# Risks Last updated: May 31, 2026. CurveYield combines AMMs, vaults, credit markets, bridges, keepers, external protocols, and DAO-controlled treasury systems. Composability can improve capital efficiency, but it also increases dependency risk. This documentation is not an audit. Users and integrators must review product status, contract references, ownership paths, and any external audit or review materials before using a CurveYield system. ## Smart contract risk CurveYield uses custom contracts, adapted open-source infrastructure, external protocols, vault strategies, bridge contracts, keepers, and governance systems. A bug or incorrect integration in any component can cause loss. ## Vault and strategy risk Vaults can depend on staking, lending, LP positions, reward claiming, swaps, external incentives, and keeper execution. Losses may occur from bad debt, failed withdrawals, slippage, reward shortfalls, liquidation events, or incorrect route assumptions. ## BoostHub risk BoostHub-backed vaults depend on StakeDAO gauges, delegated `vlSDT` boost availability, reward-token prices, keeper reliability, swap routes for compounding, vault accounting, and withdrawal liquidity. Boost can improve reward capture, but it does not guarantee a fixed APR. ## Oracle and rate risk Yield-bearing assets require accurate pricing. Vault PPS, underlying exchange rates, Curve pool rates, Chainlink feeds, cross-chain rate messages, and remote oracle freshness can all affect accounting, swaps, deposits, withdrawals, and collateral values. ## Liquidity risk Some strategies exit through pools with finite liquidity. Thin liquidity can increase slippage, slow withdrawals, or make instant exits uneconomic. ## Credit and leverage risk Borrowing against productive collateral can magnify gains and losses. Risks include liquidation, borrow-rate spikes, stale PPS data, thin liquidation liquidity, unwind slippage, correlated collateral losses, and failed keeper execution. ## Bridge risk Cross-chain vault assets depend on LayerZero V2 messaging, endpoint configuration, DVNs, remote contracts, adapter/OFT behavior, and rate publishing. Bridge failures or stale rates may affect remote-chain users. ## Keeper risk Reward claiming, compounding, fee settlement, gas top-ups, route maintenance, and rate publishing can depend on keepers. Keeper outages can reduce yield, delay operations, or leave positions idle. ## Governance risk DAO-controlled parameters include fees, routes, treasuries, ownership, bridge configuration, strategy permissions, incentives, and emergency roles. Governance compromise or mistakes can affect funds. ## Fork and dependency risk CurveYield uses proven open-source protocol infrastructure where possible. This reduces unnecessary reinvention, but it does not eliminate integration risk, permission risk, dependency risk, oracle risk, license risk, or divergence from upstream assumptions. ## External protocol risk CurveYield integrates with external systems such as Balancer-style pools, Curve, StakeDAO, Convex, Yearn, IPOR Fusion, Morpho, Euler, Aave, Pendle, Merkl, QuickSwap, Sushi, LayerZero, Superfluid, and Aragon. External failures, upgrades, governance changes, or incentive changes may affect CurveYield products. ## Product status risk Some modules are live, some are built/testing, and some are planned. [Product Status](/reference/product-status.md) distinguishes public products from future architecture. ## Operational risk Automation and AI-assisted tooling can reduce overhead, but they do not replace audits, simulations, live monitoring, incident response, keeper monitoring, public risk disclosure, and governance review. ## Policy and incentive risk DAO-funded growth programs, emission support, bribe-efficiency support, admin-fee discounts, and partner frontend fee allocations are governance policies. They may be modified, paused, capped, or discontinued. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.curveyield.com/reference/risks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.