Curve Finance swimming pools exploited in over $24M on account of reentrancy vulnerability

by Jeremy July 30, 2023

A number of secure swimming pools on Curve Finance utilizing Vyper had been exploited on July 30, with losses reaching $24 million on the time of writing. In accordance with Vyper, its 0.2.15, 0.2.16 and 0.3.0 variations are susceptible to malfunctioning reentrancy locks.

“The investigation is ongoing however any venture counting on these variations ought to instantly attain out to us,” Vyper wrote on X.

We’re operating a big white hat rescue operation. Please attain out in case you suppose you are affected as a venture. https://t.co/tssWcRHg35

— sudo rm -rf –no-preserve-root / (@pcaversaccio) July 30, 2023

In accordance with preliminary investigation, some variations of the Vyper compiler don’t appropriately implement the reentrancy guard, which prevents a number of features from being executed on the similar time by locking a contract. Reentrancy assaults can doubtlessly drain all funds from a contract.

A variety of decentralized finance tasks had been affected by the assault. Decentralized change Ellipsis reported {that a} small variety of secure swimming pools with BNB had been exploited utilizing an previous Vyper compiler. Alchemix’s alETH-ETH additionally witnessed $13.6 million outflow, together with $11.4 million exploited on JPEGd’s pETH-ETH pool, and $1.6 million in Metronome’s sETH-ETH pool.

Sure sort of Curve manufacturing facility pool is encountering read-only reentrancy assault and inflicting a complete lack of $11m(@JPEGd_69) + $13m(@AlchemixFi) + …

Preliminary investigation founds that vyper compiler (0.2.15) would not implement the reentrancy guard appropriately.

add_liquidity and… pic.twitter.com/avaHdtSFsm

— Tony KΞ (@tonyke_bot) July 30, 2023

The exploit sparked panic throughout the DeFi ecosystem, prompting a wave of transactions throughout swimming pools and a rescue operation from white hats. Knowledge from CoinMarketCap exhibits Curve Finance’s utility token Curve DAO (CRV) declining over 5% in response to the information. CRV’s liquidity has declined considerably in current months, making it susceptible to violent value swings, Cointelegraph reported. In accordance with Curve Finance, crvUSD contracts and any swimming pools with it weren’t affected by the assault.

*Curve DAO token prince on July 30, 2023. Supply: CoinMarketCap.*

Curve Finance is a DeFi protocol that permits the decentralized change (DEX) of stablecoins inside Ethereum.

It is a creating story, and additional info shall be added because it turns into obtainable.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Curve Finance swimming pools exploited in over $24M on account of reentrancy vulnerability

Alibaba, silver, gold, Bitcoin, Ethereum: Mike Novogratz’s preferrred portfolio

DOGE, MKR, OP and XDC collect power as Bitcoin value stays range-bound

Related Posts