Convex Finance
DAMASCUSYield / Governance · Ethereum · $2B+ TVL · 15 contracts
Confidence 68%Z-Factor 0.88Updated 2026-05-17Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
839
BRI Score
3004756508251000
Security Profile
Access Control
80
80
Economic Soundness
85
85
Oracle Integrity
88
88
Compositional Risk
65
65
Governance
78
78
Maturity
88
88
Resilience
82
82
Supply Chain
82
82
Op Security
42
42
Cascade Exposure
88
88
Access Ctrl
80
80
Economic
85
85
Oracle
88
88
Compos.
65
65
Govern.
78
78
Maturity
88
88
Resilience
82
82
Supply Ch.
82
82
OpSec
42
42
Cascade
88
88
Min
42
Avg
78
Max
88
Audit History
MixBytes
2021-06
Peckshield
2022-01
Bug Bounty Program
$250,000
Max payout on Immunefi
Assessment
Largest Curve governance aggregator, 60+ months live with zero exploits. Deep Curve dependency is both strength (proven integration) and risk (single protocol dependency). vlCVX governance model well-tested.
Dimension Breakdown
How scores work →Access Control
Weight 18%80% conf
80
arrow_forwardStrong
+27Multisig admin controls
+27Operator permissions for pool management
+27vlCVX governance for protocol direction
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%82% conf
85
arrow_forwardStrong
+21CRV yield amplification model proven
+21CVX tokenomics well-understood
+21Liquid staking of veCRV position
+21Fee distribution transparent
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%85% conf
88
arrow_forwardStrong
-6No external oracle dependency
+44Relies on Curve pool pricing
+44Yield calculations based on on-chain state
-6No manipulation surface in core
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%88% conf
88
arrow_forwardStrong
+22Live since May 2021 (60+ months)
+22Largest Curve governance aggregator
+22Zero protocol-level exploits
+22Stable operations through multiple market cycles
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%78% conf
78
arrow_forwardGood
+20vlCVX governance for gauge weights
+20Multisig for emergency actions
+20Community governance maturing
+20Significant influence over Curve governance
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%78% conf
82
Strong
- Multiple audits
- Clean exploit history
- Active bounty program
- Well-understood attack surface
Operational Security
Weight 10%35% conf
42
arrow_forwardConcerning
-7No branch protection detected
-7No CI/CD pipeline detected
-7Weak PR review coverage (0%)
-7Minimal development activity (0 commits/month)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%72% conf
65
arrow_forwardModerate
+22Deep dependency on Curve protocol
+22cvxCRV/CVX liquidity essential
+22Frax, Aura compose on top
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%65% conf
88
arrow_forwardStrong
+29Appears in 3 cross-protocol cascade chain(s)
+29Member of 1 dependency cluster(s)
-12Score: 88/100 (higher = more isolated from systemic risk)
+29Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%82% conf
82
arrow_forwardStrong
+20Standard Solidity
+20OpenZeppelin libraries
+20Verified contracts
+20Moderate dependency graph
receipt_longView provenance chainarrow_forward
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Operational Security42
Compositional Risk65
Governance & Upgradeability78
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "convex"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("convex")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.