• A vulnerability in the Vyper programming language used by DeFi protocols like Curve Finance led to the exploit of multiple Curve liquidity pools on Sunday, July 30.
• Nearly $100 million worth of digital assets were put at risk due to this code vulnerability.
• The price of the native token (CRV) was saved by centralized exchange (CEX) price feed which prevented it from collapsing to zero.
Vulnerability Found in Vyper Programming Language
A vulnerability was found in the version 0.2.15, 0.2.16 and 0.3.0 of the Vyper programming language, widely used by DeFi protocols like Curve Finance, leading to a malfunctioning reentrancy lock and the exploit of multiple Curve liquidity pools on Sunday, July 30th.
Assets Put At Risk
The flaw in three variants of the programming language may have an effect on a number of other protocols and nearly $100 million worth of digital assets were put at risk due to this code vulnerability as money was drained from four Curve pools: aETH/ETH, msETH/ETH, pETH/ETH and CRV/ETH..
Collapse Of Token Price
The price of the native token of Curve Finance (CRV) collapsed on the DeFi market due to significant draining from several pools; however, it was eventually saved by a centralized exchange price feed which prevented it from collapsing to zero as it traded at $0.60 on centralized exchanges (CEXs).
Help For Developers
The BlockSec team offered their help for developers facing similar issues tweeting “@CurveFinance , please DM us if you need any help”.
The attack caused panic among investors as millions were drained from key liquidity services but luckily CEX price feed managed to prevent further damage and collapse preventing further losses for investors who held their funds in CRV tokens or those who had invested in any related pool that got affected by this attack.