Several Curve Finance liquidity pools were attacked on July 30 due to a vulnerability found in the programming language Vyper. Vyper is a contract programming language created for the Ethereum Virtual Machine (EVM).
Curve Finance is one of the key decentralized finance (DeFi) protocol due to the key liquidity services it offers, thus the code vulnerability has put nearly $100 million worth of digital assets at risk.
The vulnerability was found in the version 0.2.15, 0.2.16 and 0.3.0 leading to a malfunctioning reentrancy lock. As a result, millions were drained from four Curve pools namely aETH/ETH, msETH/ETH, pETH/ETH and CRV/ETH. The flaw in three of its variants may have an effect on a number of other protocols.
Please note that this reentrancy issue is associated with the use of 'use_eth', which could potentially place the WETH-related pools in jeopardy! @CurveFinance , please DM us if you need any help. https://t.co/vjc1RRce7w pic.twitter.com/Wz8DXJZK7Y
The price of the native token of Curve Finance (CRV) collapsed on the DeFi market due to the significant draining of several of its pools, however, it was eventually saved by the centralized exchange price feed. CRV price hit $0.086 on decentralized exchanges (DEX) but was trading at $0.60 on centralized exchanges (CEX), thus saving the price of the native token from collapsing to zero.
Related: Pro-XRP lawyer claims SEC prioritizes corporate capitalism over investors
Curve pools use Chainlink’s oracle system that incorporates several price feeds including centralized exchanges as well. If not for the CEX price feed the Curve Finance would have collapsed. This ironic incident drew the attention of Binance CEO Changpeng Zhao as well who chuckled at the fact that
Read more on cointelegraph.com