Certain Curve factory pools, such as those managed by AlchemixFi and JPEG’d, fell victim to exploitation due to a critical flaw in the Vyper language. Vyper is a smart contract programming language that shares similarities with Solidity. Preliminary findings indicate that certain versions of the Vyper compiler failed to adequately implement a re-entrancy guard, thereby exposing several projects to potential attacks of this nature.
In particular, attackers took advantage of this vulnerability to exploit the mentioned Curve factory pools operated by AlchemixFi and JPEG’d. These pools likely lacked sufficient protection against re-entrancy attacks, which allowed malicious actors to manipulate the smart contracts and siphon off funds or engage in other illicit activities.
In a recent tweet, Vyper made an announcement about the vulnerability of certain versions and advised projects dependent on those versions to contact them promptly.
PSA: Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks. The investigation is ongoing but any project relying on these versions should immediately reach out to us.
— Vyper (@vyperlang) July 30, 2023
As a result of the exploit, AlchemixFi incurred losses of approximately $13 million, JPEG’d suffered an $11 million loss, MetronomeDAO faced a $1.6 million setback, while Ellipsis Finance and Debridge Finance experienced losses of about $68,600 and $24,600, respectively.
— PeckShieldAlert (@PeckShieldAlert) July 30, 2023
Vyper was developed with the primary goal of enhancing smart contract development by prioritizing security and promoting simplicity and clarity in its syntax. By emphasizing readability and avoiding complex features, Vyper significantly reduces the risk of errors and potential vulnerabilities, ultimately ensuring a safer environment for DeFi protocols. This approach has led to the widespread adoption of Vyper as a reliable and user-friendly language for creating secure and auditable smart contracts on the EVM. As the DeFi ecosystem continues to grow rapidly, Vyper remains a popular choice due to its efficiency and its ability to address the security concerns of the industry.
The Reentrancy attack on Curve Finance via Vyper’s exploit
Vyper smart contract
This reentrancy issue is linked to the utilization of ‘use_eth,’ a situation that might endanger the WETH-related pools.
The attacks began at roughly 9:30 am ET, starting with an exploit of JPEG’d’s pETH-ETH liquidity pool, resulting in over $11 million being drained. However, it’s possible that this was frontrun by an MEV searcher.
In addition to this, four other attacks, potentially carried out by different actors, targeted various pools: Alchemix’s alETH-ETH pool, the CRV/ETH pool (twice), Pendle’s pETH-ETH pool, and Metronome’s msETH-ETH pool, resulting in a combined loss of over $70 million. Some of these hacks were reportedly executed by whitehat hackers, meaning that the total amount lost could be closer to $50 million.
JPEGd pETH Exploiter 1
JPEGd pETH Exploiter 2
At approximately 4:30 pm ET, a statement on the Curve Discord by team representative “mimaklas” mentioned that “all affected pools have been drained or white hacked.” They reassured that all remaining pools were safe and unaffected by the bug. However, a Curve representative declined to comment.
Despite these public statements, the attacks might still be ongoing. Just two hours after mimaklas’ message, another exploit of the CRV-ETH pool resulted in an additional $5.2 million being drained.
With $3 billion in liquidity, Curve holds the position of the second-largest and most structurally significant DEX in DeFi. It plays a crucial role in stablecoin swap markets, which fortunately were not impacted by the attacks. Following the security breaches, Curve’s CRV governance and rewards token experienced a decline of 13.4%, falling to $0.64, after reaching as low as $0.58 earlier in the day.
0-Day Bug and Smart Contract Exploits
Series of thefts occurred due to a zero-day vulnerability in certain versions of the Vyper compiler. Vyper is a programming language used for multiple contracts by Curve, a prominent decentralized finance (DeFi) project. The vulnerability was related to the “reentrancy” prevention mechanism, which failed to function as intended. Reentrancy attacks are a well-known method used by attackers to exploit smart contracts.
Following the disclosure of the vulnerability, there was some blame-shifting between development teams involved. The official Curve Twitter account initially pointed fingers at JPEG’d developers for the exploit, but the JPEG’d team defended themselves. It’s worth noting that Curve has supported the Vyper team in the past by funding its development and actively participating in the maintenance of the Vyper codebase.
Alchemix Contract Pauses and Exploits
One of the protocols significantly affected by the attack was Alchemix. As a result, Alchemix halted several contracts to prevent the attacker from swapping alETH (a synthetic ether derivative) for native ETH. This included a bridge to Optimism, where the AMM Velodrome held $4.4 million in liquidity in an alETH pool, and the “transmuter” contract, which facilitated 1-to-1 exchanges of alETH for ETH.
The attackers managed to take 5,000 ETH from the alETH-ETH pool, potentially leaving the alETH asset partially unbacked. However, the extent of the damage is uncertain, as some of the attacks might have been whitehat operations (ethical hacking to uncover vulnerabilities). In one instance, a user unrelated to the initial exploits took advantage of the vulnerability to exchange 5 ETH for 1200 alETH, which they subsequently transferred to another address for selling.
At the time of the incident, the market value of alETH was trading at $1,476 relative to native ETH valued at $1,887, suggesting a 22% lack of backing. The total market capitalization of alETH stood at $68 million, with $38 million on the Ethereum mainnet alone. Following the exploit, Alchemix’s governance token ALCX experienced a 7% decline in value.
Concerns about Contagion and Ripple Effects
Apart from the direct economic damage caused by the attacks, observers are worried about potential ripple effects on the DeFi ecosystem. An area of particular concern is related to Curve Finance founder Michael Egorov’s $60 million Aave V2 loan. This loan relies heavily on CRV tokens, and its value surpasses what the protocol could readily liquidate, raising concerns about the possibility of bad debt.
However, Egorov’s position currently appears stable after adding collateral to the protocol and paying down a significant portion of the debt.
Potential Recovery Efforts
In the aftermath of the hacks, some of the funds stolen, which were not taken by whitehat hackers, have been recovered. Three of the five exploits were frontrun by MEV (Miner Extractable Value) searchers. In particular, the attacks on the pETH-ETH pool, the msETH-ETH pool, and the second attack on the CRV-ETH pool were frontrun by an account named coffeebabe.eth, known for engaging in MEV strategies.
Coffeebabe.eth’s address remained active during the ordeal and conducted various trades, including frontrunning the attacks. Interestingly, there are indications that the frontruns might have been autonomous actions by the account, with no active involvement or knowledge by the account owner. Curve communicated with Coffeebabe.eth on-chain, and the account expressed its intention to move the exploited funds to cold storage and return the funds to affected parties, indicating a willingness to assist in recovery efforts.
The incident has raised concerns within the blockchain and smart contract development community, prompting developers to scrutinize their codebases more diligently and emphasize the importance of rigorous security audits. Furthermore, it underscores the need for continuous improvement and vigilance in programming languages like Vyper, ensuring that potential loopholes are promptly identified and addressed to maintain the integrity of decentralized financial systems and applications.