Breakage analysis per dependency

Convex Finance's assessment for RD-F-052 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Breakage analysis partially documented. Curve GaugeController failure: all CRV reward claims revert, yield halts (existential severity). Curve Minter failure: CRV minting stops, yield halts. Curve VotingEscrow failure: gauge boost power lost, yield degrades to 1x. Curve per-pool gauge bugs: LP position loss in affected pools (materialized July 2023 Vyper reentrancy for select pools). Frax failure: cvxFXS impaired, <2% TVL. Resupply.fi: separate protocol, June 2025 exploit did not impair Convex core. No oracle dependency breakage scenario applies. Yellow because breakage analysis covers major deps but Prisma sunset and f(x) Protocol dependency impact are partially documented.

Sources #

URL
Crypto News — Resupply Protocol Exploited $9.5M via Price ManipulationResupply June 2025 $9.5M exploit: donation attack on cvcrvUSD ERC-4626 wrapper; Convex core Booster/VoterProxy NOT exploited; exploit used Convex-staked tokens as collateral in Resupply's lending protocolretrieved 2026-05-16
URL
LlamaRisk — Curve/Vyper July 2023 Post-mortemLlamaRisk July 2023 post-mortem confirms Convex's own contracts were not exploited; Curve pool LP positions deposited via Convex were exposed via Curve-side Vyper reentrancy bugretrieved 2026-05-16

Methodology #

Produce a short per-dependency text describing which protocol functions halt or degrade and impact severity if each declared dependency fails.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-052 score yellow collected_at 2026-05-16 02:41:28