Fun

Curve Finance awards dev $250K for finding reentrancy vulnerability

News Feed - 2024-05-01 07:05:33

Arijit Sarkar13 hours agoCurve Finance awards dev $250K for finding reentrancy vulnerabilityCurve Finance awarded cybersecurity researcher Marco Croc with its maximum bug bounty award of $250,000 after thoroughly investigating the security flaw.2452 Total views3 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksA security researcher was rewarded $250,000 for discovering a vulnerability that has historically allowed hackers to pull out millions of dollars from cryptocurrency protocols. 


Pseudonymous cybersecurity researcher Marco Croc from Kupia Security identified a reentrancy vulnerability in decentralized finance (DeFi) protocol Curve Finance.


In an X thread, he explained how the bug could be exploited to manipulate balances and withdraw funds from liquidity pools.


Curve Finance acknowledged potential security flaws and “recognized the severity of the vulnerability,” Marco Croc explained. After a thorough investigation, Curve Finance awarded Marco Croc its maximum bug bounty award of $250,000.Source: Curve Finance


According to Curve Finance, the threat was classified as “not as dangerous,” and they believed they could recover the stolen funds in such a case. 


However, the protocol said a security incident of any scale “could have caused serious panic if it had happened.”


Related:Curve Finance debt will cause "one more stress test" in February — Analyst


Curve Finance recently recovered from a $62 million hack in July. As part of returning to normalcy, the DeFi protocol voted to reimburse $49.2 million worth of assets to the liquidity providers (LPs).Source: Curve Finance


On-chain data confirms that 94% of tokenholders approved the disbursement of tokens worth over $49.2 million to cover the losses of the Curve, JPEG’d (JPEG), Alchemix (ALCX) and Metronome (MET) pools.


According to Curve’s proposal, the community fund will supply the Curve DAO (CRV) tokens. The final amount also includes a deduction for the tokens recovered since the incident.


“The overall ETH to recover was calculated as 5919.2226 ETH, the CRV to recover was calculated as 34,733,171.51 CRV and the total to distribute was calculated as 55’544’782.73 CRV,” reads the proposal.


The attacker exploited a vulnerability on stable pools using some versions of the Vyper programming language. The bug made Vyper’s 0.2.15, 0.2.16 and 0.3.0 versions vulnerable to reentrancy attacks.


Magazine:68% of Runes are in the red — Are they really an upgrade for Bitcoin?# Business# Rewards# Awards# Hackers# Hacks# DeFi# Curve FinanceAdd reaction

News Feed

Opensea’s All-Time NFT Sales Volume Crosses $20 Billion
Opensea"s All-Time NFT Sales Volume Crosses $20 Billion Data indicates the non-fungible token (NFT) marketplace Opensea has crossed $20 billion in all-time sales. The leading NFT m
Crypto sleuth warns of scammers behind DeFi protocol
Ana Paula Pereira2 hours agoCrypto sleuth warns of scammers behind DeFi protocolThe group has been linked to several rug pulls, among them Magnate, Kokomo, Solfire and Lendora.580 Total views31 Total sharesListen to arti
The Fed Could Take 10 Years to Get Inflation Under Control, Says Almonty Industries CEO
The Fed Could Take 10 Years to Get Inflation Under Control, Says Almonty Industries CEO The CEO of Almonty Industries has warned that it could take the Federal Reserve 10 years to
William Suberg2 hours agoCrypto traders urge caution as Bitcoin price hits 3-month high near $31KBitcoin faces 2023 resistance levels next after the weekly close sees a 3% BTC price push.2561 Total views12 Total sharesLi
Altseason On The Way? Key DeFi Developments Signal Major Crypto Surge
Este artículo también está disponible en español. In every market cycle, the altseason is an anticipated period for investors marked by a general altcoins’ price ou
Gareth Jenkinson14 hours agoUK’s ‘Help with Fees’ scheme won’t define crypto as disposable incomeThe Ministry of Justice’s proposed “Help with Fees” scheme will not classify cryptocurrencies as disposable i
Crypto Hedge Fund Galois Capital Shuts Down — ‘We Lost Almost Half Our Assets to FTX Disaster’
Crypto Hedge Fund Galois Capital Shuts Down — "We Lost Almost Half Our Assets to FTX Disaster" Crypto hedge fund Galois Capital is shutting down after losing about half of its as
Homeowners Can’t Pay: US Lenders Prepare for Catastrophic Real Estate Market
Homeowners Can"t Pay: US Lenders Prepare for Catastrophic Real Estate Market The coronavirus has managed to seep into every facet of the global economy and it seems nothing will
Gareth Jenkinson10 hours agoTether, Bitfinex agree to drop opposition to FOIL requestTether and Bitfinex say the decision not to appeal the Freedom of Information Law request by several media outlets was made in the inte
Crypto chief bids SEC farewell after 9 years of service
Ezra Reguerra10 hours agoCrypto chief bids SEC farewell after 9 years of serviceDavid Hirsch has worked as an enforcement attorney for the SEC since 2015 and started his post as the chief of the crypto asset division in
Crypto Prices Show Signs of Recovery, Market Analyst Says ‘Bitcoin Remains in a Healthy Place’
Crypto Prices Show Signs of Recovery, Market Analyst Says "Bitcoin Remains in a Healthy Place" Bitcoin and a number of other cryptocurrencies have regained some
Ana Paula Pereira8 hours agoAave’s Earning Farm protocol targeted by reentrancy attack — PeckShieldAccording to the blockchain security firm, Aave’s Earning Farm was compromised by a reentrancy attack on Aug. 9.910