Post-mortem published within 30 days

Curve Finance's assessment for RD-F-082 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

2023 Vyper exploit: LlamaRisk published comprehensive HackMD post-mortem within days of the 2023-07-30 exploit (well within 30 days). 2022 DNS hijack: Curve Substack post published 2022-08-10 (same/next day). Both incidents had public documentation within 30 days.

Sources #

URL
Curve Pool Reentrancy Exploit Postmortem July 30th, 2023LlamaRisk HackMD post-mortem — published promptly post-July 2023retrieved 2026-04-28
URL
August 10, 2022 — Curve frontend hackedCurve Substack — published 2022-08-10 (same day / next day after 2022-08-09 incident)retrieved 2026-04-28

Methodology #

Determine whether a public post-mortem was published within 30 days of the most recent incident.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-082 score green collected_at 2026-04-28 19:48:40