🔥Early Access List: Land A High Paying Web3 Job In 90 Days LEARN MORE

Developer awarded $250 for finding reentrancy vulnerability by Curve Finance

In this post:

Cryptocurrency and DeFi protocols have faced increasing problems due to vulnerabilities and resultant loss of funds. As the problems have continued, those identifying it have contributed to the benefit of the cause of decentralized finance. In a big discovery, a cybersecurity expert identified a vulnerability in Curve Finance protocol which could be used for withdrawal of funds from the liquidity pool.

Cryptocurrency protocols and vulnerability 

There has been an estimate of losses amounting to $758 million due to vulnerabilities in DeFi protocols in Q3 of 2023. There have been a staggering 116 cases which show that there is an urgent need for enhancement of security. A workforce needs to be deployed for this purpose to identify vulnerabilities and address problems. 

In a recent discovery, Curve Finance protocol has identified a vulnerability in the DeFi system. The vulnerability is of historical importance as it has resulted in the loss of millions of dollars for years. The vulnerability has resulted in hackers’ access to the protocol’s liquidity pool and drawing out funds. 

There have been a range of security attacks in 2023 and major areas of focus for hackers included smart contract vulnerabilities, reentry attacks, and Oracle manipulation attacks. The first one is of critical importance because if a hacker is able to identify a vulnerability, they can use it for negative purposes, affecting the funds and security of the protocol.  

See also  Crypto’s Q4 is loaded: Here are the top bullish setups as Uptober kicks off

Claim of a key vulnerability in Curve Finance and other protocols came from a cybersecurity expert Marc Croc. Belonging to Kupia security, Marc Croc said that the vulnerability resulted in the loss of funds from the liquidity pool. The mentioned cybersecurity expert also added that it has led to the loss of millions from various protocols. 

Reentrancy Vulnerability in Curve Finance

Reenetracy vulnerability was verified by the developers’ team from Curve Finance. In a detailed overview, they were able to identify and confirm it. According to official sources, the bug could manipulate the balances of a DeFi protocol. The manipulation of balances could also result in the withdrawal of funds from the liquidity pool.

According to Curve Protocol sources, the bug didn’t pose an existential threat but it could create panic if any such incident took place. Furthermore, the company believed that they could recover funds in case such an incident took place. In July Curve Finance was able to recover funds amounting to $62 million which had been stolen after a vulnerability was exposed to hackers. 

See also  Ethereal Exchange posts community vote proposal to build USDe perpetual DEX

Furthermore, the protocol members agreed to return assets valuing $49.2 million to liquidity providers. It announced the recovery of ETH assets, CRV, and other assets that were recovered by whitehat hackers. 

Curve protocol has brought forward a proposal the community fund will supply CRV tokens. The attackers identified a vulnerability in the Vyper language where problems were found in versions 0.2.15, 0.2.16, and 0.3.0.

Developer rewarded $250K

It was a critical problem that would have created problems for the development team because of the increased panic amongst the users and investors. To face the problem promptly, a cybersecurity expert identified the problem, not revealing their identity. 

Once the problem was confirmed, the protocol awarded the whitehat maximum bug bounty of $250K. The whitehat shared the details in the X thread, thanking Curve Finance. Furthermore, the account shared the details of how the vulnerability would affect the protocol. 

Conclusion

In a recent tweet from a whitehat cybersecurity expert, Marc Croc announced the discovery of a vulnerability in Curve Finance. The development team confirmed and addressed the problem, announcing a bounty amount of $250K for the mentioned whitehat. Though the problem wasn’t an existential threat, it would have created a panic.

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Cryptopolitan
Subscribe to CryptoPolitan

Interested in launching your Web3 career and landing a high-paying job in 90 days?

Leading industry experts show you how with this brand new course: Crypto Career Launchpad

Join the early access list below and be the first to know when the course opens its doors. You’ll also save $100’s off the regular launch price.