There was an asset leak in Curve Finance

Yesterday, a hacker carried out a successful attack on the pools of stable coins of the Curve Finance decentralized crypto exchange. He was able to withdraw about $47 million. To do this, he exploited a vulnerability in Vyper.

Details about the hack

Representatives of the site reported that several pools of stablecoins that use Vyper 0.2.15 were able to hack, as there was a malfunction in the re-entry mechanism. At the moment, the situation is being assessed. We are talking about pools alETH, msETH, pETH. The rest remained untouched.

Vyper is a contract-oriented programming language. It is based on Python and is designed for Ethereum EVM. The developers noted that the above vulnerability is observed in Vyper 0.2.15, 0.2.16 and 0.3.0.

Ancilia analysts report that the software with the vulnerability is involved in 460 protocols.

Curve studies report that some program code compilers have incorrectly implemented re-entry protection. It was supposed to prevent multiple functions from being performed simultaneously due to account blocking.

The GRIN4 ecosystem

We have created a bot to make money on crypto exchanges. You set the settings, and he trades 24/7. Manage all assets from one service: with your own hands or with the help of algorithmic trading. Anonymously. Simply. Stress-free.