Curve may have ERC-777 related security risks, and the official response is that the relevant funding pool has long been abandoned

The security team Decurity discovered another security vulnerability on the Curve platform. Curve used ERC-777 Callback in some of the smart contracts of the token market, and this usage has security risks and may be subject to reentry attacks.
Decurity also pointed out that a MEV robot had used this vulnerability to conduct a $1,900 attack. Curve officials responded that the problem was a historical legacy. The attack occurred in the pBTC pool, which had long been abandoned, with only a small amount of funds remaining in the contract.
It is not clear whether other funding pools have similar security risks.