In July 2023, multiple attackers exploited a bug in the Vyper programming language. This allowed them to exploit Curve Finance and steal an estimated $70 million from various projects, including Alchemix, JPEG’D, and Metronome. However, efforts by whitehat hackers exploiting the vulnerability decreased the total losses to approximately $52 million.
Inside the Attack
The attack against Curve Finance exploited vulnerabilities in the Vyper compiler. While Solidity is the primary programming language on the Ethereum blockchain, other programming languages have been developed or adapted to work with it as well. Vyper is a Pythonic programming language that can be compiled to bytecode that will run on the Ethereum Virtual Machine (EVM).
The July 2023 hack of Curve and other projects exploited vulnerabilities in certain versions of the Vyper compiler, including versions 0.2.15, 0.2.16, and 0.3.0. These vulnerabilities dealt with protection against reentrancy attacks.
Without these protections, the attackers were able to carry out reentrancy attacks against protocols that believed that they were protected against the attack.
Affected protocols include:
Alchemix: After being notified by Curve of the threat, Alchemix attempted to extract value from its vulnerable alETH/ETH Curve pool. They successfully withdrew about 8,000 alETH, but attackers beat them to a withdrawal of 5,000 ETH. Another attacker exploited the slippage during the withdrawal process to swap 5 ETH for 1200 alETH.
Curve: The CRV/ETH pool was exploited twice for over $18.5 million.
JPEG’d: JPEG’d was first targeted by a failed exploit, which resulted in a reverted transaction and no theft. A frontrunner then drained nearly $11.5 million from the protocol’s pETH/ETH pool.
Metronome: Metronome’s msETH/WETH contract was exploited for over $1.6 million.
In some cases, these exploits were carried out by MEV bots, and the funds were returned. This brought the total cost of the Vyper exploits down from the original $70 million to about $52 million.
Lessons Learned from the Attack
This attack exploited a zero-day vulnerability in the Vyper compiler. Smart contracts compiled with affected versions of Vyper could be vulnerable to reentrancy attacks due to failed reentrancy locks.
While the Curve pool hacks were a major, visible exploit of this vulnerability, other protocols may be vulnerable as well. For help in determining if your Web3 project might be affected or for assistance in securing your smart contracts against exploitation, get in touch.