Vyper vulnerability exposes DeFi ecosystem to stress tests
Ana Paula Pereira2 hours agoVyper vulnerability exposes DeFi ecosystem to stress testsA number of pools using Vyper have been exploited due to a malfunctioning reentrancy lock that potentially exposes all pools with wrapped Ether (WETH).1593 Total views6 Total sharesListen to article 0:00NewsJoin us on social networksDecentralized finance (DeFi) protocols are undergoing a stress test following a critical vulnerability was found on versions of Vyper programming language, resulting in the theft of millions of dollars" worth of cryptocurrencies on July 30.
A number of pools using Vyper 0.2.15, 0.2.16 and 0.3.0 have been exploited due to a malfunctioning reentrancy lock, targeting at least four liquidity pools on Curve Finance protocol. "The short answer is that everything that could be drained was drained. The targeted pools are aETH/ETH, msETH/ETH, pETH/ETH and CRV/ETH. All remaining pools are safe and unaffected by the bug," Curve Finance said on Discord.
BlockSec, an auditing firm for smart contracts, noted that the reentrancy could potentially place all pools withwrapped Ether (WETH) at risk of attack.Please note that this reentrancy issue is associated with the use of "use_eth", which could potentially place the WETH-related pools in jeopardy! @CurveFinance , please DM us if you need any help. https://t.co/vjc1RRce7w pic.twitter.com/Wz8DXJZK7Y— BlockSec (@BlockSecTeam) July 30, 2023
Vyper is a contract programming language designed forEthereum Virtual Machine (EVM). It is considered one of the most widely used Web3 programming languages, which means the bug in three of its versions could have an impact on several other protocols.
The attack affects a number of decentralized finance projects, with Alchemix"s alETH-ETH reporting outflows of $13.6 million, PEGd’s pETH-ETH pool drained by $11.4 million, Metronome’s sETH-ETH pool hacked by $1.6 million and over 32 million in Curve DAO (CRV) tokens worth over $22 million drained over the past few hours. Decentralized exchange Ellipsis alsoreported that a small number of stable pools with BNB were exploited using an old Vyper compiler.crv/eth pool drained minutes before a whitehack operation :(https://t.co/rhALBzkTEi— banteg (@bantg) July 30, 2023
The incident also negatively affected CRV"s price, which was down over 12% at the time of writing at $0.64. Community members also noted a potential ripple effect on Aave"s protocol, as the falling price of CRV could force Curve"s founder Michael Egorov to liquidate a $70 million borrowing position on Aave.
Magazine: Should crypto projects ever negotiate with hackers? Probably# Bitcoin# Hackers# Hacks# DeFiAdd reactionAdd reactionRelated NewsWhat is profit and loss (PnL) and how to calculate itZero-knowledge tech development heats up amid bear marketWorldcoin is making reality look like a lot like Black MirrorCurve omnipool platform Conic Finance hacked for $3.2M in ETHAlphapo hot wallets hacked for over $31 millionConnext, Alchemix launch cross-chain token standard to reduce bridge exploit losses