Losses of over $50 million A comprehensive analysis of the cascade attack event caused by the programming language Vyper malfunction.

Over $50 million losses caused by Vyper programming language malfunction - a comprehensive cascade attack analysis.

Edit | Wu Talks Blockchain

Chronology of Events

On July 30th at 21:34, PeckShield detected a suspected attack on the NFT lending protocol JPEG’d. At 21:10, over 6,100 WETH (worth approximately $11.45 million) was transferred to the address 0x94…A6Ab. Curve Finance pointed out that JPEG’d suffered a read-only reentrancy attack. Currently, the price of pETH in the pETH-ETH pool on Curve has dropped to $383. pETH is a derivative asset issued by JPEG’d. JPEG’d tweeted that the pETH-ETH curve pool was attacked, but the insurance library contract that allows for borrowing and lending of NFTs remains secure and stable, and NFTs and treasury assets are unaffected.

At 22:50, msETH-ETH was attacked.

At 23:34, alETH-ETH was attacked.

• Arthur Hayes In the future, humans will collaborate with AI through DAO.
• Opinion Block space is a commodity, and the growth trajectory of blockchain networks is similar to that of telecommunications networks.
• Exploring Sidechains and Rollups Differences and Similarities in Architecture, Security Assurance, and Scalability Performance

On July 31st at 0:44, Ethereum programming language Vyper tweeted that the reentrancy lock is ineffective in versions 0.2.15, 0.2.16, and 0.3.0.

At 0:45, Curve’s official Twitter account stated that due to a malfunction in the reentrancy lock, many stablecoin pools (alETH/msETH/pETH) using Vyper 0.2.15 were attacked, while other pools remain secure.

At 0:57, Pylon Finance reported that DeFi lending protocol Alchemix, NFT lending protocol JPEG’d, DeFi synthetic asset protocol MetronomeDAO, cross-chain bridge deBridge, and Ellipsis, a DEX project on the BNB Chain using Curve mechanisms, collectively lost over $26.76 million.

At 2:46, Metronome announced that as a precautionary measure, Metronome’s mainnet functionality has been temporarily suspended.

At 3:08, CRV-ETH was attacked, causing the on-chain CRV price to drop to around 0.08. However, since AAVE’s price is sourced from Chainlink, which did not reflect the abnormal price, Curve founder Michael Egorov’s position in AAVE was not liquidated.

According to @Super4DeFi, during this period, arbitrageurs bought 600 alETH for 0.1 ETH and 1200 alETH for 4 ETH. Alchemix issued a statement stating that the alETH-ETH pool suffered a loss of 5000 ETH, and the current value of alETH is 0.7 ETH. OlympusDAO disconnected from fraxBP, converted the treasury stablecoin into 1800 WOOFY tokens, and deposited them into the DSR, while the remaining 7 million USDC tokens are being prepared for conversion into DAI.

At 7:26, Pylon Finance recalculated the losses from this security incident, which exceeded $51.95 million.

At 7:50, the Mev Bot that front-ran the CRV/ETH pool deployed by c0ffeebabe.eth returned 2,879.54 ETH to the Curve Finance deployer, worth approximately $5.39 million.

At 9:37, Upbit, the largest exchange in South Korea, announced that due to the attack on certain stablecoin pools on Curve, causing significant volatility in CRV, deposit and withdrawal services for Curve (CRV) have been suspended.

Other Impacts

According to defillama data, Curve Finance’s TVL decreased by 43.6% in the past 24 hours, currently standing at $1.84 billion, and Convex Finance’s TVL decreased by 48.5% in the past 24 hours, currently standing at $14.9 billion.

Aave Ethereum v2 has disabled the CRV borrowing function (possibly to prevent traders from panic-selling by maliciously shorting CRV and triggering a cascade liquidation due to the Curve vulnerability incident). According to the AIP-125 proposal previously approved by Aave governance, the protocol can disable borrowing for specific assets in the face of unforeseen events. Currently, there is over 300 million CRV supply in Aave v2 (approximately 95% of which is supplied by CRV founder Michwill), with only about 35 million CRV borrowed.

Currently, there has been a significant increase in the borrowing and lending APYs for assets such as USDC, USDT, and DAI in Aave. The current APY for USDC borrowing and lending still exceeds 20%, and for USDT it exceeds 25%. Due to the attack by the Curve hacker (0xb1…c148) who profited from 7,193,402 CRV worth 4.6 million USD, users are still concerned about the massive liquidation of CRV by Curve founder Michwill and the resulting chain reaction (the on-chain CRV briefly dropped to $0.08, but it did not trigger liquidation as Chainlink oracle did not provide feedback).

Currently, Michwill has 293,020,675 CRV collateral (187 million USD) and 59,674,100 USDT debt in Aave v2, with a liquidation threshold of approximately $0.37; in Fraxlend, there is 71,107,195 CRV collateral (44.546 million USD) and 21,337,989 FRAX debt (21.3 million USD), with a liquidation threshold of approximately $0.4; in Abracadabra, there is 63,404,437 CRV collateral (31.9 million USD) and 18,787,110 MIM debt, with a liquidation threshold of approximately $0.39; in Inverse, there is 25,128,033 CRV collateral (16 million USD) and 7,689,209 DOLA debt, with a liquidation threshold of approximately $0.4. In the past 6 hours, Michwill has been gradually repaying some of the debt.

IM_23pds from SlowMist pointed out that the version recommended in the official Vyper documentation is actually flawed; Cosine pointed out that bugs in the smart contract language layer caused the reentrancy lock defense of some well-known projects to fail, and both white hat and black hat hackers, as well as MEV Bots, went crazy with various reentrancy manipulations and frontrunning to take funds. The most feared are these kind of foundational layer vulnerabilities. Fortunately, this time it’s not Solidity, but the less popular Vyper that has issues. Or to go further, it’s not a problem with the EVM or other more foundational layers.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!