Popular decentralized finance (DeFi) protocol Curve Finance has awarded a security researcher $250,000 for discovering a critical vulnerability that has historically enabled hackers to siphon off millions of dollars from cryptocurrency protocols.
The researcher, known as Marco Croc from Kupia Security, identified a reentrancy vulnerability in Curve Finance and elaborated on the bug’s potential for manipulating balances and withdrawing funds from liquidity pools.
Acknowledging the severity of the vulnerability, Curve Finance conducted a thorough investigation and subsequently granted Marco Croc the maximum bug bounty award .
Even though the threat was categorized as “not as dangerous,” the protocol said they recognized the potential panic that could have ensued had a security incident occurred.
With this reward, Curve Finance aims to incentivize responsible security research and strengthen its defenses against potential exploits.
This development comes in the wake of Curve Finance’s recovery from a $62 million hack in July.
As part of the protocol’s restoration efforts, it recently voted to reimburse $49.2 million worth of assets to liquidity providers (LPs).
The disbursement was approved by 94% of tokenholders, covering losses incurred in the Curve, JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET) pools.
Just wanted to emphasize the scale of this. Victims are made whole with this vote with:
– $7.2M worth of ETH recovered by whitehats to the DAO being distributed
– $42M worth of CRV compensating unrecovered parts (vested)
– Other whitehat-recovered funds distributed before vote https://t.co/qmcK9pmTe5
— Curve Finance (@CurveFinance) December 22, 2023
The reimbursement plan involves the use of Curve DAO
Read more on cryptonews.com