Flash loan >$10M targeting protocol tokens
Curve Finance's assessment for RD-F-100 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Curve is the largest stablecoin liquidity venue on Ethereum ($1.6B Ethereum TVL) and a primary source of flash loan liquidity itself. Flash loans against Curve pools are constant and structural. Signal threshold: flash loan ≥$10M + receiver contract interacts with protocol oracle/gov contract. Curve has no oracle to manipulate (self-contained AMM). Governance cannot be flash-loan-attacked (veCRV is time-locked, not flash-loanable). The signal is technically applicable to Curve as a venue but corroboration requirement (oracle/gov interaction) is structurally unavailable. Ongoing MEV sandwich and JIT-LP activity at scale. Historical: MEV bots front-ran the July 2023 exploit, generating largest MEV block rewards in Ethereum history. Score yellow: applicable signal but structurally suppressed by Curve's self-contained AMM architecture; not currently firing at threshold.
Sources #
- URLCurve Finance Pools Exploited Due to Code Vulnerabilities — ChainalysisChainalysis Curve Finance liquidity pool hack — MEV bots front-ran the 2023 exploitretrieved 2026-04-28
- T-09 Real-Time Signals §4.7 RD-F-100T-09 §4.7 RD-F-100 spec — suppression: receiver is known routing aggregator OR clean round-trip arb (net token outflow = 0)retrieved 2026-04-28
Methodology #
Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.
See the full factor methodology and distribution across all protocols →