$61 700 000 USD

JULY 2023




"Curve is one of the largest decentralized exchanges (DEX) in the crypto market today, with about $1.67 billion in total value locked (TVL), according to data on DeFi TVL aggregator DeFiLlama."


"A bug within older versions of the Vyper compiler caused a failure in a security feature used by a limited set of Curve pools (see affected pools below). As a result attackers were able to drain the affected pools of their tokens. The exploit comes directly at the expense of Curve liquidity providers for these affected pools, although Curve is attempting to contact exploiters and recover user funds. Thanks to a white hat, a portion of tokens from one affected pool were recovered by the DAO. The Curve eDAO cannot pause Curve pools or handle user funds in any way. However, it can kill CRV gauge emissions to Curve pools. It is expected the eDAO will kill gauge emissions to all affected pools."


"Curve, a stablecoin exchange at the heart of decentralized finance (DeFi) on Ethereum, has been the victim of an exploit according to a tweet from the project. Curve relies on smart contracts instead of middlemen to offer financial services such as stablecoin borrowing, trading and lending to users. Depositors on Curve earn annual yields of up to 4% from one of the many pools on the platform."


"Several stable pools on Curve Finance using Vyper were exploited on July 30, with losses reaching over $47 million. According to Vyper, its 0.2.15, 0.2.16 and 0.3.0 versions are vulnerable to malfunctioning reentrancy locks."


"A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop. Other pools are safe."


"According to initial investigation, some versions of the Vyper compiler do not correctly implement the reentrancy guard, which prevents multiple functions from being executed at the same time by locking a contract. Reentrancy attacks can potentially drain all funds from a contract."


"The investigation is ongoing but any project relying on these versions should immediately reach out to us," Vyper wrote on X. Based on an analysis of affected contracts by security firm Ancilia, 136 contracts used Vyper 0.2.15 with reentrant protection, 98 contracts used Vyper 0.2.16 and 226 contracts used Vyper 0.3.0."


"Curve's contracts become vulnerable when making a raw_call to send native tokens. The affected Curve pools were each using one of the aforementioned Vyper versions and are paired with native ETH. Tokens using the ERC-777 standard have also been affected, although Curve pools involving these tokens have all largely been deprecated (e.g. pBTC and HOME). ERC-777 adds callbacks, making those pools susceptible to the same reentrancy issue. Pools paired with WETH have not been affected."


"The exploiter opened an 80,000 WETH flash loan from Balancer and unwrapped all to ETH. They provided 40,000 ETH as liquidity to the Curve pETH/ETH pool and received 32,431.41 pETH-ETH LP tokens. 3,740 pETH and 34,316 ETH was removed from the pool by burning 32,431.41 pETH/ETH pool LP tokens. They again provided 40,000 ETH as liquidity to the Curve pETH/ETH pool, minting 82,182 more LP tokens. Another 1,184.73 pETH and 47,506.53 ETH was withdrawn by burning 10,272.84 Curve LP tokens. 4,924 pETH was swapped for 4,285 ETH within the Curve pool. 86,106.65 ETH was wrapped to WETH. 80,000 WETH repaid to Balancer to return the flash loan. 6,106.65 WETH ~$11 million was retained as profit."


"pETH/ETH | 6,106.65 WETH (~$11m) msETH/ETH | 866.55 WETH (~$1.6 m) and 959.71 msETH (~$1.8m) alETH/ETH | 7,258.70 WETH (~$13.6 m) and 4,821.55 alETH (~9m) CRV/ETH | 7,193,401.77 CRV (~$5.1m at time of exploit), 7,680.49 WETH (~$14.2m), and 2,879.65 ETH (~$5.4m)"


"A number of decentralized finance projects were affected by the attack. Decentralized exchange Ellipsis reported that a small number of stable pools with BNB were exploited using an old Vyper compiler. Alchemix’s alETH-ETH also witnessed $13.6 million outflow, along with $11.4 million exploited on JPEGd’s pETH-ETH pool, and $1.6 million in Metronome’s sETH-ETH pool. Curve Finance CEO Michael Egorov later confirmed 32 million CRV tokens worth over $22 million had been drained from the swap pool in a Telegram channel."


"A white hat hacker managed to take around 2,879 Ether, worth around $5.4 million, from an exploiter and returned it to the decentralized finance (DeFi) protocol Curve Finance amid the recent hack."


"On the same day, an ethical hacker seized some of the stolen assets and returned them to Curve Finance. A maximal extractable value bot operator with the username “c0ffeebabe.eth” used a front-running bot against a malicious hacker to secure almost 3,000 ETH. The funds were then returned to the Curve deployer address, which looks to be its rightful custodian."

Curve Finance used Vyper compiler versions between 0.2.15 and 0.3.0 to deploy the smart contracts behind some of their pools. These pools included crv/eth, aleth/eth, mseth/eth, and peth/eth. A vulnerability in smart contract meant that re-entrancy protection which was supposed to be applied was ineffective, and allowed $61.7m USD worth of funds to be drained from the smart contracts. $5.4m of these funds were exploited by a MEV-bot operator, who offered to return them. Curve Finance attempted negotiating for the rest of the funds, and it is unclear the outcome.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.