Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Curve Finance Liquidity Pools Hack Explained

Curve Finance Liquidity Pools Hack Explained

Share via:

TL;DR
Date of Hack: July 30, 2023.
Amount Lost: $69 million.
Key Vulnerability: What was initially assumed as reentrancy turned out to be an inherent vulnerability in Vyper, a Pythonic programming language for Ethereum smart contracts used by Curve and other decentralized protocols.

What Happened

On July 30, 2023, Curve Finance – a popular DEX – fell victim to a reentrancy attack. But the root cause was way deeper than most people, including Curve, initially assumed. There was a bug in the Vyper programming language, causing a malfunction in the reentry guard that led to a theft of $69 million.

The hack was initiated with $11.5M from the NFT lending protocol, JPEG’d’s pETH-ETH pool. However, the attacker didn’t stop there:

JPEG’D lost $11.5M from the pETH/ETH pool
Alchemix lost $20.5M from the alETH/ETH pool
Metronome lost $1.6M from the msETH-ETH pool
And Curve itself lost $24.2M from the CRV/ETH pool

Meanwhile, another leading decentralized exchange, Ellipsis, reported a loss of $78,000 due to an attack on their BNB stable pools.

Around $69M was stolen; after all refunds, the total loss is about $20M.

The Ultimate Root Cause

Initially, Curve thought it was a “read-only reentrancy” issue that had plagued other protocols before. But the actual root cause was more fundamental. In this security breach, the root problem was a 0-day compiler bug in the older version of Vyper, which remained undetected until the attackers exploited it.

Vyper is a smart contract programming language tailored for the Ethereum Virtual Machine (EVM). The vulnerability was found on Vyper’s versions 0.2.15, 0.2.16 and 0.3.0.

This bug causes a mismatch in storage slots and disrupts the non-reentrant protection. This vulnerability permits attackers to intervene in transactions between these functions, distort LP token prices, and drain the pool.

It has affected other projects like Conic Finance and EraLend earlier.

Here’s what went wrong: The initial investigations highlighted that the Vyper compiler did not correctly implement the reentrancy guard to lock the contract. As a result, two functions, “add_liquidity” and “remove_liquidity,” had a mismatch in their storage.

As a result, the attackers could repeatedly insert transactions between these two functions, allowing them to manipulate LP token prices and deplete the pool of funds.

What Tools & Techniques Were Used To Exploit Curve?

The hackers used a combination of tactics to exploit Curve.fi. Here’s a breakdown:

Price manipulation with Vyper Compiler: Using the Vyper compiler vulnerability, the hackers altered stablecoin prices in pools like 3pool, sUSD, renBTC, and saave on Curve. They then traded these stablecoins for other tokens at inflated rates.
Flash loan: The hackers used flash loans that allow users to borrow cryptocurrency without providing collateral if they repay it in the same transaction. They borrowed over $100M worth of stablecoins from Aave, a DeFi lending platform, to maximize the impact of their attack.
Anonymity: The hackers took measures to conceal their identity and evade tracking by law enforcement, using multiple wallets, mixing services, and DEXs. Plus, they returned some of the stolen funds to Curve to mitigate legal consequences.

Hackers used reentracy bug to exploit the smart contract.

The Heroes

In a rare successful case, the white hat community was able to recover 70% of all losses. The heroes in this event were the Miner Extractable Value (MEV) bots and white hats from the ETH Security Community front-running the hackers’ transactions. Only in crypto, right?

C0ffeebabe.eth, an MEV bot operator, was one such white hat who returned 2,879 ETH to hacked DEX using a maximal extractable value Ethereum-arbitrage trading bot to front-run the hackers. However, for the rest of the amount, the efforts continued.

In a spirit of collaboration, Curve, Metronome, and Alchemix united on August 3. Their shared goal? To recover the remaining stolen funds.

They offered 10% ($7M) and promised to take no legal action if the full amount was to be returned by August 4. Surprisingly, the hackers returned 4,820.55 Alchemix ETH (alETH) to the Alchemix Finance team and 1 ETH to the Curve.fi team by August 5.

On August 6, Curve Finance declared a reward of 10% to anyone who could identify the hackers. The reason? Firstly, the deadline for the hacker had passed and only 70% of the stolen funds were returned.

At the time of writing, factoring in all the refunds made, the total losses have now settled at $20M.

Consequences & Reaction

The security incident stressed DeFi protocols, highlighting worries about its impact on the crypto market. This vulnerability could endanger all pools using Wrapped Ether (WETH).

The hack sent shockwaves through the DeFi community, causing many users to withdraw their funds from Curve and other Vyper-based protocols.

The total value locked in Curve plummeted by nearly half to $1.5 billion within a day of the hack.

As soon as news of the hacks spread, the CRV price dropped nearly 30% following the hack, falling to a low of $0.48 amid fears that Egorov’s collateralized loans would be liquidated.

This decline and the worry that the hackers might flood the market with their stolen CRV raised concerns about potential problems for other DeFi platforms.

One platform in particular, AAVE, faces the risk of debt because of a large borrowing position secured with CRV tokens, which is well-known to the public and managed by Egorov.

Post-Hack Security Measures & Lessons Learned

Curve and other protocols should not be blamed for the attack as it is quite hard to pinpoint where the blame lies. These compiler-level issues came as a surprise to all those involved.

Instead of targeting read-only reentrancy issues, the attackers went deeper, looking for a way into a more fundamental layer. Although this Vyper bug has caused hacks in the past, it still went unnoticed.

One effective way to avoid such hacks could be to audit both audit projects’ smart contracts and the underlying blockchain architecture. For instance, a blockchain protocol audit doesn’t merely assume the stability of the underlying language; it rigorously tests it. This could have made a significant difference in Curve’s scenario.

“It’s not that Curve was easily attacked and no one noticed; the attack must have taken months and was one of the most complex ever seen in DeFi. Unfortunately, the blame goes to the Vyper dev partially and to the Curve developers for choosing Vyper and not Solidity at that specific moment.”
– Carlo Parisi, Smart Contract Auditor

What else could be done?

Compiler version. Ensure that your code uses the stable compiler version. They are usually better audited and refactored. While no guarantees exist, it’s a crucial security practice to follow.

Comprehensive testing. Ensure thorough test coverage of the code to catch vulnerabilities before deployment. Proper testing decreases the possibility of future bugs.

Private mempools. Making it easier for white hats to recover stolen assets.

Responsible disclosure. This is a critical reminder for bug hunters. Refrain from prematurely revealing discovered vulnerabilities to prevent potential misuse by hackers and give users a chance to withdraw funds.

Follow @hackenclub on 𝕏 (Twitter)