Conic Finance Hacked Twice: PeckShield Audit Failures Raise Security Concerns
Key Points:
- Conic Finance faced a second hack, sparking discussions on security audits.
- PeckShield audited the project but the hack occurred outside the audit scope.
- SlowMist warned that audits can be bypassed, while Shenyu suggested audit companies be accountable to users.
Conic Finance recently faced a second hack, raising questions about security audits. PeckShield audited the project, but the hack occurred outside the scope. SlowMist warns that audits can be bypassed, while Shenyu suggests audit companies be accountable to users.
Conic Finance, a liquidity provider platform, was recently hacked for the second time, sparking discussions on security audits. The project had been audited by PeckShield, but the hack occurred in the CurveLPOracleV2 contract, which was not part of the audit scope. SlowMist pointed out that if a project intends to do evil, it can bypass an audit. Shenyu from Cobo suggested that audit companies should be accountable to and paid by users.
According to PeckShield, a blockchain security firm, their initial analysis suggests that the root cause of the recent hack on Conic Finance was the new CurveLPOracleV2 contract. In addition, their audit of the project identified a similar read-only reentrancy issue. However, this issue was not part of the audit scope.
Despite the security concerns, Conic Finance offers an easy-to-use platform for liquidity providers to diversify their exposure to multiple Curve pools. They introduce Conic Omnipools, which allocate liquidity in a single asset across multiple Curve pools, giving liquidity providers exposure to multiple Curve pools through a single LP token.
Additionally, all Curve LP tokens are automatically staked on Convex to earn CVX and CRV rewards, while Conic LPs receive CNC, the Conic DAO token. Liquidity in an Omnipool is allocated to Curve pools based on target allocation weights, which get updated regularly through a liquidity allocation vote held by the vote-locked CNC holders.
Omnipools are liquidity pools that Conic utilizes to allocate a single underlying asset across various Curve pools. The core mechanisms of Omnipools are: deposits and withdrawals, Curve LP token pricing, and rebalancing liquidity across Curve pools.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.