Difference between revisions of "Convex (CVX)"

Convex is a protocol designed to help Curve liquidity providers and CRV holders maximize their yields.

Basics

• Based in:
• Started in / Announced on:
• Testnet release:
• Mainnet release: 17-5-2021

History

• From Rekt (8-7-2021):

"Convex is “supported by Curve” (see footer of Convex website), meaning some of the Curve developers invested in the project and helped them with the code."

Audits & Exploits

• There is no evident bug bounty program (14-6-2021). Update (11-2-2022): This protocol offers an inactive bug bounty of $250K.
• Scored 69% on DeFi Safety (31-1-2024):

"The team remains anonymous. Though Convex shows evidence of tested code, there is a lack of comprehensive testing reports and formal verification. The protocol shines in security with multiple audits and a reasonable bug bounty program, though it lacks in protocol monitoring. Documentation on admin controls and roles is robust, but lacks a documented transaction signing policy."

• Previously scored 89% on DeFi Safety (11-2-2022):

"Convex was audited once before deployment. This protocol's software architecture is well documented. There is coverage of major deployed contracts by software function documentation. There is explicit traceability between important software documentation and implemented code. There are no documented tests for code coverage. However, there is evidence of good testing. There are no test reports. This protocol has not undergone formal verification."

With the comment:

"Convex Finance is a rock solid protocol with a team that was more than willing to cooperate with us from the start. At 89%, the protocol excels in all areas of our review. Most notably, it distinguished itself through some of the best access control docs we have ever seen. Additionally, Convex does an amazing job at detailing its resilience to common exploits. In the future, as per our standards, the only ways that Convex could improve would be to expand their technical documentation, obtain a Formal Verification, and add one or more audits to its repertoire. We have no doubts that this will be achieved by the team in the future."

• Previously scored 46% (14-6-2021): "MixBytes did a Convex Finance audit on April 19th 2021. While the audit brought up some concerning aspects, all were fixed. Convex Finance was released May 17th 2021."
• With the comment: "Good audit but no software docs and minimal testing.  No real info on who controls the contracts."

Bugs/Exploits

• From their Twitter (24-6-2022):

"DNS for http://convexfinance.com was hijacked, prompting users to approve malicious contracts for some interactions on the site. Funds on verified contracts are unaffected."

• From OpenZeppelin (4-4-2022):

"In late 2021, as part of a security audit for a client, OpenZeppelin conducted a security review of the Convex Finance protocol. As part of the audit, the Security Research Team uncovered a vulnerability that, if exploited by two of three anonymous multi-signature wallet (multisig) signers, would have given the Convex multisig direct control over Convex’s locked value—then approximately $15 billion. Convex documentation specifically stated such control was not possible. This vulnerability has since been patched by the Convex Team.

• From Blockthreat (7-3-2022):

"Convex Finance redeployed its vlCVX contract after an unknown vulnerability was responsibly disclosed to the project."

Governance

Admin Key

• From DeFi Safety (11-2-2022):

"The relevant contracts are clearly identified as immutable / upgradeable, as identified here. This admin control information is some of the best we've seen and other protocols would do well to emulate such a detailed, specific and concise page. Smart contract change capabilities are well identified in all contracts. This protocol's pause control is documented and well explained in this location. There is no evidence of testing. This protocol doesn't use timelocks, and explains this in this location."

• From DeFi Safety (14-6-2021):

"There is some admin control information present, but this information discusses the voting of the veCRV which is not relevant to Access Controls."

Seems to have been updated immediately after and now has a dedicated page explaining its multisig admin rights. It states that it can upgrade gauge types, the pool manager, can control the arbitrator vault, can change fees, can set treasury address, can vote, can shutdown/pause new deposits (while allowing users to withdraw all funds) and says it "does NOT have access to user funds in any way".

DAO

• After Mochi Inu came out of nowhere and bought and locked a ton of CVX and with it, stirred a whole lot of pots, Convex holders got spooked over Mochi's influence (12-11-2021):

"They have launched a proposal to basically disable the voting power of $MOCHI convex tokens. Main argument being that the $CVX was ill acquired and it would stop @MochiDeFi from taking any more disguised actions. Interestingly, even @ConvexFinance asks if them voting for this defies the very ethos of defi. It’s still early but currently the vote is 70%+ for disabling the voting power of $mochi."

Treasury

Token

Launch

Token Allocation

• From the docs (6-2021):

1. Max Supply: 100 million
2. 50% Curve LP rewards Rewarded pro-rata for CRV received on Convex
3. 25% Liquidity mining Distributed over 4 years. (Incentive programs, currently CVX/ETH and cvxCRV/CRV)
4. 9.7% Treasury Vested over 1 year. Used for future incentives or other community driven activities
5. 1% veCRV holders Instantly claimable airdrop
6. 1% veCRV holders who vote to whitelist Convex Instantly claimable airdrop
7. 3.3% Investors Vested over 1 year. 100% of investment funds used to pre-seed boost and locked forever(no cvxCRV minted).
8. 10% Convex Team Vested over 1 year

Utility

• From this thread (1-6-2021):

"$CVX stakers get 5% of the yield generated. Users are receiving $CVX tokens - fair launch. LPs who keep their $CVX will be essentially paying fees to themselves."

Other Details

Coin Distribution

• With 10% to the team and 75% to rewards related to using the protocol, it has a distribution heavily skewed to yield farming. This has resulted in 2559 token address holders. The top 8 addresses holding CVX are all smart contracts.
• From Delphi Digital (18-4-2022):

"Terra has been a huge accumulator of CVX, growing to be the largest CVX held by a DAO in 4 months. Over the past 30 days, they have accumulated around 649k of CVX, pushing them ahead of Frax Finance to be the largest DAO holders of CVX. This comes as Terra has been using the 250M UST from the community fund to farm and stack CVX and CRV. This allows Terra to build up their own treasury of CVX and CRV to direct incentives towards their own pools and may allow them to taper Votium bribe spending.

Furthermore, the creation of a new 4pool, consisting of UST-FRAX-USDT-USDC, will allow Terra and Frax to direct incentives towards the new 4pool. With Terra and Frax owning a significant sum of CVX, it is likely that they will direct significant incentives and create deep liquidity within the 4pool. The 4pool alliance also consists of Badger, Redacted, Olympus and Tokemak, which adds up to around 60% of all DAO-owned CVX that will be supporting the 4pool."

What happens to the CVX owned by Terra after it relaunched as Terra 2 is yet to be seen.

Technology

• Whitepaper can be found here.
• Code can be viewed here. From DeFi Safety (11-2-2022):

"At 361 commits, Convex clearly does a good job of allowing others to see it in their rear-view mirrors."

Implementations

• Built on: Ethereum, Curve and uses yEarn strategies (17-6-2021).

How it works

• From this thread (1-6-2021):

"Convex can provide boosted yield because it owns a large amount of $veCRV. How so? Convex allows $CRV holders to convert their $CRV to $cvxCRV. $cvxCRV is tokenized $veCRV. $cvxCRV holders receive a portion of the yield that stablecoin LPs generated (currently 138% APY)."

Fees

Upgrades

Staking

• From Bankless (17-6-2021):

"Users can stake cvxCRV to earn Curve trading fees, boosted CRV rewards, paid out using earnings from LP vaults performance fee (10% of the total CRV earned), along with CVX rewards. CVX can also be staked on the platform, earning users more cvxCRV."

Liquidity Mining

Scaling

Interoperability

Other Details

Oracle Method

• From DeFi Safety (11-2-2022):

"Due to the protocol being price agnostic, it effectively renders front running or flash loan manipulation attempts ineffective. This is also why Convex does not require an Oracle."

Their Other Projects

Roadmap

• Can be found [Insert link here].

Usage

• Reached $1bn in TVL (14-6-2021). It had $2.2m in revenue after 2 weeks (1-6-2021).
• From this thread (1-6-2021):

"Owning $cvxCRV is so damn juicy that 18.2m $CRV have been irreversibly locked up in just 2 weeks. For comparison, Yearn has locked up 17.3m $CRV after ~1 year. Convex crushed Yearn's moat in 2 weeks. It now owns more $veCRV than Yearn."

• From Bankless (17-6-2021):

"Despite launching under a month ago, the project has exploded in popularity, already attracting over $3.4 billion in TVL.

A considerable portion of Convex’s TVL comes from Yearn, as 33 of Yearns Curve LP vaults are utilizing strategies that involve depositing capital into Convex. In fact, Yearn is currently earning over 20% of the total CVX rewards that have been paid out."

• From Rekt (8-7-2021):

"It took just 2 days for Convex to overtake Stake DAO, and 14 days for them to overtake Yearn."

Projects that use or built on it

• StakeDAO; from Rekt (8-7-2021): "Instead of using their veCRV to boost their own vaults, Stake DAO has conceded the fight and migrated their Curve pools to operate on top of Convex. This move allows them to provide a higher APY than Yearn at present, but may be regrettable in the future, as it gives up more power to the already strong Convex platform."

Competition

• yEarn, StakeDAO and other yield optimizers.
• From Bankless (17-6-2021):

"There are three key differences between Convex and Yearn:

1. On Convex, users will have to manually reinvest their rewards back into the different vaults to compound rather than it being done automatically on Yearn
2. Convex has a lower fee structure, as they keep 16% of profits in the form of a performance fee, while Yearn charges a 2% management fee along with 20% of profits
3. On Convex, users can farm CVX (which can also be reinvested back into the various vaults)

Like Yearn, it provides similar increases in capital efficiency, yield, and liquidity for LPs and CRV holders, with the added benefit of additional CVX rewards."

Pros and Cons

Pros

Cons

Team, Funding, Partners

Team

• One team member is public (11-2-2022).
• C2tp
• From Rekt (8-7-2021):

"Convex is “supported by Curve” (see footer of Convex website), meaning some of the Curve developers invested in the project and helped them with the code."

Funding

• From a thread on the past of Alameda (21-10-2022):

"Alameda had $847M deposited to farm and dump ~70 ETH worth of $CVX on a daily basis. This farm/dump operation lasted for months. They almost single-handedly brought the price of $CVX down to $2"

Partners

• Seems to be involved closely with Acrabadabra.money, since one of the multi-sig signers is from Convex (10-10-2021)

(:

Knowledge empowers all and will help us get closer to the decentralised world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31

Also check out CoinTr.ee for more content.