#1 Supplier
in Australia
by over 6000 clients
Book A Free Consultation

CRV Token Plunges as Curve Finance Risks $100M Exploit

CRV Token Vulnerability Exposes $100M in DeFi

CRV Token and Curve Finance, a key player in Ethereum’s DeFi ecosystem, faced a significant exploit due to a bug exposing over $100 million in cryptocurrency. The exploit, which occurred on July 30, targeted stable pools implemented using the Vyper programming language. It revealed vulnerabilities in Vyper versions 0.2.15, 0.2.16, and 0.3.0. A “re-entrancy” bug allowed hackers to drain stablecoin pools, severely affecting pricing and liquidity across various DeFi services.

CRV Token and a programmer

Security firm Ancilia revealed that 136 contracts used Vyper 0.2.15 with re-entrancy protection, 98 contracts relied on Vyper 0.2.16, and 226 contracts used Vyper 0.3.0. Projects using these versions were advised to contact Vyper promptly for further action.

Preliminary investigations found that certain Vyper compiler iterations lacked proper re-entrancy guard implementation, making contracts susceptible to re-entrancy attacks that could deplete funds. Vyper, a pythonic language for the Ethereum Virtual Machine, shares similarities with Python, making it accessible to developers familiar with Python and entering the Web3 space.

Other projects using the Vyper language may also face similar vulnerabilities, and an investigation is ongoing.

The security breach impacted trading markets for Curve DAO’s CRV token, causing a -16.5% decline with the token trading at $0.615. This drop posed a risk of triggering a liquidation event on the founder of Curve’s $70 million borrowing position on Aave.

CRV/Teter chart

About the author

Leave a Reply