Transform your $HAI holdings into Hacken shareholder status. Only 100 slots available. > Learn more and join the waitlist here.

  • Hacken
  • Blog
  • Discover
  • Curve Finance Liquidity Pools Hack Explained

Curve Finance Liquidity Pools Hack Explained

By Hacker Hacken

Share via:

TL;DR
Date of Hack: July 30, 2023.
Amount Lost: $69 million.
Key Vulnerability: What was initially assumed as reentrancy turned out to be an inherent vulnerability in Vyper, a Pythonic programming language for Ethereum smart contracts used by Curve and other decentralized protocols.

What Happened

On July 30, 2023, Curve Finance – a popular DEX – fell victim to a reentrancy attack. But the root cause was way deeper than most people, including Curve, initially assumed. There was a bug in the Vyper programming language, causing a malfunction in the reentry guard that led to a theft of $69 million.

The hack was initiated with $11.5M from the NFT lending protocol, JPEG’d’s pETH-ETH pool. However, the attacker didn’t stop there:

  • JPEG’D lost $11.5M from the pETH/ETH pool
  • Alchemix lost $20.5M from the alETH/ETH pool
  • Metronome lost $1.6M from the msETH-ETH pool
  • And Curve itself lost $24.2M from the CRV/ETH pool

Meanwhile, another leading decentralized exchange, Ellipsis, reported a loss of $78,000 due to an attack on their BNB stable pools.

Around $69M was stolen; after all refunds, the total loss is about $20M.

The Ultimate Root Cause

Initially, Curve thought it was a “read-only reentrancy” issue that had plagued other protocols before. But the actual root cause was more fundamental. In this security breach, the root problem was a 0-day compiler bug in the older version of Vyper, which remained undetected until the attackers exploited it.

Vyper is a smart contract programming language tailored for the Ethereum Virtual Machine (EVM). The vulnerability was found on Vyper’s versions 0.2.15, 0.2.16 and 0.3.0.

This bug causes a mismatch in storage slots and disrupts the non-reentrant protection. This vulnerability permits attackers to intervene in transactions between these functions, distort LP token prices, and drain the pool.

It has affected other projects like Conic Finance and EraLend earlier.

Here’s what went wrong: The initial investigations highlighted that the Vyper compiler did not correctly implement the reentrancy guard to lock the contract. As a result, two functions, “add_liquidity” and “remove_liquidity,” had a mismatch in their storage. 

As a result, the attackers could repeatedly insert transactions between these two functions, allowing them to manipulate LP token prices and deplete the pool of funds.

What Tools & Techniques Were Used To Exploit Curve?

The hackers used a combination of tactics to exploit Curve.fi. Here’s a breakdown:

  • Price manipulation with Vyper Compiler: Using the Vyper compiler vulnerability, the hackers altered stablecoin prices in pools like 3pool, sUSD, renBTC, and saave on Curve. They then traded these stablecoins for other tokens at inflated rates.
  • Flash loan: The hackers used flash loans that allow users to borrow cryptocurrency without providing collateral if they repay it in the same transaction. They borrowed over $100M worth of stablecoins from Aave, a DeFi lending platform, to maximize the impact of their attack.
  • Anonymity: The hackers took measures to conceal their identity and evade tracking by law enforcement, using multiple wallets, mixing services, and DEXs. Plus, they returned some of the stolen funds to Curve to mitigate legal consequences.

Hackers used reentracy bug to exploit the smart contract.

The Heroes

In a rare successful case, the white hat community was able to recover 70% of all losses. The heroes in this event were the Miner Extractable Value (MEV) bots and white hats from the ETH Security Community front-running the hackers’ transactions. Only in crypto, right?

C0ffeebabe.eth, an MEV bot operator, was one such white hat who returned 2,879 ETH to hacked DEX using a maximal extractable value Ethereum-arbitrage trading bot to front-run the hackers. However, for the rest of the amount, the efforts continued. 

In a spirit of collaboration, Curve, Metronome, and Alchemix united on August 3. Their shared goal? To recover the remaining stolen funds.

They offered 10% ($7M) and promised to take no legal action if the full amount was to be returned by August 4. Surprisingly, the hackers returned 4,820.55 Alchemix ETH (alETH) to the Alchemix Finance team and 1 ETH to the Curve.fi team by August 5.

On August 6, Curve Finance declared a reward of 10% to anyone who could identify the hackers. The reason? Firstly, the deadline for the hacker had passed and only 70% of the stolen funds were returned.

At the time of writing, factoring in all the refunds made, the total losses have now settled at $20M.

Visual chart
Source: Chainalysis

Consequences & Reaction

The security incident stressed DeFi protocols, highlighting worries about its impact on the crypto market. This vulnerability could endanger all pools using Wrapped Ether (WETH).

The hack sent shockwaves through the DeFi community, causing many users to withdraw their funds from Curve and other Vyper-based protocols. 

The total value locked in Curve plummeted by nearly half to $1.5 billion within a day of the hack.

As soon as news of the hacks spread, the CRV price dropped nearly 30% following the hack, falling to a low of $0.48 amid fears that Egorov’s collateralized loans would be liquidated.

This decline and the worry that the hackers might flood the market with their stolen CRV raised concerns about potential problems for other DeFi platforms.

One platform in particular, AAVE, faces the risk of debt because of a large borrowing position secured with CRV tokens, which is well-known to the public and managed by Egorov.

Post-Hack Security Measures & Lessons Learned

Curve and other protocols should not be blamed for the attack as it is quite hard to pinpoint where the blame lies. These compiler-level issues came as a surprise to all those involved. 

Instead of targeting read-only reentrancy issues, the attackers went deeper, looking for a way into a more fundamental layer. Although this Vyper bug has caused hacks in the past,  it still went unnoticed.

One effective way to avoid such hacks could be to audit both audit projects’ smart contracts and the underlying blockchain architecture. For instance, a blockchain protocol audit doesn’t merely assume the stability of the underlying language; it rigorously tests it. This could have made a significant difference in Curve’s scenario.

“It’s not that Curve was easily attacked and no one noticed; the attack must have taken months and was one of the most complex ever seen in DeFi. Unfortunately, the blame goes to the Vyper dev partially and to the Curve developers for choosing Vyper and not Solidity at that specific moment.”
Carlo Parisi, Smart Contract Auditor

What else could be done?

Compiler version. Ensure that your code uses the stable compiler version. They are usually better audited and refactored. While no guarantees exist, it’s a crucial security practice to follow.

Comprehensive testing. Ensure thorough test coverage of the code to catch vulnerabilities before deployment. Proper testing decreases the possibility of future bugs.

Private mempools. Making it easier for white hats to recover stolen assets.

Responsible disclosure. This is a critical reminder for bug hunters. Refrain from prematurely revealing discovered vulnerabilities to prevent potential misuse by hackers and give users a chance to withdraw funds.

Follow @hackenclub on 𝕏 (Twitter)

subscribe image
promotion image
IMPORTANT

Subscribe to our newsletter

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

Read next:

More related
  • Blog image
    DISCOVERINSIGHTS
    Onyx Protocol Hack Explained: A Deeper Dive Into $2.1M Exploit Hacker H.
  • Blog image
  • Blog image

Get our latest updates and expert insights on Web3 security