Curve Finance
MITHRILDEX / AMM · Multi-chain · $2B+ TVL · 30 contracts
Public risk assessment — scores are produced with the same methodology as monitored protocols
Security Profile
90
92
88
78
85
96
72
78
85
55
90
92
88
78
85
96
72
78
85
55
Audit History
Bug Bounty Program
Assessment
Foundational DeFi AMM, 76+ months live, zero core logic exploits. StableSwap invariant is the most battle-tested AMM formula in DeFi. Vyper compiler dependency and massive downstream integration surface are the main risk vectors.
Dimension Breakdown
How scores work →- DAO-controlled with veCRV voting
- Admin functions behind timelock
- Emergency kill switch on pools
- Vyper-native reentrancy locks
- StableSwap invariant proven over 5+ years
- CRV emissions model well-understood
- Deep liquidity across major pools
- ve-tokenomics creates long-term alignment
- Internal EMA oracles for TWAP
- No external oracle dependency for core AMM
- Price oracle manipulation resistant via EMA
- Oracle used by external protocols (Curve oracle consumer)
- Live since January 2020 (76+ months)
- Survived multiple market crashes
- Largest stableswap DEX in DeFi
- Zero protocol-level exploits on V1/V2 core
- Vyper compiler bug affected some pools (2023) but not core invariant
- veCRV governance with 4-year lock maximum
- Emergency DAO for rapid response
- Timelock on parameter changes
- Gauge weight voting transparent on-chain
- Vyper compiler vulnerability disclosed 2023 (external dep, not logic bug)
- Active bug bounty program
- Multiple audit firms across versions
- EMA oracle manipulation vectors researched extensively
- Emergency DAO for rapid pool kills
- Active monitoring infrastructure
- Multiple keeper networks
- Professional team with deep DeFi expertise
- Deep DeFi integration surface (lending, stablecoins)
- LP tokens widely used as collateral
- Metapool pattern adds composition complexity
- Factory pools reduce per-pool audit coverage
- Curve pools are foundation for many stablecoin pegs
- crvUSD creates additional dependency surface
- Gauge emissions affect downstream protocol economics
- LP token repricing cascades to lending protocols
- Vyper language (smaller auditor pool)
- Custom math libraries (no OZ)
- Verified on Etherscan
- Factory pattern means new pools may have untested configs
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "curve"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
registry.getScore("curve")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.