Several decentralized finance protocols were hit on Sunday by attackers who stole more than $24 million worth of crypto. The attackers leveraged a vulnerability in liquidity pools on Curve, the automated market maker platform.
The vulnerability was traced back to Vyper, an alternative, third-party programming language for Ethereum smart contracts, according to Curve on Twitter. Curve said other liquidity pools that don’t leverage the language are fine.
A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.
Other pools are safe. https://t.co/eWy2d3cDDj
— Curve Finance (@CurveFinance) July 30, 2023
Liquidity pools are smart contracts that hold tokens, and they can provide liquidity to crypto markets in a way that doesn’t rely on financial intermediaries. But, as several projects learned on Sunday, a small flaw can yield substantial losses.
$11 million worth of cryptocurrency was stolen from the NFT lending protocol JPEG’d, according to decentralized finance security firm Decurity. JPEG’d was among the first to identify an issue with its pool on Curve.
“There was an attack,” JPEG’d said on Twitter. “We’ve been looking into the issue the moment we were made aware and […] the issue seems to be related to the Curve pool.”
JPEG’d enables users to post NFTs as collateral for loans. In terms of assets deposited into JPEG’d, the protocol has a total value locked (TVL) of around $32 million. JPEG’d said code responsible for safekeeping NFTs and treasury funds was unaffected.
The protocol’s governance token JPEG was down 23% as of this writing, according to data from CoinGecko. On Sunday, the coin scraped by an all-time low of $0.000347.
In a now-deleted Tweet, Curve initially described the vulnerability as a run-of-the-mill, read-only “re-entrancy” attack that could’ve been avoided. A re-entrancy attack happens when a smart contract interacts with another contract, which in turn calls back to the first contract before fully executing.
Re-entrancy vulnerabilities allow an attacker to cram multiple calls into a single function and trick a smart contract into calculating improper balances. One of the most prominent examples of was the $55 million 2016 DAO hack on Ethereum.
Replying to a Twitter account that reprised the scrubbed statement later, however, Curve said its initial impression was wrong.
“Yep, not read-only,” Curve said, adding there was “no wrongdoing on the side of projects who integrated, or even users of vyper.”
Yep, not read only. No wrongdoing on the side of the projects who integrated, or even users of vyper here
— Curve Finance (@CurveFinance) July 30, 2023
Re-entrancy attacks are an all-too-common vector for attackers to pilfer protocols, Meir Dolev, co-founder and CTO of cybersecurity firm Cyvers, told Decrypt.
“They are quite common,” Dolev said. “And it’s possible to avoid them with the proper design and development.”
The issue wasn’t specific to JPEG’d. Not long after the NFT lending protocol was exploited, Alchemix and Metronome DAO lost $13.6 million and $1.6 million respectively in a similar manner, he said.
Alchemix acknowledged on Twitter that it is actively working to fix a problem with its liquidity pool. MetronomeDAO said on Twitter its investigation of what happened is ongoing, describing the attack as “part of a broader set of exploits.”
In the case of JPEG’d, the attacker was front-run by a maximal extractable value (MEV) bot, Dolev said. The bot identified the would-be attacker’s transaction and paid a fee to execute a similar transaction ahead of them.
Vyper said on Twitter that it was the programming language’s compiler that had failed. When a developer is finished writing code, it is then compiled from a human-readable format into a form that computers can execute.
This prevented re-entry guards—protections that were included in the projects’ code and should guard against re-entry attacks—from working, Dolev said.
“The compiler, in some versions, failed to compile it in the right way,” Dolev said. “It has some bugs or failures.”
