Update (July 30, at 7:55 pm UTC): This article has been updated to provide more details about the exploit
Several stable pools on Curve Finance using Vyper were exploited on July 30, with losses reaching over $47 million. According to Vyper, its 0.2.15, 0.2.16 and 0.3.0 versions are vulnerable to malfunctioning reentrancy locks.
“The investigation is ongoing but any project relying on these versions should immediately reach out to us,” Vyper wrote on X. Based on an analysis of affected contracts by security firm Ancilia, 136 contracts used Vyper 0.2.15 with reentrant protection, 98 contracts used Vyper 0.2.16 and 226 contracts used Vyper 0.3.0.
A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.
Other pools are safe. https://t.co/eWy2d3cDDj
— Curve Finance (@CurveFinance) July 30, 2023
According to initial investigation, some versions of the Vyper compiler do not correctly implement the reentrancy guard, which prevents multiple functions from being executed at the same time by locking a contract. Reentrancy attacks can potentially drain all funds from a contract.
Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM). Vyper’s similarities to Python make the language one of the starting points for Python developers jumping into Web3.
A number of decentralized finance projects were affected by the attack. Decentralized exchange Ellipsis reported that a small number of stable pools with BNB were exploited using an old Vyper compiler. Alchemix’s alETH-ETH also witnessed $13.6 million outflow, along with $11.4 million exploited on
Go to Source to See Full Article
Author: Ana Paula Pereira
Tip BTC Newswire with Cryptocurrency
Donate Bitcoin to BTC Newswire
Donate Bitcoin Cash to BTC Newswire
Donate Ethereum to BTC Newswire
Donate Litecoin to BTC Newswire
Donate Monero to BTC Newswire
Donate ZCash to BTC Newswire
