Dependency graph (protocols depended upon)

Curve Finance's assessment for RD-F-050 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Dependency graph: (1) Token-specific rate oracle per StableSwap-NG pool (wstETH -> Lido stETH.getPooledEthByShares(), cbETH -> Coinbase exchange rate). (2) Vyper 0.3.10 compiler (historical load-bearing; legacy pools used 0.2.15/0.2.16/0.3.0 which caused July 2023 $60.6M exploit). (3) LayerZero for CRV/crvUSD cross-chain (suspended April 19, 2026). (4) Canonical rollup bridges for L2 pools. No Chainlink dependency on core Ethereum pools. Yellow: multiple dependencies with meaningful failure modes, especially the Vyper compiler history and the LayerZero suspension.

Sources #

GitHub
curve-xdao GitHub repositorycurve-xdao repo — CRV bridge to AVAX/FTM/BSC/KAVA/Sonic via LayerZeroretrieved 2026-04-28

Methodology #

List all external protocols whose failure would directly impair this protocol (LST providers, bridges, stablecoin issuers, keepers).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-050 score yellow collected_at 2026-04-28 19:48:40