Exploitation of Stable Pools on Curve Finance: Losses Reach $24 Million
Several stable pools on Curve Finance using Vyper were exploited on July 30, resulting in losses of $24 million. The vulnerabilities exist in versions 0.2.15, 0.2.16, and 0.3.0 of the Vyper compiler, which are susceptible to malfunctioning reentrancy locks.
Key Points:
- The investigation is ongoing, and projects relying on these versions should contact Vyper immediately.
- The attack is related to the incorrect implementation of the reentrancy guard, which allows multiple functions to be executed simultaneously.
- Decentralized finance projects, including Ellipsis, Alchemix, JPEGd, and Metronome, were affected by the attack.
- Curve Finance is a DeFi protocol facilitating the decentralized exchange of stablecoins on Ethereum.
- Prior to this incident, Conic Finance, an omnipool platform on Curve Finance, was exploited for $3.26 million in ETH.
Hot Take: The exploitation of stable pools on Curve Finance highlights the persistent vulnerabilities within the DeFi ecosystem. It is crucial for projects to stay updated on the latest security measures and promptly address any vulnerabilities to safeguard user funds.
By
By
By
By
By
By