TL;DR Date of Hack: July 30, 2023. Amount Lost: $69 million. Key Vulnerability: What was initially assumed as reentrancy turned out to be an inherent vulnerability in Vyper, a Pythonic programming language for Ethereum smart contracts used by Curve and other decentralized protocols.
What Happened
On July 30, 2023, Curve Finance β a popular DEX β fell victim to a reentrancy attack. But the root cause was way deeper than most people, including Curve, initially assumed. There was a bug in the Vyper programming language, causing a malfunction in the reentry guard that led to a theft of $69 million.
The hack was initiated with $11.5M from the NFT lending protocol, JPEGβdβs pETH-ETH pool. However, the attacker didnβt stop there:
JPEGβD lost $11.5M from the pETH/ETH pool
Alchemix lost $20.5M from the alETH/ETH pool
Metronome lost $1.6M from the msETH-ETH pool
And Curve itself lost $24.2M from the CRV/ETH pool
Meanwhile, another leading decentralized exchange, Ellipsis, reported a loss of $78,000 due to an attack on their BNB stable pools.
Around $69M was stolen; after all refunds, the total loss is about $20M.
The Ultimate Root Cause
Initially, Curve thought it was a βread-only reentrancyβ issue that had plagued other protocols before. But the actual root cause was more fundamental. In this security breach, the root problem was a 0-day compiler bug in the older version of Vyper, which remained undetected until the attackers exploited it.
Vyper is a smart contract programming language tailored for the Ethereum Virtual Machine (EVM). The vulnerability was found on Vyperβs versions 0.2.15, 0.2.16 and 0.3.0.
This bug causes a mismatch in storage slots and disrupts the non-reentrant protection. This vulnerability permits attackers to intervene in transactions between these functions, distort LP token prices, and drain the pool.
It has affected other projects like Conic Finance and EraLend earlier.
Hereβs what went wrong: The initial investigations highlighted that the Vyper compiler did not correctly implement the reentrancy guard to lock the contract. As a result, two functions, βadd_liquidityβ and βremove_liquidity,β had a mismatch in their storage.
As a result, the attackers could repeatedly insert transactions between these two functions, allowing them to manipulate LP token prices and deplete the pool of funds.
What Tools & Techniques Were Used To Exploit Curve?
The hackers used a combination of tactics to exploit Curve.fi. Hereβs a breakdown:
Price manipulation with Vyper Compiler: Using the Vyper compiler vulnerability, the hackers altered stablecoin prices in pools like 3pool, sUSD, renBTC, and saave on Curve. They then traded these stablecoins for other tokens at inflated rates.
Flash loan: The hackers used flash loans that allow users to borrow cryptocurrency without providing collateral if they repay it in the same transaction. They borrowed over $100M worth of stablecoins from Aave, a DeFi lending platform, to maximize the impact of their attack.
Anonymity: The hackers took measures to conceal their identity and evade tracking by law enforcement, using multiple wallets, mixing services, and DEXs. Plus, they returned some of the stolen funds to Curve to mitigate legal consequences.
The Heroes
In a rare successful case, the white hat community was able to recover 70% of all losses. The heroes in this event were the Miner Extractable Value (MEV) bots and white hats from the ETH Security Community front-running the hackersβ transactions. Only in crypto, right?
C0ffeebabe.eth, an MEV bot operator, was one such white hat who returned 2,879 ETH to hacked DEX using a maximal extractable value Ethereum-arbitrage trading bot to front-run the hackers. However, for the rest of the amount, the efforts continued.
In a spirit of collaboration, Curve, Metronome, and Alchemix united on August 3. Their shared goal? To recover the remaining stolen funds.
They offered 10% ($7M) and promised to take no legal action if the full amount was to be returned by August 4. Surprisingly, the hackers returned 4,820.55 Alchemix ETH (alETH) to the Alchemix Finance team and 1 ETH to the Curve.fi team by August 5.
On August 6, Curve Finance declared a reward of 10% to anyone who could identify the hackers. The reason? Firstly, the deadline for the hacker had passed and only 70% of the stolen funds were returned.
At the time of writing, factoring in all the refunds made, the total losses have now settled at $20M.
The security incident stressed DeFi protocols, highlighting worries about its impact on the crypto market. This vulnerability could endanger all pools using Wrapped Ether (WETH).
The hack sent shockwaves through the DeFi community, causing many users to withdraw their funds from Curve and other Vyper-based protocols.
The total value locked in Curve plummeted by nearly half to $1.5 billion within a day of the hack.
As soon as news of the hacks spread, the CRV price dropped nearly 30% following the hack, falling to a low of $0.48 amid fears that Egorovβs collateralized loans would be liquidated.
This decline and the worry that the hackers might flood the market with their stolen CRV raised concerns about potential problems for other DeFi platforms.
One platform in particular, AAVE, faces the risk of debt because of a large borrowing position secured with CRV tokens, which is well-known to the public and managed by Egorov.
Post-Hack Security Measures & Lessons Learned
Curve and other protocols should not be blamed for the attack as it is quite hard to pinpoint where the blame lies. These compiler-level issues came as a surprise to all those involved.
Instead of targeting read-only reentrancy issues, the attackers went deeper, looking for a way into a more fundamental layer. Although this Vyper bug has caused hacks in the past, it still went unnoticed.
One effective way to avoid such hacks could be to audit both audit projectsβ smart contracts and the underlying blockchain architecture. For instance, a blockchain protocol audit doesnβt merely assume the stability of the underlying language; it rigorously tests it. This could have made a significant difference in Curveβs scenario.
βItβs not that Curve was easily attacked and no one noticed; the attack must have taken months and was one of the most complex ever seen in DeFi. Unfortunately, the blame goes to the Vyper dev partially and to the Curve developers for choosing Vyper and not Solidity at that specific moment.β β Carlo Parisi, Smart Contract Auditor
What else could be done?
Compiler version. Ensure that your code uses the stable compiler version. They are usually better audited and refactored. While no guarantees exist, itβs a crucial security practice to follow.
Comprehensive testing. Ensure thorough test coverage of the code to catch vulnerabilities before deployment. Proper testing decreases the possibility of future bugs.
Private mempools. Making it easier for white hats to recover stolen assets.
Responsible disclosure. This is a critical reminder for bug hunters. Refrain from prematurely revealing discovered vulnerabilities to prevent potential misuse by hackers and give users a chance to withdraw funds.
The blockchain industry has been grappling with scalability issues, which have hindered widespread adoption due to its technical constraints. As the demand for blockchain, decentralized applications (dApps), and transactions increases, the limitations of existing networks become increasingly apparent. High transaction fees and network congestion have plagued platforms like Ethereum, hampering their ability to support large-scale
The experimental semi-fungible token standard, ERC-404, combines elements from ERC-20 and ERC-721 tokens. Despite rising popularity, it has yet to secure an official Ethereum Improvement Proposal (EIP) designation. However, its unique attributes, such as enabling fractional ownership of NFTs and enhancing liquidity, coupled with the potential for automated NFT minting and burning processes, suggest a
Decentralized applications (dApps) are software that run on a decentralized network, often using blockchain technology. These applications can serve various purposes for end users, such as brokers, art collectors, traders, investors, and documents of public trust. However, their functionality and value attract malicious groups aiming to exploit vulnerabilities for financial gain. This article explores real-world examples of dApp security breaches, their attack vectors, and the lessons learned.