Series of Exploits Hit Curve Finance’s Liquidity Pools
Key Points:
- Curve Finance faces multiple exploits on its liquidity pools, resulting in significant losses for projects like Conic Finance, JPEG’d, Metronome, and Alchemix.
- Speculated reasons include vulnerabilities in programming language versions and manipulation of the “get_virtual_price” function, highlighting the need for enhanced security measures in the DeFi space.
Curve Finance, a prominent decentralized finance (DeFi) protocol, has been facing a wave of attacks on its liquidity pools, resulting in substantial losses for multiple projects.
The recent incidents, involving Conic Finance, JPEG’d, Metronome, and Alchemix, have raised concerns within the DeFi community. The string of attacks began with Conic Finance on July 21, where assets were drained due to a connection with LP Tokens on Curve Finance. Subsequently, on July 30, the Lending NFT JPEG’d project reported an exploit involving the pETH-ETH liquidity pool on Curve Finance, resulting in an $11 million loss.
The same day, Metronome also suffered a $1.6 million loss following a similar exploit. Additionally, Alchemix’s alETH became a victim, experiencing an estimated $13.6 million loss linked to a liquidity pool on Curve.
The exact reasons behind these exploits have not been fully disclosed at this time. However, the community has speculated two primary factors. First, vulnerabilities in versions 0.2.15/0.2.16/0.3.0 of the VyperLang programming language are suspected. These versions lack the Re-Entrancy anti-attack filter, enabling hackers to execute rounding attacks and withdraw funds from liquidity pools.
The second conjecture, outlined in a ChainSecurity document, centers on Curve Finance‘s “get_virtual_price” function. This function, determining the market price of LP Tokens, can potentially be manipulated by Re-Entrancy hackers to create a withdrawal loop and manipulate the oracle price index.
Notably, the ChainSecurity document clarifies that this vulnerability does not impact Curve pools internally. Instead, it may affect platforms utilizing Curve’s LP Tokens as collateral, enabling false loan withdrawals.
Curve Finance and affected projects are likely to collaborate closely with the community to analyze and address the root causes of these attacks. It is essential for the DeFi ecosystem to implement robust security measures and foster transparency to instill confidence in users and maintain the sustainable growth of the DeFi sector.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Chubbi
Coincu News
Author
News
Series of Exploits Hit Curve Finance’s Liquidity Pools
Key Points:
- Curve Finance faces multiple exploits on its liquidity pools, resulting in significant losses for projects like Conic Finance, JPEG’d, Metronome, and Alchemix.
- Speculated reasons include vulnerabilities in programming language versions and manipulation of the “get_virtual_price” function, highlighting the need for enhanced security measures in the DeFi space.
Curve Finance, a prominent decentralized finance (DeFi) protocol, has been facing a wave of attacks on its liquidity pools, resulting in substantial losses for multiple projects.
The recent incidents, involving Conic Finance, JPEG’d, Metronome, and Alchemix, have raised concerns within the DeFi community. The string of attacks began with Conic Finance on July 21, where assets were drained due to a connection with LP Tokens on Curve Finance. Subsequently, on July 30, the Lending NFT JPEG’d project reported an exploit involving the pETH-ETH liquidity pool on Curve Finance, resulting in an $11 million loss.
The same day, Metronome also suffered a $1.6 million loss following a similar exploit. Additionally, Alchemix’s alETH became a victim, experiencing an estimated $13.6 million loss linked to a liquidity pool on Curve.
The exact reasons behind these exploits have not been fully disclosed at this time. However, the community has speculated two primary factors. First, vulnerabilities in versions 0.2.15/0.2.16/0.3.0 of the VyperLang programming language are suspected. These versions lack the Re-Entrancy anti-attack filter, enabling hackers to execute rounding attacks and withdraw funds from liquidity pools.
The second conjecture, outlined in a ChainSecurity document, centers on Curve Finance‘s “get_virtual_price” function. This function, determining the market price of LP Tokens, can potentially be manipulated by Re-Entrancy hackers to create a withdrawal loop and manipulate the oracle price index.
Notably, the ChainSecurity document clarifies that this vulnerability does not impact Curve pools internally. Instead, it may affect platforms utilizing Curve’s LP Tokens as collateral, enabling false loan withdrawals.
Curve Finance and affected projects are likely to collaborate closely with the community to analyze and address the root causes of these attacks. It is essential for the DeFi ecosystem to implement robust security measures and foster transparency to instill confidence in users and maintain the sustainable growth of the DeFi sector.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Chubbi
Coincu News
Other Posts
Related Posts
Sponsored Articles
Cardano (ADA), Ripple (XRP), And ETFSwap (ETFS) Are The Altcoins To Hold When Spot Bitcoin ETFs Inflow Return
Press Releases
Buying Opportunity Amid Bitcoin Dip: Promising Run-to-Earn Token 99BTC
Press Releases
PlayDoge ($PLAY) Achieves $5 Million Milestone in ICO, a Tamagotchi-Style Meme Coin
News
Binance Launches USDT Integration with Toncoin Network for Fast Transactions!
News
Ethereum Gas Prices Reach Historic Low Under 3 Gwei Following Dencun Upgrade
News
Bitcoin Whale Wallets With Over 1,000 BTC Are Almost At A New All Time High
News
Ripple’s XRP Sale Worth $78 Million Is Putting Great Pressure on Token Prices
News
LayerZero Token Airdrop Rules Announced, Early Transactions Will Be Eewarded 3x
Latest
Wall Street Crypto Is Poised To Win More Battles With SEC: Report
21Shares Files For Spot Solana ETF, Spurring Market Excitement
Press Release
Turn Your Crypto Wallet From Bronze To Gold With These 3000x Tokens Brett & Mpeppe (MPEPE)
