★ Low-threshold multisig vs TVL

crvUSD (Curve Stablecoin)'s assessment for RD-F-028 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Primary admin (ControllerFactory) is effectively 1/1 (single EOA), the lowest possible threshold. $117M TVL against a 1/1 EOA admin. Emergency DAO 5-of-9 is separate and adequate for its narrow role but does not control the ControllerFactory.

Sources #

URL
DefiLlama crvusd TVLDefiLlama TVL $117.1M for crvusd protocol slugretrieved 2026-05-16
Etherscan
ControllerFactory readContractControllerFactory admin() = 0xbabe61887f1de2713c6f97e567623453d3c79f67 (single EOA = 1/1 effective threshold)retrieved 2026-05-16

Methodology #

Determine whether the multisig threshold is abnormally low relative to TVL peer cohort (e.g., 2-of-3 for a protocol with >$100M TVL where peer norm is 5-of-8).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol crvusd factor RD-F-028 score red collected_at 2026-05-16 19:09:40