from integrating protocols referencing Curve, not feeds consumed by Curve. CryptoSwap v2 uses internal EMA from trade history. Provider list: token-specific rate oracle (Lido, Coinbase) per StableSwap-NG pool; no Chainlink, no Pyth, no Uniswap TWAP.
RD-F-053 green Oracle source = spot DEX pool (no TWAP) [★ CRITICAL] GREEN — N/A for swap pricing. Curve's AMMs are self-contained; swap price derived from pool balances via StableSwap/CryptoSwap invariant math, not from any external DEX pool oracle. StableSwap-NG rate oracles (wstETH etc.) use protocol-specific rate functions (getPooledEthByShares type calls), not spot DEX pool prices. CryptoSwap v2 internal EMA uses trade history from the pool itself, not an external DEX spot price. No single DEX pool oracle dependency found in either AMM type.
RD-F-055 green Oracle pool depth (USD) N/A for swap pricing — no DEX pool oracle used. StableSwap-NG rate oracle: oracle is a protocol-level exchange rate (wstETH rate from Lido stETH contract, cbETH rate from Coinbase contract) — not a DEX pool price. Depth concept does not apply; manipulation would require compromising Lido or Coinbase protocol contracts, not liquidity pool depth. CryptoSwap v2 EMA: uses trade history from the pool itself, depth of the Curve pool matters for EMA quality but Curve is typically one of the deepest on-chain pools for its assets.
RD-F-061 green LP token balanceOf used for pricing Curve does not trust LP token balanceOf for pricing. AMM invariant math (D value) is used, not balanceOf directly. StableSwap-NG: _stored_rates() returns a rate multiplier (not balanceOf) that scales the normalized balances (xp); direct donation via transfer cannot manipulate this rate path. CryptoSwap v2: uses virtual balances derived from pool state, not raw balanceOf. Donation-manipulation via transfer is not applicable to the pricing mechanism.
RD-F-062 green External keeper/relayer not redundant Core Ethereum pool operation requires no external keeper. EMA oracle updates trigger from user swap transactions (tweak_price() called within swap functions). No Chainlink Automation or Gelato keeper dependency for pool price updates. LayerZero bridge has DVN/executor dependency (suspended — see Cat 10). Canonical rollup bridges (Arbitrum, Optimism, Base) have their own sequencer infrastructure — Curve does not depend on a single keeper/relayer for those chains.
Economic risk Green 17 13 of 13
RD-F-064 yellow TVL concentration (top-10 wallet share) 93.86% of TVL ($1.615B) is on Ethereum; next largest is Arbitrum at 1.15%. Extreme single-chain concentration. Any Ethereum-level disruption materially affects nearly all protocol TVL. Wallet-level depositor concentration not enumerable via available tooling (Dune 403); chain concentration is the primary measurable signal and already flags yellow. RD-F-067 yellow Historical bad-debt events July 30, 2023 Vyper compiler reentrancy exploit: ~$60.7M drained across four pools (pETH/ETH, msETH/ETH, alETH/ETH, CRV/ETH). White-hat c0ffeebabe.eth returned $5.4M; total recovery was ~$52.3M (73%) by August 7, 2023. Net LP loss ~$8-20M. Curve DAO voted December 21, 2023 (94% approval) for $49.2M compensation package ($7.2M ETH + $42M CRV vesting 1 year). Yellow rather than red: (a) DAO actively compensated LPs; (b) root cause was Vyper compiler bug now patched; (c) no systemic protocol insolvency. DNS hijack 2022 (~$573K) excluded — off-chain phishing, not protocol-level economic loss. RD-F-066 n/a Utilization rate (lending protocols) Curve Finance is a DEX AMM, not a lending protocol. borrow.present=false per data cache. No utilization rate concept applies. RD-F-068 n/a Collateralization under stress Curve DEX has no collateral or borrow mechanics. No collateralization ratio concept applies. AMM LP positions are pool shares, not collateralized debt positions. RD-F-069 n/a Algorithmic / under-collateralized stablecoin Not applicable. Curve DEX does not issue or manage a stablecoin. crvUSD is a separate slug (crvusd) excluded from this assessment per protocol profile §1. CRV is a governance/incentive token with a programmatic deflationary emission schedule, not an algorithmic stablecoin. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) [★ CRITICAL — N/A] Curve Finance is not a Compound V2 fork. It is the original StableSwap/CryptoSwap AMM protocol, with no cToken-style markets, no lending architecture, and no borrow/supply mechanics (borrow.present=false per data cache). The empty-market donation-exploit pattern does not apply. Per taxonomy PD-024 and the protocol's fork lineage (original, not forked — per 00-profile.md §5), this factor is explicitly not applicable. RD-F-071 n/a Seed-deposit requirement for new market listing Not applicable per taxonomy PD-024 (lending-only factor). Curve is a DEX. Qualitative note: permissionless factory pool deployment has no seed deposit requirement, which creates a theoretical first-deposit inflation risk in individual pools — flagged to code-security-analyst for Cat 1 scope. RD-F-072 n/a Market-listing governance threshold Not applicable per taxonomy PD-024 (lending-only factor). Qualitative note for context: Curve pool deployment is permissionless via factory contracts; gauge assignment (directing CRV emissions) requires an Aragon governance vote. The two-tier system (permissionless pool, governed gauge) is relevant context but not a lending market-listing threshold. RD-F-073 n/a Oracle-manipulation-proof borrow cap Not applicable per taxonomy PD-024 (lending-only factor). Curve DEX has no borrow caps. RD-F-074 n/a ERC-4626 virtual-share offset (OZ ≥4.9) Not applicable per taxonomy PD-024 (lending-only factor). Curve pools are not ERC-4626 vaults. LP tokens are standard ERC-20s representing proportional share of pool invariant D, not yield-bearing vault shares. RD-F-075 n/a First-depositor / share-inflation guard Not applicable per taxonomy PD-024 (lending-only factor). Qualitative note: MixBytes StableSwapNG audit (2021-09-27) found no MINIMUM_LIQUIDITY dead-share burn on initial deposit (total_supply==0 path mints D1 directly). Source review of CurveStableSwapNG.vy confirms this design. Mitigating factors: StableSwap invariant math makes large-scale inflation economically costly; audit confirmed all critical findings fixed. Risk is bounded to small factory pools. Not scored for this DEX.
RD-F-063 green TVL (current + 30d trend) TVL $1.721B as of 2026-04-28; 30-day change -2.4%; 12-month peak ~$2.86B (August 2025). Gradual drawdown from peak but well above coverage threshold. Curve captured ~44% of all ETH DEX fees in late 2025, demonstrating continued utility.
RD-F-065 green Liquidity depth per major asset Core pools have exceptional depth: 3pool (DAI/USDC/USDT) at $500K swap produces 0.003% price impact; stETH/ETH $100K swap at <0.01% impact; Arbitrum pools handle $50K with minimal slippage. Curve is the de-facto deepest stablecoin venue on Ethereum. Long-tail permissionless factory pools are individually thin but do not represent material TVL.
Operational history Green 18 15 of 15
RD-F-077 yellow Prior exploit count Two documented incidents: (1) 2022-08-09 DNS hijack ($575K, off-chain frontend); (2) 2023-07-30 Vyper compiler reentrancy exploit (~$73.5M gross, ~$52M net after recovery). Two incidents over 6+ years at >$1B TVL is a below-average incident rate but non-zero. Yellow (not green for 0 incidents; not red for <3 incidents). RD-F-081 yellow Post-exploit response score 2023 Vyper exploit response: compensation paid (DAO voted $44M CRV, Dec 2023, vesting 1 year; 10% white-hat fee to attacker); root cause documented (LlamaRisk post-mortem); operational recovery via NG migration. Deductions: ~7-hour gap before first official Curve team status update (exploit began 13:10 UTC, Discord update ~20:30 UTC); post-mortem authored by LlamaRisk not Curve directly; no on-chain pause activated (AMM non-pausable). 2022 DNS hijack: no victim compensation; incomplete technical post-mortem. Composite: 3/5 — yellow. RD-F-083 yellow Auditor re-engaged after last exploit The 2023 exploit root cause was the Vyper compiler — a third-party toolchain. Curve cannot commission an audit of the Vyper compiler. Post-exploit, Curve continued audit engagement: ChainSecurity audited FeeSplitter.vy (2024-09-25). No dedicated post-incident audit of legacy pools (pools were drained / defunct). Migration to NG series (Vyper 0.3.10, audited by ChainSecurity Jun 2023 pre-exploit and ongoing) is the structural response. Yellow: audit engagement continued but no dedicated post-incident review of affected pools specifically. RD-F-084 yellow TVL stability (CoV over 90d) TVL trend: entered 2025 at ~$2.44B, peaked Aug 2025 at ~$2.86B, current 2026-04-28 $1.72B. 30-day change: -2.4%. 1-day change: -0.19%. Sustained ~$700M decline over ~8 months from Aug 2025 peak. Coefficient of variation not computed (DefiLlama daily series returned 403). Estimated moderate negative trend — yellow. No sudden crash pattern. RD-F-085 yellow Incident response time (minutes) 2023 Vyper exploit: first exploit transaction at 13:10 UTC; first official Curve team Discord update (acknowledging pools drained/white hacked) at approximately 20:30 UTC (~420 minutes / ~7 hours). Vyper team public acknowledgment at 16:44 UTC (third-party toolchain). Protocol non-pausable, so no faster on-chain protective action was structurally possible, but 7 hours for a $73M live exploit communication gap is slow. 2022 DNS hijack: ~62-minute response (acceptable). Most recent incident drives the score. RD-F-089 yellow Insurance coverage active Nexus Mutual offers user-purchasable coverage for Curve Finance (listed among covered protocols on platform). No Curve-sponsored, treasury-funded, or Sherlock-style protocol insurance program found. User-purchasable cover exists (meaningful at user level) but no protocol-directed insurance. Yellow: coverage purchasable but not protocol-sponsored. RD-F-166 yellow Deprecated contracts still holding value Legacy Curve pools compiled with Vyper 0.2.15/0.2.16/0.3.0 (the exploited compiler versions) were never formally deprecated with a user-facing migration notice. The four exploited pools (alETH/ETH, pETH/ETH, msETH/ETH, CRV/ETH) were drained and are effectively defunct. Residual non-exploited legacy pools compiled with the same compiler versions may still hold TVL; no formal deprecation announcement was made. Curve's strategy is NG-series migration without formal legacy deprecation. Yellow: migration-without-announcement posture; no confirmed >$100K stuck in formally-announced-deprecated contracts, but legacy pool surface persists without official sunset. RD-F-086 n/a Pause activations (trailing 12 months) Zero deliberate pause activations in trailing 12 months (2025-04-28 to 2026-04-28). Curve's core AMM does not have a centralized pause mechanism. No emergency-stop events found in hacksdatabase or OSINT for this period. [v1-deferred: only curator_note evidence; downgraded per §14 Pass 3] RD-F-087 n/a Pause > 7 consecutive days Boolean: FALSE. No pause mechanism exists in core Curve AMM. No pause event of any duration occurred. Cannot satisfy the >7 consecutive day criterion. [v1-deferred: only curator_note evidence; downgraded per §14 Pass 3]
RD-F-076 green Protocol age (days) Live since January 2020 (~75 months / 2,290 days as of 2026-04-28). Exceeds A-grade 12-month floor by a large margin. First Curve pool (cDAI/cUSDC) deployed January 2020 per IQ.wiki milestones and profile §2.
RD-F-078 green Chronic-exploit flag (≥3 incidents) CHRONIC flag: FALSE. Two total incidents — below the ≥3 threshold (PD-022). CHRONIC badge does not fire.
RD-F-079 green Same-root-cause repeat exploit No same-root-cause repeat. Incident 1 (2022-08-09): DNS registrar nameserver compromise — off-chain infrastructure failure. Incident 2 (2023-07-30): Vyper compiler reentrancy storage slot misalignment — smart contract level. Distinct root-cause classes; no repeat.
RD-F-080 green Days since last exploit Last exploit: 2023-07-30. Days since: ~1,003 days (as of 2026-04-28). Protocol has been incident-free for approximately 2.75 years post-Vyper exploit.
RD-F-082 green Post-mortem published within 30 days 2023 Vyper exploit: LlamaRisk published comprehensive HackMD post-mortem within days of the 2023-07-30 exploit (well within 30 days). 2022 DNS hijack: Curve Substack post published 2022-08-10 (same/next day). Both incidents had public documentation within 30 days.
RD-F-088 green Re-deployed to new addresses in last year No full protocol re-deployment to new addresses in trailing 12 months. Governance core contracts (VotingEscrow, GaugeController, Aragon voting apps, Emergency DAO Safe) unchanged. New NG pools deployed via factory (routine factory operation, not a retiring re-deploy). No address-set retirement found.
Real-time signals Green 14 22 of 22
RD-F-100 yellow Flash loan >$10M targeting protocol tokens Curve is the largest stablecoin liquidity venue on Ethereum ($1.6B Ethereum TVL) and a primary source of flash loan liquidity itself. Flash loans against Curve pools are constant and structural. Signal threshold: flash loan ≥$10M + receiver contract interacts with protocol oracle/gov contract. Curve has no oracle to manipulate (self-contained AMM). Governance cannot be flash-loan-attacked (veCRV is time-locked, not flash-loanable). The signal is technically applicable to Curve as a venue but corroboration requirement (oracle/gov interaction) is structurally unavailable. Ongoing MEV sandwich and JIT-LP activity at scale. Historical: MEV bots front-ran the July 2023 exploit, generating largest MEV block rewards in Ethereum history. Score yellow: applicable signal but structurally suppressed by Curve's self-contained AMM architecture; not currently firing at threshold. RD-F-105 yellow DNS/CDN/frontend hash drift DNS/frontend signal has confirmed double-fire history on Curve. (1) August 10, 2022: curve.fi DNS hijacked via iwantmyname registrar compromise; attacker cloned frontend and deployed malicious approval contract; ~$573K drained. (2) May 12, 2025: curve.fi DNS hijacked AGAIN via same iwantmyname registrar; attacker redirected to wallet drainer; funds drained. Additionally, May 5, 2025: Curve's X account compromised (fake CRV airdrop phishing post). Curve subsequently migrated primary domain from curve.fi to curve.finance following May 2025 incident. Current posture: primary domain is now curve.finance; curve.fi migrated away. Monitoring baseline must be established on curve.finance. The signal is structurally highly applicable with confirmed historical fires. Score yellow — applicable with confirmed double-fire history; current posture (post-migration to curve.finance) requires verified monitoring on new domain baseline. RD-F-109 yellow Social-media impersonation scam spike Social media impersonation signal. P2 taxonomy priority but structurally elevated for Curve based on confirmed events. (1) May 5, 2025: official Curve Finance X account compromised; attacker posted fake CRV airdrop with phishing link to a fake interface. (2) May 12, 2025: DNS hijack created a full replica frontend mimicking curve.fi interface to drain user wallets. Curve is a high-brand-recognition target ($1.72B TVL, 6+ year history, global DeFi name). Brand impersonation risk is persistently elevated given documented repeat attack pattern on the same registrar (iwantmyname compromised twice). Signal is not grade-eligible per T-09 tier framework (advisory observation only). Score yellow to document confirmed and ongoing impersonation history. RD-F-090 n/a Mixer withdrawal → protocol interaction Tier-C advisory signal, T-09 v1 phase-2 scope. Curve pools structurally receive funds from diverse sources including mixer-adjacent wallets as a baseline — Curve is a primary stablecoin liquidity venue. The August 2022 DNS attacker subsequently used Tornado Cash for fund laundering (attacker action, not protocol-team action). No specific new mixer-funded threat-actor interaction identified at 2026-04-28. Requires licensed Chainalysis/TRM clustering feed for full assessment. Signal is applicable architecturally but not assessable at static dry-run without partner feed. RD-F-091 n/a Partial-drain test transactions v1-deferred (P1). Partial-drain test-tx pattern requires live mempool pattern-matching. The July 2023 Vyper exploit was an immediate full-exploitation upon public bug disclosure — no documented pre-drain test transaction pattern for that event. No current pre-drain test-tx pattern observed at static dry-run. RD-F-092 n/a Unusual mempool pattern from deployer wallet v1-deferred (P2). Deployer wallet 0xc4ad0ef33a0a4dda3461c479ccb6c36d1e4b7be4 (Curve: Deployer 1) shows no reported unusual pattern. Factory pool deployments are normal operational behavior for Curve. Requires live mempool monitoring. Not assessable at static dry-run. RD-F-093 n/a Abnormal gas-price willingness from attacker wallet v1-deferred (P2). MEV bots routinely use elevated gas around Curve pools — distinguishing attacker-class gas willingness from MEV-arb gas willingness requires licensed threat-actor wallet clustering. Not assessable at static dry-run. RD-F-094 n/a New contract with similar bytecode to exploit template v1-deferred (P2). Curve's factory architecture produces thousands of pool deployments via deterministic CREATE2 — distinguishing exploit-template contracts from legitimate factory outputs requires dedicated bytecode-similarity monitoring. Not assessable at static dry-run. RD-F-095 n/a Known-exploit function-selector replay v1-deferred (P2). The July 2023 Vyper reentrancy exploit used standard add_liquidity/remove_liquidity selectors — indistinguishable from normal LP operations without reentrancy-triggering context. Requires exploit-template database. Not assessable at static dry-run. RD-F-096 n/a New ERC-20 approval to unverified contract from whale v1-deferred (P2). Requires live mempool monitoring for high-TVL user approvals to unverified contracts. Not assessable at static dry-run. RD-F-097 n/a Sybil surge of identical-pattern transactions v1-deferred (P2). Requires on-chain clustering and real-time identical-tx-pattern monitoring. Not assessable at static dry-run. RD-F-099 n/a Oracle price deviation >X% from secondary Curve Finance's own AMM pools do NOT consume external price oracles for pricing or trading decisions. The StableSwap and CryptoSwap AMM prices are derived entirely from pool balance invariants. The 19 Chainlink feed addresses in the data cache are feeds consumed by protocols that use Curve as an oracle source — not feeds consumed by Curve itself. Curve's internal EMA oracles (in CryptoSwap v2 pools) are produced by Curve, not consumed by it. The signal is structurally not applicable to Curve's own protocol operation. Confirmed by Curve oracle security documentation. RD-F-102 n/a Admin/upgrade transaction in mempool v1-deferred (phase 2). Requires mempool listener and per-protocol admin map. Curve's Aragon governance structure routes admin actions through voting → Aragon agent → execution. The eDAO Safe (0x467947EE34aF926cF1DCac093870f613C96B1E0c, 5-of-9) is the emergency execution path. No unscheduled admin mempool activity reported at assessment date. Per T-09 §3.2, this signal requires mempool listener stack and per-protocol admin/keeper allowlist before it can be wired up. RD-F-103 n/a Bridge signer-set change proposed/executed Curve is NOT an operator of its own bridge. The core DEX has no bridge validator set. The eDAO Safe (5-of-9) governs emergency protocol actions but is not a bridge validator set subject to this signal. LayerZero OFT infrastructure was suspended April 2026 as a precautionary measure following the KelpDAO/rsETH $292M exploit — this is a procedural pause to halt cross-chain transfers, not a signer-set change event. The eDAO Safe threshold remains stable at 5-of-9. No eDAO signer set change event identified. Signal applies to bridge validator set changes specifically; Curve's architecture does not have this surface. RD-F-106 n/a Cross-chain bridge unverified mint pattern v1-deferred (P1). Curve uses LayerZero OFT for CRV/crvUSD cross-chain transfers; bridge is currently suspended (April 2026, KelpDAO/rsETH precautionary halt). Cross-chain mint-without-proof pattern requires live cross-chain indexing infrastructure. Not assessable at static dry-run. During suspension, bridge is not producing cross-chain messages. RD-F-107 n/a Admin EOA signing from new geography/device v1-deferred (P2). Off-chain signing telemetry not publicly accessible. eDAO Safe signers are distributed (Michael Egorov is confirmed founder; others include lex_node/_gabrielShapir0 per public statements). Geography/device fingerprint assessment not achievable at static dry-run. RD-F-108 n/a GitHub force-push to sensitive branch v1-deferred (P2). Requires real-time GitHub API monitoring per protocol. curvefi GitHub org last commit 2026-03-20 (tricrypto-ng per data cache). No force-push alerts or unexpected sensitive-branch pushes identified at static assessment. Not assessable without live GitHub monitoring. RD-F-110 n/a Unusual pending/executed proposal ratio v1-deferred (P2). Requires 30-day governance proposal baseline comparison for Curve's Aragon voting apps (Ownership: 0xe478de..., Parameter: 0xBCff8B...). Not assessable at static dry-run without historical proposal cadence data.
RD-F-098 green TVL anomaly — % drop in <1h TVL $1,721,084,356 as of 2026-04-28T19:17:11Z. 1d change: -0.19%; 30d change: -2.4%. Both are within normal organic variation. Signal threshold: TVL_now / TVL_baseline_30d < 0.70 over 60-minute window. Current posture is well above threshold — protocol TVL is stable and not in anomaly territory. Tier-A signal; would fire instantly on breach. Current posture: no fire.
RD-F-101 green Large governance proposal queued Aragon governance voting apps active: Ownership (0xe478de485ad2fe566d49342cbd03e49ed7db3356), Parameter (0xBCfF8B0b9419b9A88c44546519b1e909cf330399), Emergency (0x1115c9b3168563354137cdc60efb66552dd50678). Governance forum (gov.curve.finance) shows recent standard proposals: LlamaRisk services renewal April 2025-2026; CRV development grant (17M CRV for 2026 roadmap); Swiss Stake AG funding renewal December 2025. None match flagged-pattern criteria: no fresh proposer wallet (<30 days), no admin-role-change calldata without co-sign, flash-loan voting attack not applicable (veCRV requires multi-year lock — not flash-loanable). Current posture: governance active, normal cadence, no malicious-pattern proposal identified.
RD-F-104 green Stablecoin depeg >2% on shared-LP venue Curve's 3pool (DAI/USDC/USDT) is the systemic reference pool for stablecoin liquidity on Ethereum. Primary stablecoins within Curve's largest pools are all within normal peg range at assessment date — no active depeg >2% on any major stablecoin observed. Signal threshold: |price - peg| / peg > 0.02 on ≥2 venues sustained ≥30 min AND protocol exposure ≥5% TVL. Chainlink USDT/USD feed (heartbeat 86400s, deviation 0.25%) and USDC/USD feed (heartbeat 82800s, deviation 0.25%) — both within normal range. Current posture: no depeg condition.
RD-F-182 green Security-Council threshold reduction (RT) RD-F-182 from batch-24 (Cat 6B): Security-Council threshold reduction event RT signal. Applicable signal for Curve's eDAO Safe (0x467947EE34aF926cF1DCac093870f613C96B1E0c). Signal fires on: threshold reduction (e.g., 5/9 → 4/9), timelock removal, or new-signer addition within ≤14 days of either. Current posture: eDAO Safe threshold is 5-of-9 (confirmed in data cache: threshold: 5, owner_count: 9). No threshold reduction or timelock removal event identified in available public data. Etherscan shows most recent Exec Transaction was approximately 7 days prior to assessment date — a normal operational action, not a structural change. Aragon voting period (7-day equivalent) not shortened per available data. Signal is v1.1 candidate pending T-09 FP-rate review. Current posture: no fire condition.
Dev identity & insider risk Green 2 16 of 16
RD-F-117 yellow ENS/NameStone identity bound to deployer No ENS name bound to Deployer 1 (0xc4ad...) — anonymous deployer vanished after August 2020. No ENS name bound to Deployer 2 (0xc447...). Michael Egorov's personal wallet (0x7a16ff82...) has an Etherscan name tag but no ENS reverse record found in public searches. The absence of ENS binding on any deployer address is a minor gap in formal on-chain identity anchoring.
RD-F-111 green Team doxx status Michael Egorov fully doxxed: real name, PhD Physics (Swinburne University), LinkedIn, Twitter @newmichwill, GitHub @michwill, multiple conference appearances (TechCrunch 2022, EGYPES 2024, Epicenter podcast). Secondary contributors (iamdefinitelyahuman, 0xLlam4, charlie-eth) are consistent pseudonyms with 5-6+ year GitHub track records. eDAO signers described as 'Curve team + prominent DeFi figures' — not individually attributed publicly. Overall tier: real-name / consistent-pseudonym mix across team.
RD-F-112 green Team public accountability surface Egorov has 4+ verifiable public accountability trails: MIPT BS Applied Math/Physics, PhD Swinburne, LinkedIn with 10-year history, conference talks, court filing record (VC lawsuit dismissed), NuCypher CTO role (Y Combinator 2016). Julien Bouteloup: public LinkedIn and MEV research. iamdefinitelyahuman: 4+ years of Brownie/Ape Framework contributions widely used in DeFi ecosystem. Sufficient accountability surface for core team.
RD-F-113 green Team other-protocol involvement history Egorov: NuCypher CTO 2015-2020 (legitimate encryption company, Y Combinator 2016), Yield Basis founder (active). Julien Bouteloup: Stake DAO founder (legitimate, active). iamdefinitelyahuman: Brownie Python testing framework for Ethereum (widely adopted). No team member has prior rug pull or exit-scam affiliation found in any public source. Egorov's 2023 personal loan crisis was personal finance, not a protocol exit.
RD-F-114 green Deployer address prior on-chain history Deployer 1 (0xc4ad0ef33a0a4dda3461c479ccb6c36d1e4b7be4, 'Curve: Deployer 1'): fresh wallet, first tx Aug 13 2020 — created for this deployment. No prior on-chain history indicating rug or exploit. Deployer 2 (0xc447fcaf1def19a583f97b3620627bf69c05b5fb, 'Curve: Deployer'): active since 2019-2020, consistent with Curve StableSwap pool deployments. Neither address appears in hacksdatabase or REKT.news as a rug-linked deployer.
RD-F-115 green Prior rug/exit-scam affiliation No team member linked to prior rug or exit scam. Egorov's 2023-2024 personal CRV loan crisis: personal debt, no protocol exit, bad debt repaid. VC lawsuit (ParaFi, Framework, 1kx alleging trade secret misappropriation) dismissed by California court. Curve Finance remains operational at $1.7B TVL 6+ years post-launch. Web search for 'Curve Finance rug exit scam' returns zero credible claims against the protocol itself.
RD-F-116 green Contributor tenure at admin-permissioned PR Michael Egorov (michwill) has been active on GitHub since at least 2015 (NuCypher era) — maximum contributor tenure as protocol founder. iamdefinitelyahuman: 6+ years active in curvefi/DeFi Python tooling. Last curvefi commit: 2026-03-20 (data cache). No evidence of short-tenure contributor being granted admin-permissioned commit access to core contracts.
RD-F-118 green Handle reuse across failed/rugged projects @0xc4ad Twitter: created August 2020, posted once about CRV deployment, vanished — no prior protocol association (failed or otherwise). @newmichwill (Egorov): consistent identity since NuCypher era (~2015+); no handle reuse across rugged projects. iamdefinitelyahuman: consistent GitHub identity since 2020; Brownie framework association; no rug-project handle history.
RD-F-119 green Commit timezone consistent with stated geography Michael Egorov: stated Australian/Russian background (Swinburne University Melbourne; Moscow Institute of Physics and Technology). No systematic commit-time anomaly analysis performed; no public reporting of DPRK-consistent timezone anomaly for any Curve contributor. curvefi repos show commits distributed across multiple timezones consistent with distributed international team. Confidence is low due to lack of full commit-time distribution analysis.
RD-F-120 green Video-off/voice-consistency flag Michael Egorov has appeared on video/audio at multiple conferences: TechCrunch DeFi Summit 2022 (video), EGYPES 2024 Energy conference (speaker profile), Epicenter podcast (audio interview). No reports of video refusal, voice inconsistency, or timezone mismatch. Pseudonymous secondary devs (iamdefinitelyahuman, 0xLlam4) have not been subject of video-consistency concerns — their pseudonymity is operational (common in Vyper/DeFi dev community), not suspicious.
RD-F-121 green Contributor OSINT depth score OSINT depth scores: Egorov 5/5 (real name, academic record, professional history, conference presence, court filings, active social). Julien Bouteloup 4/5 (public LinkedIn, MEV research, Stake DAO). iamdefinitelyahuman 3/5 (pseudonymous but 4+ years consistent GitHub, Brownie co-author, DeFi community recognition). 0xLlam4/charlie-eth/Michael K 2/5 (GitHub presence, no personal identification). Weighted average for core team: ~4/5. Well above typical pseudonymous protocol.
RD-F-122 green Contributor paid to DPRK-cluster wallet No evidence of payment flows from Curve protocol to any contributor wallet with 3-hop path to DPRK-labeled cluster. Core dev team funded via Swiss Stake AG DAO grant (passed 2024 with 91% approval — transparent on-chain governance). Egorov's personal wallet on-chain interactions are with legitimate DeFi protocols (Aave, Frax, LlamaLend). No DPRK cluster proximity for any identified wallet. eDAO signers not individually traced (data gap noted).
RD-F-123 green Sudden admin-rescue/ACL change without discussion [CRITICAL ★] Emergency DAO's authority is narrowly scoped to gauge kills and pool kills — it cannot change admin keys, transfer ownership, or modify ACL. All Ownership-track changes require 7-day Aragon DAO vote. August 2023 eDAO gauge-kill post-exploit was within documented scope. No evidence of non-routine admin rescue or ACL change without preceding public discussion in the last 180 days or in the full incident history reviewed. Egorov's 2023 personal loan crisis required zero protocol admin action.
RD-F-124 green Deployer wallet mixer-funded within 30 days [CRITICAL ★] Deployer 1 (0xc4ad...): no Tornado Cash / mixer interactions in Etherscan transaction history. Funded by 0x6871EaCd... (unlabeled dormant wallet — no mixer label). Deployer 2 (0xc447...): no mixer interactions; funded by personal wallet (0x75e6de...) active since June 2018 with ~955 ETH movement consistent with early ETH holder. 30-day pre-deploy window for both: no mixer activity. No public reporting of mixer proximity for any Curve deployer address across 5+ years.
RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus [CRITICAL ★] No on-chain linkage found between any Curve deployer/team wallet and DPRK/Lazarus cluster within 3 hops. OFAC SDN search: no Curve-related entities. Chainalysis public DPRK reports: no Curve linkage. Web search 'Curve Finance DPRK Lazarus North Korea' returns only Curve team responses to the 2026 industry-level Kelp/Drift DPRK wave — Egorov publicly called for new safety standards. No credible allegation of DPRK involvement in Curve development in any source reviewed. Protocol is 6 years old with a fully doxxed founder.
RD-F-184 green Real-capital social-engineering persona No evidence of a team contributor or external integrator persona with >=USD 1M of real-capital deposits used to build credibility ahead of social-engineering attack on Curve. Both major Curve incidents (July 2023 Vyper compiler exploit; August 2022 DNS hijack) were technical/infrastructure attacks — not insider social engineering. The Drift Protocol reference case for F184 (DPRK UNC4736 real-capital persona, 6-month build-up) has no analogous evidence at Curve. Egorov's personal $85-100M CRV-backed loans were personal finance, not a social-engineering setup.
Fork / dependency lineage Green 0 10 of 10
RD-F-126 n/a Is-a-fork-of Curve Finance is the original StableSwap AMM protocol invented by Michael Egorov. No upstream fork relationship exists. The curve-contract GitHub README has no upstream fork declaration. The StableSwap invariant is Curve's own invention described in the Nov 2019 whitepaper. Other protocols fork Curve; Curve does not fork any prior protocol. RD-F-127 n/a Upstream patch not merged No upstream fork relationship. Factor not applicable — Curve is the original protocol. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) No upstream fork relationship. Factor not applicable — Curve is the original protocol. RD-F-129 n/a Code divergence from upstream (%) No upstream to diff against. Fork depth = 0 (original). Factor not applicable. RD-F-130 n/a Fork depth (generations from original audit) Fork depth = 0 (original). Factor not applicable. RD-F-131 n/a Fork retains upstream audit coverage No upstream fork relationship. Curve's own multi-firm audit history is assessed in Cat 1. Factor not applicable. RD-F-132 n/a Fork has different economic parameters than upstream No upstream fork relationship. Factor not applicable.
RD-F-133 green Dependency manifest uses unpinned versions stableswap-ng pyproject.toml pins Vyper exactly at '0.3.10' (no caret). Python uses ^3.10 (minor-update allowed but not security-critical). titanoboa-zksync pinned to git tag v0.1.2. The security-critical compiler dependency (Vyper) is strictly pinned. No Solidity libraries (OZ, Solady) used.
RD-F-134 green Dependency had malicious-release incident (last 90d) No npm, PyPI, or crates.io dependency incident affecting Curve's build pipeline found in trailing 90 days (to 2026-04-28). Vyper 0.3.10 has no known malicious release in this window. No security advisory flags on Curve's Python/Vyper dependency stack.
RD-F-135 green Shared-library version with known-vuln status Curve does not use OpenZeppelin, Solady, or Solidity shared libraries. Vyper 0.3.10 has no known CVE or security advisory as of 2026-04-28. The critical compiler bugs affecting Vyper were in 0.2.15/0.2.16/0.3.0 (July 2023 exploit); fix confirmed in 0.3.1; 0.3.10 post-dates the fix by multiple releases.
Post-deploy hygiene & change mgmt Green 18 13 of 13
RD-F-136 yellow Deployed bytecode matches signed release tag Curve does not publish universally-signed release-tag commit hashes for all deployed bytecode. Core DAO contracts (VotingEscrow, GaugeController) are original 2020-2021 deploys with no subsequent bytecode change. GitHub v1.3.0 release tag (June 2021) exists for curve-dao-contracts. NG factory blueprint implementations are tracked via DAO votes but no universal signed-tag verification process is documented. RD-F-137 yellow Upgrade frequency (per 90 days) Curve operates continuous deployment. NG factory implementations are periodically upgraded via DAO votes. GitHub shows last commit 2026-03-20 indicating ongoing development. Estimated ≥5 governance-approved contract changes per 90 days given breadth across 27+ chains and multiple NG contract series. RD-F-139 yellow Post-audit code changes without re-audit Curve NG series has continuous development. ChainSecurity audited Tricrypto-NG (June 2023), FeeSplitter (September 2024), Curve Stablecoin updated contracts through Feb 2025. GitHub shows ongoing activity through March 2026. Non-trivial gap between most recent audit coverage and latest deployment activity for DEX-scope contracts. Mitigated by recurring ChainSecurity/MixBytes audit engagement; factory-blueprint model limits blast radius. RD-F-145 yellow Deployed bytecode reproducibility Vyper contracts are deterministically reproducible from source + compiler version. NG contracts specify pragma version 0.3.10 in source headers. Full bytecode reproducibility verification for all 2000+ pool deployments is not publicly documented by Curve. Core DAO contracts (2020-2021 vintage) are reproducible from Etherscan-verified source. RD-F-146 yellow New contract deploys in last 30 days Curve has continuous new pool deployments across 27+ chains via factory. GitHub last commit 2026-03-20 indicates ongoing activity. Cross-chain NG deployments on Monad ($16M TVL), Fraxtal ($12.8M TVL), Etherlink ($10.8M TVL) suggest recent factory deployments in last 90 days. Exact count not determinable without on-chain enumeration. RD-F-168 yellow Stale-approval exposure on deprecated router Legacy StableSwap v1 pools (curve-contract) and older router versions may hold stale user approvals from 2020-2022 era. The 2022 DNS hijack exploited the frontend to potentially harvest approvals. No systematic stale-approval revocation campaign identified in public documentation. Current curve-router-ng is actively maintained but legacy approvals to older routers persist. RD-F-185 yellow Bridge rate-limiter / chain-pause as positive mitigant Curve suspended LayerZero bridge infrastructure in April 2026 following rsETH exploit. No active programmatic rate-limiter documented for the suspended LayerZero bridge. xchain-factory bridge wrappers are chain-specific without a universal rate-limiter. Vyper AMM pools on Ethereum are immutable — no chain-pause mechanism applicable. Suspension provides de-facto protection (no outflows possible) but is not a programmatic rate-limiter.
RD-F-138 green Hot-patch deploys without timelock (last 30 days) No documented hot-patch deploys outside the Aragon 7-day governance process in last 30 days. Emergency DAO actions (gauge kills) go through the 24-hour eDAO vote process, not a no-timelock immediate deploy. No unilateral admin upgrade path identified for core contracts.
RD-F-140 green Fix-merged-but-not-deployed gap No documented case of a fix merged to GitHub but not deployed for active contracts. The July 2023 exploit affected immutable Vyper pools that could not be patched in-place; they were killed/emptied by eDAO. No known Mirror-class fix-not-deployed gap in Curve's history.
RD-F-141 green Test-mode parameters in deploy No evidence of test-mode parameters remaining in production deployments. Curve NG contracts use factory-controlled deployments with validated parameter bounds. Core DAO contracts deployed 2020-2021 with production parameters. No test-oracle or infinite-allowance admin pattern identified.
RD-F-142 green Storage-layout collision risk across upgrades Pool contracts are immutable Vyper — no proxy upgrades, so no storage-layout collision risk for pools. Aragon Voting Apps use AppProxyUpgradeable (Aragon OS) but app-logic upgrades are governance-controlled. NG factory blueprint upgrades create new implementation slots, not in-place storage overwrites. Collision risk is very low by design.
RD-F-143 green Reinitializable implementation (no _disableInitializers) Core Curve contracts are Vyper non-proxy contracts (VotingEscrow, GaugeController, Minter, CRV token, pool contracts) — no OZ _disableInitializers() pattern applicable. Pool contracts are immutable Vyper deployments. Aragon Voting Apps use Aragon OS AppProxyUpgradeable with Aragon's own initialization guard (not OZ). No OZ-style reinitialization risk. Methodological note: factor is written for Solidity OZ pattern; Vyper immutable contracts are structurally equivalent to the green outcome.
RD-F-144 green CREATE2 factory permits same-address redeploy NG factory uses CREATE2 for deterministic pool deployment addresses but deploys immutable pools — no mechanism to redeploy to same address with different bytecode. Each pool is a fresh immutable instance. No evidence of CREATE2 redeployment attack surface.
Cross-chain & bridge Yellow 26 12 of 12
RD-F-147 yellow Protocol has bridge surface Yes — LayerZero OFT bridge for CRV/crvUSD/scrvUSD via curve-xdao (chains: BNB, Sonic, Avalanche, Fantom, Etherlink, Kava) and crvUSD FastBridge via L2MessengerLZ/VaultMessengerLZ (Arbitrum, Optimism, Fraxtal → Ethereum). Cross-chain governance uses chain-specific canonical bridges (Arbitrum, Polygon native). SUSPENDED April 19, 2026 following rsETH Kelp DAO exploit. Yellow: bridge surface exists and has been suspended due to a peer vulnerability in the same infrastructure class. RD-F-148 yellow Bridge validator count (M) Two LayerZero bridge surfaces: (1) FastBridge (crvUSD L2→Ethereum): 2-of-2 DVN — LayerZero Labs + SwissStake (Curve core developers). Adequate validator count with independent operators. (2) CRV OFT (curve-xdao, BNB/Sonic/Avalanche/Fantom/Etherlink/Kava): DVN count pre-suspension not publicly documented. Strong contextual evidence of single/default DVN: Curve triggered suspension specifically in response to rsETH Kelp DAO exploit (same 1-of-1 DVN failure class); ~47% of LZ OFT apps pre-incident used single-DVN per Hypernative analysis. Net: yellow (one surface well-configured, other surface unconfirmed and likely single-DVN). RD-F-149 yellow Bridge validator threshold (k-of-M) FastBridge: threshold 2-of-2 — adequate. CRV OFT (xDAO): threshold pre-suspension unconfirmed; if using default single-DVN, threshold = 1/1 = single-point-of-failure (catastrophic edge per taxonomy: 'threshold of 1 is single-factor sufficient for forged-message → unbacked mint'). Suspension removed immediate risk, but DVN configuration has not been confirmed as changed/improved as of 2026-04-28. Bridge effectively frozen so exposure is limited, but the structural vulnerability in the CRV OFT pathway is unresolved. RD-F-150 yellow Bridge validator co-hosting FastBridge: 2-of-2 DVN with LayerZero Labs and SwissStake (Curve core devs) as separate entities — distinct organizations, geographically separate, low co-hosting risk. CRV OFT (xDAO): if using single-DVN = LayerZero Labs infrastructure, all validation is concentrated in one operator's infrastructure (ASN/datacenter concentration is moot in a 1-entity model). Confidence low for the xDAO bridge specifically due to unconfirmed DVN configuration. RD-F-155 yellow Bridge validator-set rotation recency No public validator set rotation events documented for either FastBridge or CRV OFT (xDAO). The suspension enacted April 19, 2026 is a pause action by Curve, not a DVN set rotation. No governance forum posts found regarding planned DVN rotation pre- or post-suspension. Confidence low due to limited public documentation of LZ DVN rotation history for Curve's specific bridges. RD-F-156 yellow Bridge uses same key custody for >30% validators FastBridge 2-of-2: LayerZero Labs + SwissStake — two separate entities, different key custody, <30% concentration per entity. Green for FastBridge. CRV OFT (xDAO): if single-DVN = LayerZero Labs, 100% of validation is held by one entity (>30% threshold exceeded). Net: yellow (one surface acceptable, xDAO surface likely exceeds threshold if single-DVN is confirmed). RD-F-179 yellow LayerZero OFT DVN config (count, threshold, diversity) Two LayerZero OFT surfaces: (1) FastBridge crvUSD (L2MessengerLZ/VaultMessengerLZ): 2-of-2 DVN (LayerZero Labs + SwissStake) — independently operated, different organizations, adequate diversity. Not a 1-of-N pathway. (2) CRV OFT (curve-xdao bridges to BNB/Sonic/Avalanche/Fantom/Etherlink/Kava): DVN configuration not documented in public sources. Strong contextual evidence of single/default DVN: (a) Curve suspended entirely due to rsETH Kelp DAO exploit — a protocol that had a 1-of-1 DVN configuration compromised via a forged message; (b) Blockaid post-incident audit identified ~47% of LZ OFT apps using 1-of-N (catastrophic) pathway pre-incident; (c) curve-xdao repository contains no DVN configuration documentation. Current status: both surfaces SUSPENDED as of April 19, 2026. No re-enable confirmation as of 2026-04-28. Net: YELLOW — FastBridge adequate, CRV OFT likely-single-DVN pre-suspension with the suspension itself being the realized-risk indicator. RD-F-151 n/a Bridge ecrecover checks result ≠ address(0) [★ CRITICAL] N/A for LayerZero V2 architecture. LayerZero V2 does not use ecrecover for message validation. DVN attestation model uses structured verification to LayerZero Endpoint V2 with peer-address matching (setPeer), not raw ECDSA signature recovery where ecrecover could return address(0). The Wormhole-class ecrecover bug is specific to bridges that use raw signature recovery for validator approval — LayerZero V2 DVN model does not have this vulnerability pattern. RD-F-154 n/a Default bytes32(0) acceptable as valid root [★ CRITICAL] N/A for LayerZero V2 architecture. LZ V2 does not use a Merkle root commitment model. The Nomad $190M bug class requires a confirmAt[bytes32(0)] = 1 initialization in a Merkle root acceptability check — specific to Nomad's Replica architecture where the zero default could be trusted. LZ V2 uses per-packet payload hash commitment to the endpoint; there is no 'acceptable root' mapping that can be zero-initialized to enable replay. Architectural mismatch: not applicable. RD-F-157 n/a Bridge TVL per validator ratio CRV OFT bridge TVL (chains: BNB, Sonic, Avalanche, Fantom, Etherlink, Kava) is collectively ~0.4% of Curve's total $1.72B TVL per DefiLlama chain breakdown — well below $10M in absolute terms for these chains. FastBridge crvUSD: subset of L2 TVL (~$30-60M total L2; fast bridge portion is a subset). TVL per validator ratio is low in absolute USD terms for both surfaces. Green: even if DVN config is single, the total CRV bridged via xDAO is small enough that bridge TVL/validator ratio is not a primary concern. [v1-deferred: only curator_note evidence; downgraded per §14 Pass 3]
RD-F-152 green Bridge binds message to srcChainId LayerZero V2 OApp: messages scoped to source endpoint ID (EID = chain-specific). Each OApp sets trusted peers via setPeer(srcEid, peer) — messages include source EID in packet header, verified by DVNs. A message from chain A cannot be replayed as chain B because the source EID is part of the verified packet structure. Chain separation is structural in LZ V2, not an afterthought.
RD-F-153 green Bridge tracks nonce-consumed mapping LayerZero V2 uses ordered nonce model per pathway (srcEid, sender, dstEid). Endpoint tracks lazyInboundNonce and inboundNonce ensuring ordered delivery and replay protection. Out-of-order messages are queued, not replayed. Each packet is consumed exactly once. Replay protection is structural in LZ V2 endpoint design.
Threat intelligence & recon Yellow 22 8 of 8
RD-F-161 yellow Protocol-impersonator domain registered (typosquat) Curve Finance is a major DeFi brand ($1.72B TVL, 6+ year history, global name recognition) making it a high-value typosquat target. 90-day detection window applies (2026-01-28 to 2026-04-28). Documented impersonation history relevant to the detection window: May 2025 DNS hijack involved creation of a full replica frontend at a malicious IP pointed by hijacked curve.fi DNS — functionally equivalent to domain-level spoofing. May 2025 X account compromise. Curve migrated from curve.fi to curve.finance post-May 2025 incident; curve.fi is now a legacy domain that could be exploited as a typosquat surface if adversarially re-registered. WHOIS/domain-monitoring feed required for full 90-day typosquat registration scan — not publicly accessible without DomainTools/MarkMonitor. Risk is elevated given proven repeated attack pattern on domain infrastructure. Score yellow: elevated by documented impersonation history; specific 90-day registration count requires domain feed. RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols Evidence-based estimate from hack DB and Curve's own incident history. July 2023 Vyper exploit: opportunistic (rapid exploitation within hours of public Vyper bug disclosure; NOT a long-duration reconnaissance strike). August 2022 and May 2025 DNS hijacks: preparation involved cloning a frontend and manipulating DNS records — likely hours to days of preparation, not 78-day USPD reconnaissance. For DPRK-class attacks on similar DEX protocols (Drift Protocol: 6 months reconnaissance), baseline is 30-90 days; Curve's governance model (DAO, no single admin key) reduces insider-implant risk relative to team-controlled protocols. Relevant reconnaissance baseline for Curve's primary attack surface (frontend/DNS) is hours-to-days. Scored yellow: reconnaissance baseline acknowledged; attack vectors proven but shorter than USPD maximum for this protocol class. RD-F-158 gray Known-threat-actor cluster has touched protocol Tier-C advisory signal. No confirmed DPRK/Lazarus wallet interaction with Curve core contracts identified in public data at assessment date. Context: Curve pools are major DeFi liquidity venues used by all participants. Feb 2025 Bybit hack ($1.5B attributed to Lazarus) generated wallet clusters that interacted across major DeFi protocols; specific Curve core-contract interaction by those clusters is plausible but not confirmed in available public sources. Curve is a laundering venue by architectural design (permissionless, high-liquidity) — this is adversarial-venue-use, NOT team-DPRK linkage (analogous to PancakeSwap Bybit laundering distinction documented in process-learnings). Requires licensed Chainalysis/TRM feed for confirmation. No fire condition identified. RD-F-159 n/a Attacker wallet pre-strike probe (low-gas failing txs) v1-deferred (P1). Requires licensed threat-actor cluster list + real-time mempool monitoring. Mempool probe pattern (low-gas failing txs from threat-actor cluster) is not assessable at static dry-run without partner feed. Signal requires threat-actor cluster feed (Chainalysis/TRM) + mempool listener infrastructure. RD-F-162 n/a Known-exploit-template selector deployed by any address v1-deferred (P2). Requires exploit-template database. Curve's AMM pools use Vyper — standard EVM Solidity selector patterns for exploit templates do not directly apply. The Vyper reentrancy bug (July 2023) was compiler-level, not selector-based. No current exploit-template deployment observed. Not assessable at static dry-run without dedicated exploit-template DB. RD-F-164 n/a Leaked credential on paste/sentry site Requires dedicated paste-site monitoring feed (Pastebin, BreachForums, credential dump monitoring). The May 2025 DNS hijack indicates iwantmyname registrar credentials were compromised — that specific credential leak enabled the attack. Whether those credentials or other Curve infra credentials remain on paste sites is not determinable at static dry-run without a licensed credential-monitoring feed (e.g., SpyCloud, HaveIBeenPwned enterprise). Not assessable at this tier. RD-F-165 n/a Protocol social channel has scam-coordinator flag Requires curator social watchlist and real-time channel monitoring. Curve Discord and Telegram maintain active communities. May 2025 X account compromise resulted in scam posts that may have been amplified in social channels. Not assessable at static dry-run without social monitoring feed (Discord bots, Telegram channel analysis). No specific flagged scam-coordinator identified in public data.
RD-F-160 green GitHub malicious-dependency incident touching protocol deps Curve contracts are written in Vyper (not npm/cargo/PyPI dependency chain subject to malicious supply-chain releases). Primary compiler dependency is Vyper 0.3.10 for NG contracts (confirmed in profile §1). No current GitHub security advisory against Vyper 0.3.10 identified. The Vyper 0.2.15/0.2.16/0.3.0 reentrancy bug that caused the July 2023 exploit is a documented historical vulnerability — NG contracts migrated to Vyper 0.3.10 which does not contain that bug. No GitHub advisory against any Curve dependency identified at assessment date.
Tooling / compiler / AI Green 17 5 of 5
RD-F-170 yellow Solc version used (known-bug versions flagged) VYPER CODEBASE — factor reframed for Vyper. Current NG contracts use Vyper 0.3.10 (confirmed: CurveTricryptoOptimizedWETH.vy, CurveStableSwapNG.vy pragma; Etherscan verification of CurveStableSwapNGViews 0xFF530... shows Vyper 0.3.10 exact match). Legacy governance/DAO contracts (VotingEscrow.vy, ERC20CRV.vy, GaugeController) use Vyper 0.2.4 — EOL but not affected by the 0.2.15-0.3.0 reentrancy guard bug (bug introduced in 0.2.15). The 0.2.4 contracts are immutable governance infrastructure live since 2020. Vyper 0.2.4 has no known critical vulnerability in its implemented features but is an unsupported EOL version. Yellow (not red) because: (a) 0.2.4 is not in the known-bug class; (b) contracts have operated safely for 6 years; but the EOL status without migration plan is a residual risk. RD-F-174 yellow Dependency tree uses EOL Solidity version VYPER CODEBASE — reframed as EOL Vyper version in dependency tree. Legacy governance infrastructure (VotingEscrow.vy at Vyper 0.2.4, ERC20CRV.vy at Vyper 0.2.4, GaugeController) uses EOL Vyper versions. Vyper 0.2.4 is not actively maintained; current supported releases are 0.3.x/0.4.x. These immutable contracts cannot be upgraded to newer Vyper without full redeployment via DAO vote. GovernanceDAO contracts at 0.2.4 are deployed since 2020 without known exploit from compiler-level bug. EOL without migration plan is a persistent residual risk, scored yellow. RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Curve IS the upstream reference for StableSwap/CryptoSwap AMM designs. No bytecode similarity to a prior audited source with behavior deviation applies. The protocol is the original implementation. Factor not applicable in standard sense for an original protocol.
RD-F-172 green Repo shows AI-tool co-authorship in critical files No evidence of AI-tool co-authored commits (GitHub Co-authored-by: GitHub Copilot or similar) in curvefi GitHub repos. Curve Finance has not disclosed AI tool usage. No web search results link Curve Finance with AI-generated code contributions. Michael Egorov's development style (mathematical whitepaper-driven Vyper) is not associated with AI code generation tools.
RD-F-173 green Team self-disclosure of AI-generated Solidity No public team disclosure of AI-generated code in any Curve protocol component found. Curve Substack, GitHub org, and Michael Egorov's public communications make no mention of AI-generated contract code. Protocol development is based on explicit mathematical invariant design.
Response & disclosure hygiene Green 17 4 of 4
RD-F-176 yellow Disclosure SLA public No publicly documented acknowledgment-time SLA found. Docs page inaccessible (403). No stated triage window, 90-day disclosure window, or response-time commitment found in accessible sources. The Marco Croc payout (May 2024) confirms the channel works in practice, but no published SLA process was located. Yellow: channel operational but SLA transparency absent. RD-F-178 yellow CVE/GHSA advisory issued against protocol CVE-2023-39363 was filed against the Vyper compiler project, covering the reentrancy guard storage slot misalignment bug in Vyper 0.2.15/0.2.16/0.3.0. This CVE directly describes the root cause of the July 2023 Curve exploit. However, the advisory is against Vyper (the compiler), not Curve Finance (the protocol). No Curve-issued GHSA or Curve-specific CVE found. Yellow: relevant CVE exists but was not issued by or against Curve as the protocol itself.
RD-F-175 green Disclosure channel exists Active security disclosure channel confirmed: security@curve.fi. Program operational and functional — confirmed by $250K payout to Marco Croc (May 2024) for reentrancy vulnerability disclosure. Docs page (docs.curve.finance/security/security/) returns 403 but redirect confirmed to docs.curve.finance domain; channel confirmed via third-party coverage.
RD-F-177 green Prior known-ignored disclosure No evidence of a prior known-and-ignored disclosure. The 2023 Vyper compiler bug (CVE-2023-39363) was unknown until the day of exploit per LlamaRisk post-mortem ('remained unknown until July 30th'). The 2022 DNS hijack was an infrastructure failure, not a disclosed vulnerability. The May 2024 Marco Croc disclosure was promptly rewarded ($250K) with no subsequent exploit. Green: no ignored disclosure pattern found.
rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol curve-v2