defirisk.co
rubric v1.7.0

Flash loan >$10M targeting protocol tokens

crvUSD (Curve Stablecoin)'s assessment for RD-F-100 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Flash loan >$10M targeting protocol. Applicable: crvUSD Controllers interact with Curve stableswap pools; PegKeepers can be targeted. No active flash-loan exploit against crvUSD detected as of 2026-05-16. The June 2024 UwU Lend cascade involved an attacker borrowing crvUSD (not flash-loaning); the primary exploit was on UwU Lend's oracle, not crvUSD contracts. No on-chain evidence of flash-loan-targeting-crvUSD in trailing 30 days. Signal would NOT fire today. [T-09 v1 phase-2 signal]

Sources #

  • URL
    SlowMist UwU Lend exploit analysisSlowMist UwU Lend analysis: attacker borrowed crvUSD via Curve Lend (not flash loan) at Block 20061322 — indirect, not direct crvUSD flash-loan attackretrieved 2026-05-16
  • URL
    LlamaRisk crvUSD depeg incident reportLlamaRisk crvUSD incident report — confirms no flash-loan attack against crvUSD itself; cascade was external (UwU Lend oracle manipulation)retrieved 2026-05-16

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol crvusd factor RD-F-100 score green collected_at 2026-05-16 19:09:40