Breakage analysis per dependency

Curve Finance's assessment for RD-F-052 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Breakage analysis: (1) Rate oracle reverts: StableSwap-NG pool containing that token type is frozen for swaps. LPs may still be able to remove liquidity if remove_liquidity path avoids _stored_rates(). No user debt risk (DEX). (2) LayerZero bridge failure: CRV/crvUSD cross-chain unavailable on BNB/Sonic/Avalanche/Fantom/Etherlink/Kava — already realized via suspension. Core Ethereum TVL ($1.62B) unaffected. (3) Internal EMA oracle manipulation: risk falls on protocols using Curve pool price_oracle() as input, not Curve itself. (4) Vyper compiler: legacy pools with 0.2.15/0.2.16/0.3.0 remain live — any new reentrancy surface would affect those pools specifically.

Sources #

URL
Curve Vyper exploit post-mortem (LlamaRisk)LlamaRisk July 2023 post-mortem — Vyper compiler reentrancy exploit mechanismretrieved 2026-04-28
URL
Curve Finance Halts LayerZero Connectivity After rsETH ExploitBingx: LayerZero suspension — affected chains, CRV/crvUSD impactretrieved 2026-04-28

Methodology #

Produce a short per-dependency text describing which protocol functions halt or degrade and impact severity if each declared dependency fails.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-052 score yellow collected_at 2026-04-28 19:48:40