The Curve-Vyper Exploit


Unveiling vulnerabilities within the decentralized finance landscape


Aug 7, 2023

A tumultuous week in the decentralized finance (DeFi) realm was ignited by a significant security breach, resulting in more than a $60 million heist from Curve Finance's pools on July 30th. This breach spotlighted vulnerabilities within DeFi projects, underscoring the need for enhanced security measures.

Deliberate cyberattacks targeted stable pools within Curve Finance via a reentrancy vulnerability arising from the Vyper programming language, an alternative to Solidity.

The incident echoes a pattern of DeFi exploits, emphasizing the urgency of identifying and rectifying smart contract vulnerabilities. Lessons extend to comprehensive testing, code audits, and continuous oversight. The promise of a decentralized financial landscape is met with challenges, including coding errors, enforcement, and composability risks. The impetus lies with collaborative efforts to secure the DeFi ecosystem, fostering innovation while mitigating potential pitfalls.

Read on as we recount the Curve-Vyper exploit, explain software vulnerabilities, and highlight implications and lessons learned.

The Curve-Vyper Exploit

The DeFi ecosystem faced significant challenges following the July 30th heist. A sequence of deliberate cyberattacks was directed towards several stable pools within the Curve Finance ecosystem. These attacks capitalized on a security vulnerability within the Vyper programming language.

With $3 billion in liquidity, Curve is the second largest and most structurally significant decentralized exchange (DEX) in DeFi. Curve’s CRV governance and rewards token decreased 13.4% to 64 cents after falling as low as 58 cents as a result of the exploits. Total Value Locked (TVL) on Curve Finance was \$3.26 billion before the July 30th exploit and \$1.68 billion after, representing a 50% drop overall. 

A \$100 million loan collateralized by 47% of the circulating supply of CRV to Curve Finance’s founder, Michael Egorov, further challenged stability of the DeFi ecosystem. The Curve-Vyper exploit triggered a sharp drop in the value of CRV tokens and raised concerns about the potential liquidation of collateralized loans, resulting in cascading effects throughout the ecosystem. To limit the DeFi contagion effect, Egorov sold a significant portion of CRV tokens, approximately $39.25 million, at a discounted rate to make partial payments on the loans.

The sequence of attacks was initiated around 9:30 am EST on July 30th to exploit the pETH-ETH liquidity pool associated with JPEG'd, resulting in an overwhelming loss exceeding  $11 million. Four additional attacks unfolded, each potentially orchestrated by multiple hackers (Exhibit 1).

Exhibit 1: Overview of Curve-Vyper Exploits

Source: Samara Alpha Management; CoinDesk

Reentrancy Attacks

A reentrancy attack represents a well-known security vulnerability within smart contracts in Solidity for Ethereum. This exploit results in depleting funds, siphoning tokens, and distorting contract behavior. Here's a simplified example of a reentrancy attack:

  1. Victim’s contract has a “withdraw" function for fund withdrawal

  2. Attacker calls “withdraw” and creates a malicious contract

  3. Victim’s contract transfers funds to the attacker's contract

  4. Control shifts to attacker's contract before victim's state changes complete

  5. Attacker's contract re-calls victim's “withdraw” in an intermediate state

  6. Victim’s contract transfers more funds to the attacker's contract

  7. Process repeats, enabling multiple fund drains by the attacker's contract

Exhibit 2 highlights several notable reentrancy attacks over the past several years.

Exhibit 2: Prior Notable Reentrancy Attacks

Source: Samara Alpha Management; CoinDesk

We list details of additional exploits at the end of this article.

Preventing Reentrancy Attacks

To prevent reentrancy attacks, the program should ensure internal state changes before external calls, guaranteeing proper updates of contract status. For instance, utilizing function modifiers to safeguard against reentrancy allows only single, sequential execution of vulnerable functions.

Exhibit 3 shows that a “noReentrant” modifier coded in Solidity blocks the “withdraw” function for any reentrancy attempts. 

Exhibit 3: Reentrancy Guard Example (in Solidity) 

In the Curve-Vyper exploit, hackers exploited reentrancy vulnerability in older versions (0.2.15, 0.2.16, and 0.3.0) of Vyper. Furthermore, Curve Finance's contracts were affected via a “raw_call” mechanism due to compromised reentrancy protection, affecting all Curve pools linked to native ETH or adhering to the ERC-777 standard.

Vyper is actively maintained and developed by the Ethereum community and by Curve. Members of the Curve team are actively engaged in the upkeep and management of the Vyper codebase. It aims to improve comprehension and reduce error vulnerability for developers and optimizes bytecode efficiency and gas consumption. However, the adoption of Vyper has been relatively smaller compared to Solidity due to its limited feature set.

Crypto Exploits

Crypto exploits have become increasingly common in recent years. While no crypto sector has been immune, DeFi has been particularly hard hit as the space ballooned to over $100 billion in TVL during the DeFi Summer of 2020.

Hackers have pilfered tens of millions of dollars from decentralized exchanges like Uniswap, lending protocols like Aave, and algorithmic stablecoins like Iron Finance. As shown in Exhibit 4, DeFi protocols have been the target of more than 183 malicious attacks and $5.81 billion in gross total value exploited since 2020. In many cases, a singular protocol has experienced multiple exploits.

Exhibit 4: Notable DeFi Exploits Since 2020

Source: Samara Alpha Management; ChainSec

Preventing Vulnerabilities

The Curve-Vyper exploit serves as a stark reminder of the utmost importance of swiftly identifying and rectifying vulnerabilities within smart contract languages and platforms. Such proactive measures are imperative to ensure the security and dependability of blockchain-based systems. It is crucial to recognize that instances of software bugs, like the one observed in this case, are not uncommon in the realm of software development.

Vigilance and adherence to best practices is vital for developers and projects using Vyper or any other smart contracts programming language. By remaining vigilant and adhering to established protocols, it becomes feasible to both prevent and effectively address potential vulnerabilities. Regularly conducting comprehensive code audits and thorough security assessments emerges as an imperative practice.

Implications for DeFi

These exploits create potential ripple effects throughout the broader DeFi landscape. The interconnectivity of DeFi protocols and the market's sensitivity to security incidents have contributed to heightened concerns about the overall stability and resilience of the ecosystem. For instance, the decline in CRV's token value was somewhat mitigated by price feeds from centralized exchanges (CEX), which helped prevent a complete collapse; Curve's native stablecoin, crvUSD, experienced a brief period of depegging from the US dollar but eventually managed to regain its intended peg; and the deleveraging of Egorov’s Curve loan limited contagion risk.

The allure of a decentralized financial ecosystem without intermediaries is certainly enticing, particularly given its potential to enhance the existing financial system. Yet it is important to also consider the susceptibility of DeFi to hacking and financial misconduct, considering the significant role anonymity plays within this realm, as highlighted in Exhibit 4 above.

Several factors contribute to the complexities and potential pitfalls of the DeFi landscape:

Security Vulnerabilities and Hacks

Auditing protocols for vulnerabilities is challenging. The accessibility of creating smart contracts, coupled with the potential for malicious intent, makes the DeFi ecosystem susceptible to hacks. The absence of stringent verification processes can result in poorly designed contracts with exploitable weaknesses.

Coding Errors and Smart Contract Risks

The execution of sizable and irreversible transactions, which lack the possibility of rectification, becomes precarious when coding errors are present. The integrity of a protocol relies heavily on the security of its underlying smart contracts. Unfortunately, the average user's inability to comprehend the intricacies of contract code impedes their ability to assess its robustness.

Enforcement of Contracts

While a blockchain-based contract may stipulate ownership, practical enforcement of contractual terms is another matter. Legal enforcement mechanisms are required to uphold agreements that extend beyond the digital realm.

Forking and Liquidity Redistribution

The concept of forking, where open-source protocols can be duplicated, can divert liquidity towards alternative protocols. A pertinent example is SushiSwap, a fork of UniSwap, which illustrates how liquidity can shift within the DeFi ecosystem.

Composability and Dependency

DeFi's emphasis on composability offers opportunities for intricate financial engineering. However, this practice also fosters interdependencies, as tokens are built atop one another. Should a single smart contract experience issues, the ripple effect could disrupt multiple applications throughout the DeFi ecosystem.

A Secure and Resilient DeFi Ecosystem

Creating a decentralized financial landscape devoid of intermediaries has certain challenges and nuances. While DeFi presents innovative prospects, it is essential to address its vulnerabilities comprehensively. Achieving a secure and resilient DeFi ecosystem requires the collective efforts of developers, auditors, and regulators to ensure that DeFi protocols truly embody the promise of a transformative financial paradigm.


Further Reading…Exploits in Detail

pETH/ETH Pool Exploit

Exhibit 5 details an exploit that drained pETH from the Curve pool. The attacker swapped pETH to WETH for a profit of 6,106.65 WETH (~$11 million):

Exhibit 5 - pETH/ETH Pool Exploit

Source: Samara Alpha Management; HackMD

msETH/ETH Pool Exploit

Exhibit 6 details an exploit that drained msETH from the Curve pool. The attacker retained a profit of 866.55 ETH (~\$1.6 million) and 959.71 msETH (~\$1.8 million).

Exhibit 6 - msETH/ETH Pool Exploit

Source: Samara Alpha Management; HackMD

alETH/ETH Pool Exploit

Exhibit 7 shows an exploit that drained alETH from the Curve pool. The attacker retained a profit of 7,258.70 ETH (~\$13.6 million) and 4,821.55 alETH (~\$9.0 million).

Exhibit 7 - alETH/ETH Pool Exploit

Source: Samara Alpha Management; HackMD

CRV/ETH Pool Exploit

Exhibit 8 shows an exploit that resulted in the depletion of both CRV and ETH from the Curve pool. Of notable significance is the exploit's uniqueness, which stems from the combination of a “reentrancy guard bug” exploit and an arbitrage exploit. The CRV/ETH Curve pool, initially valued at approximately $47 million, has since been largely depleted.

Typically, a participant contributing liquidity to a pool would expect to be granted pool tokens proportionate to their provided liquidity fraction, calculated against the total pool token supply. However, this exploit deviated from the norm due to a reentrancy bug. Consequently, the assigned pool tokens were computed based on pre-burn balances, enabling the attacker to create a seemingly valid claim on the entire pool's assets by endlessly minting pool tokens.

After the initial exploit, the pool's balances were disrupted, incorrectly showing a remaining CRV balance even though all had been taken. To rectify this, the white-hat hacker contributed CRV, synchronized balances, and converted some CRV to most of the ETH. Currently, the funds have been restored to the Curve Deployer address (not shown).

Exhibit 8 - CRV/ETH Pool Exploit

Source: Samara Alpha Management; HackMD


Previous
Previous

Zombie Coins and Credit Risk

Next
Next

Crypto Seasonality