Verify a decision

{"actor":"reviewer","decided_at":"2026-06-14T23:15:45.355Z","decision":"review","investigation_id":"3e4567af-0a09-4107-b598-0cddbf8e26fa","new_score":26,"page_slug":"curve-dex","prev_score":26,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Curve Finance is a legitimate, long-running DeFi protocol that has suffered a series of security incidents and governance stress events but has not committed fraud, run a Ponzi scheme, or executed an exit scam. The two largest incidents driving the current WARNING score are (a) the July 2023 exploit, which was caused by a compiler-level bug in the third-party Vyper language and is therefore not attributable to Curve's own negligence or fraud — roughly 73% of funds were recovered — and (b) the June 2024 founder liquidation, where bad debt was fully repaid within days. The 2025 X-account and DNS hijacks are third-party infrastructure attacks that did not compromise the protocol's smart contracts. The VC fraud lawsuit was dismissed by a California appeals court in February 2025. With ~$1.43B TVL in mid-2026, active governance, a scheduled emissions reduction program, and no unresolved fraud findings, Curve meets the CAUTIONARY band criteria (legitimate operator with material caveats): its caveats include continued founder governance-token concentration risk, the unresolved Swiss lawsuit, and the pattern of infrastructure security breaches. A score of 62 (CAUTIONARY) is appropriate under the band semantics — the current score of 38 (WARNING) over-penalizes the entity by treating a third-party compiler exploit and a resolved bad-debt episode as if they were ongoing fraud indicators.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}