defirisk.co
rubric v1.7.0

Same-root-cause repeat exploit

Curve Finance's assessment for RD-F-079 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No same-root-cause repeat. Incident 1 (2022-08-09): DNS registrar nameserver compromise — off-chain infrastructure failure. Incident 2 (2023-07-30): Vyper compiler reentrancy storage slot misalignment — smart contract level. Distinct root-cause classes; no repeat.

Sources #

  • GitHub
    Curve Finance hacksdatabase — root cause comparisonhacksdatabase/hacks/curve-finance-rekt.md (DNS, off-chain) vs hacksdatabase/hacks/curve-vyper.md (compiler reentrancy, on-chain)retrieved 2026-04-28

Methodology #

Determine whether the protocol has been exploited ≥2 times via the same root-cause cluster.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-079 score green collected_at 2026-04-28 19:48:40