Hot Features
Premium
Level up your trading with our powerful tools and real-time insights all in one place.
Following the recent attacks on decentralized finance (DeFi) protocols, Binance CEO Changpeng Zhao addressed Binance users through social media, providing reassurance that their funds remain secure and unaffected by the ongoing security issues.
Millions of dollars’ worth of cryptocurrencies were stolen in the targeted attacks on Curve’s liquidity pool, which is a widely used automated market maker platform. The attackers took advantage of a vulnerability in Vyper, an alternative programming language for Ethereum smart contracts, as disclosed by Curve on Twitter. Nevertheless, Binance has verified that their platform exclusively utilizes versions 0.3.7 and higher of Vyper, guaranteeing protection for their users.
The identified vulnerability is a “re-entrancy” bug within Vyper, impacting specific components of the Curve system. Exploiting this bug, attackers managed to drain funds from numerous stablecoin pools on Curve Finance, leading to significant losses exceeding $50 million. Ancilia, a security firm, performed an analysis and detected the affected contracts. Among them, 136 contracts utilized Vyper 0.2.15 with reentrant protection, 98 contracts used Vyper 0.2.16, and 226 contracts used Vyper 0.3.0, all of which were vulnerable to the attack.
As per the investigation, specific versions of the Vyper compiler exhibited a failure in implementing the reentrancy guard, a crucial mechanism to prevent simultaneous execution of multiple functions within a contract. This oversight opened the door to reentrancy attacks, giving hackers the potential to drain funds from targeted contracts entirely.
Vyper, a contract-oriented and Pythonic programming language, serves as a tool to interact with the Ethereum Virtual Machine (EVM). Its similarity to Python has made it an appealing choice for developers transitioning into the Web3 environment.
The attacks had repercussions beyond Curve Finance, affecting various other DeFi projects. For instance, Ellipsis, a decentralized exchange, disclosed that a limited number of stable pools using BNB were exploited due to an older version of the Vyper compiler.
During the investigation, it was found that certain versions of the Vyper compiler had a flaw in implementing the reentrancy guard, which is a critical mechanism to prevent multiple functions from being executed simultaneously within a contract. This oversight provided an opportunity for reentrancy attacks, enabling hackers to potentially drain funds completely from targeted contracts.
Vyper, a contract-oriented and Pythonic programming language, is utilized to interact with the Ethereum Virtual Machine (EVM). Its resemblance to Python has made it an attractive option for developers transitioning into the Web3 environment.
The impact of the attacks extended beyond Curve Finance, affecting several other DeFi projects. For example, Ellipsis, a decentralized exchange, reported that a limited number of stable pools using BNB were exploited due to an older version of the Vyper compiler.
Learn from market wizards: Books to take your trading to the next level
