defirisk.co
rubric v1.7.0

Auditor re-engaged after last exploit

crvUSD (Curve Stablecoin)'s assessment for RD-F-083 — scored not_applicable on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No crvUSD-core exploit has occurred requiring white-hat intervention or fund recovery. The July 2023 Curve Vyper event (which did NOT affect crvUSD) had significant white-hat involvement ($5.4M returned by MEV bots; 0xc0ffeebabe returned Metronome funds), but that is curve-v2, not crvusd. Not applicable to crvUSD core.

Sources #

  • Internal
    Curve Finance / Vyper Hack Report — hacksdatabasehacksdatabase/hacks/curve-vyper.md — white-hat involvement documented for curve-v2 (NOT crvUSD)retrieved 2026-05-16

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol crvusd factor RD-F-083 score not_applicable collected_at 2026-05-16 19:09:40