CVE/GHSA advisory issued against protocol

Convex Finance's assessment for RD-F-178 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No CVE or GHSA advisory found against Convex Finance core contracts. The Dec 2021 vulnerability was publicly disclosed via OZ's blog post (not filed as a formal CVE or GHSA advisory). GitHub Security Advisories search and NVD CVE database search for 'Convex Finance' return no relevant entries. All known vulnerabilities were responsibly disclosed, patched, and resolved before any exploitation.

Sources #

URL
Convex Finance Platform GitHub Repo — Security tabGitHub Security Advisories — no GHSA entries for convex-eth/platform found in public searchretrieved 2026-05-16
URL
OpenZeppelin: Convex Finance Vulnerability DisclosureOZ disclosure — documented as blog post, not filed as CVE or GHSA advisoryretrieved 2026-05-16

Methodology #

Determine whether a CVE, GHSA, or equivalent public advisory has been issued against this protocol or its code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol convex-finance factor RD-F-178 score green collected_at 2026-05-16 02:41:28