Scores/Convex Finance

Convex Finance

MITHRIL

Yield / Governance · Ethereum · $2B+ TVL · 15 contracts

Confidence 68%Z-Factor 0.88Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

873

BRI Score

3004756508251000

Security Profile

Access Control
80

Economic Soundness
85

Oracle Integrity
88

Compositional Risk
65

Governance
78

Maturity
88

Resilience
82

Supply Chain
82

Op Security
80

Access Ctrl
80

Economic
85

Oracle
88

Compos.
65

Govern.
78

Maturity
88

Resilience
82

Supply Ch.
82

OpSec
80

Min

Avg

Max

Audit History

MixBytes

2021-06

Peckshield

2022-01

Bug Bounty Program

$250,000

Max payout on Immunefi

View Program →

Assessment

Largest Curve governance aggregator, 60+ months live with zero exploits. Deep Curve dependency is both strength (proven integration) and risk (single protocol dependency). vlCVX governance model well-tested.

Dimension Breakdown

How scores work →

Access Control

Weight 19%80% conf

Strong

Voter proxy pattern for Curve governance
Multisig admin controls
Operator permissions for pool management
vlCVX governance for protocol direction

Economic Soundness

Weight 14%82% conf

Strong

CRV yield amplification model proven
CVX tokenomics well-understood
Liquid staking of veCRV position
Fee distribution transparent

Oracle Integrity

Weight 14%85% conf

Strong

No external oracle dependency
Relies on Curve pool pricing
Yield calculations based on on-chain state
No manipulation surface in core

Battle-Tested Maturity

Weight 13%88% conf

Strong

Live since May 2021 (60+ months)
Largest Curve governance aggregator
Zero protocol-level exploits
Stable operations through multiple market cycles

Governance & Upgradeability

Weight 11%78% conf

Good

vlCVX governance for gauge weights
Multisig for emergency actions
Community governance maturing
Significant influence over Curve governance

Adversarial Resilience

Weight 11%78% conf

Strong

Multiple audits
Clean exploit history
Active bounty program
Well-understood attack surface

Operational Security

Weight 11%78% conf

Strong

Professional team operations
Automated reward distribution
Monitoring infrastructure
Responsive to security disclosures

Compositional Risk

Weight 5%72% conf

Moderate

Deep dependency on Curve protocol
Voter proxy is single point of integration
cvxCRV/CVX liquidity essential
Frax, Aura compose on top

Supply Chain

Weight 4%82% conf

Strong

Standard Solidity
OpenZeppelin libraries
Verified contracts
Moderate dependency graph

Additional Dimensions

Cascade Exposure

Weight conditional0% conf

-1

Critical

Not assessed — excluded from BRI computation

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Compositional Risk65

Governance & Upgradeability78

Access Control80

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2021-05-17Z-Factor 0.8809 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "convex"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("convex")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →