Advertising revenue keep this site going. We do not actively endorse ads served to us.
DYOR. Please use your due diligence while on this site.
We also do not get information from our visitors.
cryptocurrency July 31, 2023

Share this article

Curve Finance, a significant player in the decentralized finance (DeFi) protocol, was threatened with near-collapse due to a critical vulnerability in the Vyper programming language.

This exploit risked nearly $100 million in digital assets, but a surprising reprieve came from a source normally associated with traditional finance — a centralized exchange price feed.

The issue was rooted in specific versions of Vyper which led to a malfunctioning reentrancy lock. This flaw facilitated a sizable drain from four Curve pools, plummeting the value of Curve’s native token (CRV) to as low as $0.086 on decentralized exchanges.

Advertisements
Source

While it may seem antithetical to DeFi’s core principles, the CEX price feed held the CRV price at $0.60 on centralized exchanges, preventing the token’s total collapse. Curve’s pools use Chainlink’s oracle system, which integrates price feeds from several sources, including CEXs.

The price feeds from centralized exchanges, part of Chainlink’s oracle system used by Curve’s pools, played a key role in this incident.

Binance, one of the major players in the cryptocurrency exchange realm, emerged unscathed from the Vyper vulnerability. CEO Changpeng Zhao, while highlighting the importance of keeping code libraries updated, pointed out the irony of a centralized system coming to the rescue of a decentralized protocol:

It’s important to stay up-to-date with code libraries, apps and OS. And stay SAFU [Secure Asset Fund for Users].”

The exploitable issue within Vyper’s earlier versions, 0.2.15, 0.2.16 and 0.3.0, is believed to be at least 1.5 years old, affecting Curve’s aETH/ETH, msETH/ETH, pETH/ETH and CRV/ETH pools. The meticulous planning and resources invested in the attack led a Vyper program contributor to suggest the possibility of a state-sponsored effort.

Share this article