Fun

Curve Finance awards dev $250K for finding reentrancy vulnerability

News Feed - 2024-05-01 07:05:33

Arijit Sarkar13 hours agoCurve Finance awards dev $250K for finding reentrancy vulnerabilityCurve Finance awarded cybersecurity researcher Marco Croc with its maximum bug bounty award of $250,000 after thoroughly investigating the security flaw.2452 Total views3 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksA security researcher was rewarded $250,000 for discovering a vulnerability that has historically allowed hackers to pull out millions of dollars from cryptocurrency protocols. 


Pseudonymous cybersecurity researcher Marco Croc from Kupia Security identified a reentrancy vulnerability in decentralized finance (DeFi) protocol Curve Finance.


In an X thread, he explained how the bug could be exploited to manipulate balances and withdraw funds from liquidity pools.


Curve Finance acknowledged potential security flaws and “recognized the severity of the vulnerability,” Marco Croc explained. After a thorough investigation, Curve Finance awarded Marco Croc its maximum bug bounty award of $250,000.Source: Curve Finance


According to Curve Finance, the threat was classified as “not as dangerous,” and they believed they could recover the stolen funds in such a case. 


However, the protocol said a security incident of any scale “could have caused serious panic if it had happened.”


Related:Curve Finance debt will cause "one more stress test" in February — Analyst


Curve Finance recently recovered from a $62 million hack in July. As part of returning to normalcy, the DeFi protocol voted to reimburse $49.2 million worth of assets to the liquidity providers (LPs).Source: Curve Finance


On-chain data confirms that 94% of tokenholders approved the disbursement of tokens worth over $49.2 million to cover the losses of the Curve, JPEG’d (JPEG), Alchemix (ALCX) and Metronome (MET) pools.


According to Curve’s proposal, the community fund will supply the Curve DAO (CRV) tokens. The final amount also includes a deduction for the tokens recovered since the incident.


“The overall ETH to recover was calculated as 5919.2226 ETH, the CRV to recover was calculated as 34,733,171.51 CRV and the total to distribute was calculated as 55’544’782.73 CRV,” reads the proposal.


The attacker exploited a vulnerability on stable pools using some versions of the Vyper programming language. The bug made Vyper’s 0.2.15, 0.2.16 and 0.3.0 versions vulnerable to reentrancy attacks.


Magazine:68% of Runes are in the red — Are they really an upgrade for Bitcoin?# Business# Rewards# Awards# Hackers# Hacks# DeFi# Curve FinanceAdd reaction

News Feed
SEC in Settlement Talks With ‘Fraudulent’ ICO Organizer Reg Middleton
The U.S. Securities and Exchange Commission (SEC) announced it has entered into settlement discussions with Reggie Middleton, organizer of the $14.8 million Veritaseum (VERI) initial coin offering (ICO).
2019-10-09 23:57 PM
Digital Currency Group first-quarter revenue jumps 51% despite GBTC outflows
Ana Paula Pereira4 hours agoDigital Currency Group first-quarter revenue jumps 51% despite GBTC outflowsRevenue at Digital Currency Group (DCG) increased 51% to $229 million in the first quarter of 2024, driven by the re
2024-05-10 04:20 AM
Helen Partz10 hours agoOPNX’s $30M Hodlnaut bid rejected as FLEX token plummets 90%: ReportThe interim judicial managers of Hodlnaut argued that the $30 million offer of FLEX tokens is “illiquid” and has “specula
2023-09-19 22:16 PM
Total Value Locked in Defi Takes a Hit Losing $21 Billion in 6 Days
Total Value Locked in Defi Takes a Hit Losing $21 Billion in 6 Days Over the last six days, the total value locked (TVL) in decentralized finance (defi) has dropped 9.21% from a hi
2022-04-12 03:00 AM
‘100x Lower Than L1 Fees’ — Alchemy Integrates Ethereum L2 Product Starknet to Increase Web3 Scalability
"100x Lower Than L1 Fees" — Alchemy Integrates Ethereum L2 Product Starknet to Increase Web3 Scalability According to the startup Starkware, the team’s Ethereum layer two
2022-03-09 04:30 AM
Btcpay Introduces New Coinjoin Plugin for Enhanced Bitcoin Privacy for Merchants
Btcpay Introduces New Coinjoin Plugin for Enhanced Bitcoin Privacy for Merchants On Monday, Wasabi Wallet and the open-source bitcoin payment processor Btcpay announced a new plugi
2023-02-28 15:30 PM
India’s Digital Currency to Take ‘Very Calibrated, Graduated’ Approach, Says RBI Deputy Governor
India"s Digital Currency to Take "Very Calibrated, Graduated" Approach, Says RBI Deputy Governor Reserve Bank of India (RBI) Deputy Governor T. Rabi Sankar has outlined the implica
2022-04-09 12:30 PM
Outlier Ventures, Morgan Creek Digital launch Web3 Latam accelerator program
Ana Paula Pereira6 hours agoOutlier Ventures, Morgan Creek Digital launch Web3 Latam accelerator programThe selected teams will receive investment funding and mentorship. The 12-week virtual program includes support in E
2024-07-19 02:25 AM
Bitcoin LTHs Start Taking Profits – Metrics Reveal Whales Are Actively Spending
Este artículo también está disponible en español. Bitcoin has reached new all-time highs for four consecutive days, hitting $99,500 just hours ago. The relentless surge h
2024-11-23 05:00 AM
US Senator Calls on SEC Chairman to Provide Regulatory Clarity on Cryptocurrencies
US Senator Calls on SEC Chairman to Provide Regulatory Clarity on Cryptocurrencies A U.S. senator has asked the chairman of the U.S. Securities and Exchange Commission (SEC), Gary
2021-09-26 00:00 AM
Yashu Gola7 hours agoCan Cardano whales stop ADA price from falling 20%?The amount of ADA being held by Cardano"s richest investors has surged to its highest level in almost a year.1305 Total views5 Total sharesListen to
2023-08-09 01:07 AM
Google Exploring Blockchain Products — CEO Shares Web3 Strategies
Google Exploring Blockchain Products — CEO Shares Web3 Strategies Google has shared some details of its web3 and blockchain strategies. “As a company, we are looking at ho
2022-02-07 09:30 AM