This article sorts out the serial attacks caused by the failure of the programming language Vyper

Author: Wu Shuo Blockchain

process

At 21:34 on July 30, PeckShield detected that the NFT lending agreement JPEG'd was suspected to be attacked. At 21:10, more than 6,100 WETH (worth about 11.45 million US dollars) were transferred to the address: 0x94…A6Ab. According to Curve Finance, JPEG'd was subject to a read-only reentrancy attack. Currently, the price of pETH in the pETH-ETH pool on Curve has dropped to $383. pETH is an ETH derivative asset issued by JPEG'd. JPEG'd tweeted that the pETH-ETH curve pool was attacked, the vault contract that allows borrowing NFT is still safe and stable, and NFT and treasury assets are not affected.

22:50 msETH-ETH is attacked.

23:34 alETH-ETH is attacked.

At 0:44 on July 31, the Ethereum programming language Vyper tweeted that the reentry locks of Vyper versions 0.2.15, 0.2.16 and 0.3.0 were invalid.

0:45 Curve’s official Twitter post stated that due to the failure of the reentry lock, many stablecoin pools (alETH/msETH/pETH) using Vyper 0.2.15 were attacked, and other pools were safe.

0:57 Paidun statistics were affected by this. The DeFi lending agreement Alchemix, NFT lending agreement JPEG'd, DeFi synthetic asset agreement MetronomeDAO, cross-chain bridge deBridge, and the DEX project Ellipsis on the BNB Chain using the Curve mechanism suffered a cumulative loss of more than 26.76 million US dollars.

2:46 Metronome issued a document saying that as a precautionary measure, the Metronome mainnet function has been suspended.

3:08 CRV-ETH was attacked, and the lowest CRV on the chain dropped to about 0.08. However, since the price of AAVE was taken from Chainlink, the latter did not reflect the abnormal price, so Curve founder Michael Egorov's position in AAVE was not liquidated.

According to @Super4DeFi, during this period, some arbitrageurs purchased 600 alteth with 0.1ETH and 1200 alteth with 4 ETH. Alchemix officially issued a statement saying that the alETH-ETH pool lost 5000 ETH, and the current alteth = 0.7ETH. OlympusDAO broke away from fraxBP, converted the treasury stablecoin into 1800 pieces of DAI, and deposited it in DSR, and the remaining 7 million USDC were also prepared to be exchanged for DAI.

At 7:26, Paidun once again counted that the loss of the security incident had exceeded 51.95 million US dollars.

7:50 CRV/ETH Pool Mev Bot deployer c0ffeebabe.eth returned 2,879.54 ETH to the Curve Finance deployer, worth about $5.39 million.

At 9:37, South Korea’s largest exchange, Upbit, announced that due to the attack on some of Curve’s stablecoin pools, CRV fluctuated greatly, and Curve (CRV) deposit and withdrawal services have been suspended.

Other effects

According to defillama data, Curve Finance TVL decreased by 43.6% in 24 hours to US$1.84 billion; Convex Finance TVL decreased by 48.5% in 24 hours to US$14.9 billion.

The Aave Ethereum v2 version has disabled the CRV borrowing function (probably to prevent traders from using the Curve vulnerability to panic, and the malicious shorting of the borrowed CRV prompts serial liquidation). According to the proposal AIP-125 passed by Aave governance, in the face of some emergencies, the agreement can prohibit the borrowing function of specific assets. There is currently over 300 million CRV supply in Aave v2 (about 95% from CRV founder Michwill's supply), and only about 35 million CRV have been lent.

At present, the deposit and lending APY of underlying assets such as USDC, USDT, and DAI in Aave has increased significantly. The current USDC deposit and lending APY still exceeds 20%, and USDT exceeds 25%. Since the Curve hacker (0xb1...c148) made a profit of 7,193,402 CRV worth 4.6 million US dollars, users are still worried about the huge CRV liquidation of Curve founder Michwill and the chain reaction (CRV on the chain once fell to $0.08, but Chainlink oracles were not included, so liquidations were not triggered).

Currently Michwill has 293,020,675 CRV collateral ($187 million) and 59,674,100 USDT debt in Aave v2, with a liquidation line of about $0.37; Fraxlend has 71,107,195 CRV collateral ($445.46 million) and 21,337,989 FRAX debt (2130 million dollars), liquidation 63,404,437 CRV collateral ($31.9 million) and 18,787,110 MIM debt in Abracadabra, liquidation line ~$0.39; 25,128,033 CRV collateral ($16 million) and 7,689,209 DOLA debt in Inverse, liquidation line ~$0.4 $0.4. In the past 6 hours, Michwill has successively paid off part of the debt.

SlowMist @IM_23pds pointed out that the version recommended by the official Vyper document is actually a flawed version; Cosine pointed out that bugs in the smart contract language layer caused the reentry lock defense of some well-known projects to fail, and black and white hat hackers and MEV Bots went crazy All kinds of re-entry manipulation and front-running took away funds. What I am most afraid of is this kind of base layer vulnerability. Fortunately, this time it is not Solidity, but the less popular Vyper that has a problem. Or even further, it's not an EVM or something more fundamental layer problem.