Ultimate magazine theme for WordPress.

Guest post by Coincu: A number of exploits hit Curve Finance’s liquidity pools

Important points:

  • Curve Finance is facing multiple drawdowns on its liquidity pools, resulting in significant losses for projects like Conic Finance, JPEG’d, Metronome, and Alchemix.
  • The alleged reasons include vulnerabilities in programming language versions and tampering with the get_virtual_price function, underscoring the need for improved security measures in the DeFi space.
Curve Finance, a well-known decentralized finance (DeFi) protocol, has faced a wave of attacks on its liquidity pools, resulting in significant losses across multiple projects.

Recent incidents involving Conic Finance, JPEG’d, Metronome, and Alchemix have raised concerns in the DeFi community. The attack series began on July 21 at Conic Finance, where assets were withdrawn due to a connection with LP tokens on Curve Finance. Subsequently, on July 30, the Lending NFT JPEG project reported an exploit in the pETH-ETH liquidity pool on Curve Finance, resulting in a loss of $11 million.

On the same day, Metronome also suffered a $1.6 million loss following a similar exploit. Additionally, alETH was victimized by Alchemix and suffered an estimated $13.6 million loss related to a liquidity pool on Curve.

The exact reasons behind these exploits have not been fully disclosed at this time. However, the community has speculated on two main factors. Initially, vulnerabilities are suspected in versions 0.2.15/0.2.16/0.3.0 of the VyperLang programming language. These versions lack the re-entry anti-attack filter that allows hackers to perform rounding attacks and withdraw funds from liquidity pools.

The second conjecture, laid out in a ChainSecurity document, focuses on Curve Finance’s get_virtual_price function. This function, which determines the market price of LP tokens, can potentially be manipulated by re-entry hackers to create a payout loop and manipulate the Oracle price index.

In particular, the ChainSecurity document clarifies that this vulnerability has no internal impact on curve pools. Instead, it can affect platforms that use Curve’s LP tokens as collateral, which can lead to false loan withdrawals.

Curve Finance and impacted projects are likely to work closely with the community to analyze and address the root causes of these attacks. Implementing robust security measures and promoting transparency are crucial for the DeFi ecosystem to instill trust among users and maintain the sustainable growth of the DeFi sector.

DISCLAIMER: The information on this website is intended as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.


Coincu News

Continue reading…

Coincu News

Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers

Comments are closed.

%d bloggers like this: