On Sunday, July 30, susceptibility arising in the Vyper programming often utilized in the decentralized finance (DeFi) protocol led to the attack. The attackers targeted Curve Finance resulting in the exploitation of several liquidity pools.
A vulnerability identified in the Vyper programming language on July 30 resulted in the attack of numerous Curve Finance liquidity pools. Vyper refers to a programming language for contracts developed for the Ethereum Virtual Machine (EVM).
CEX Price Feed Saved Token From Imminent Plunge
Curve Finance is one of the critical DeFi protocols owing to its essential liquidity services, and the susceptibility of the code has placed digital assets worth nearly $100 million at risk. Further, this issue was found in three versions, including 0.2.15, 0.2.16, and 0.3.0, resulting in a nonfunctional reentrancy lock. Millions of dollars were ultimately extracted from four Curves, including msETH/ETH, aETH/ETH, CRV/ETH, and pETH/ETH. Several other protocols could be affected by the faults in three of the variants.
The CRV native token’s price experienced a drop in the decentralized finance market owing to the considerable draining of numerous pools. Nevertheless, the centralized exchange price feed saved it. On DeFi, the price of CRV reached $0.086. However, on the centralized exchanges (CEXs), it traded at $0.60, saving the token from plunging to zero.
Binance Chief Executive Restates Need to Upgrade Code Libraries
Curve pools utilize the Oracle system by Chainlink that integrates numerous price feeds, which include centralized exchanges. The lack of CEX price feed would have led to Curve Finance’s collapse. The irony in the post-attack development attracted the attention of Changpeng Zhao, Binance’s chief executive officer. He joked that the DeFi protocol was ultimately saved by a CEX price feed.
Changpeng Zhao claimed that since Binance’s code had been updated to the most current version, Vyper’s susceptibility did not affect it. Besides, he revisited the essence of upgrading code libraries.
There is a belief that the bug identified in the previous Vyper code versions is at least one and a half years old. Besides, it is believed the exploiter delved deeper into the release history to locate an exploitable problem for a big protocol containing millions of dollars at stake. According to a Vyper program contributor on X (Twitter), the amount of resources and time utilized in this exploit shows the likely involvement of a state-sponsored attack.
SureTradeGroup.com is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Some of the content on this site is paid content that is not written or posted by our writers or editors and the opinions expressed do not reflect the opinions of this website. Any disagreement you may have with brands or companies mentioned in articles will need to be taken care of directly with those specific brands and companies. The responsibility of anyone who may click links in our articles and ultimately sign up for that product or service is their own. Forex, Stocks, Cryptocurrencies, NFTs and Dogital Tokens are all a high-risk asset, investing in them can lead to losses. Readers should do their own research before taking any action.