The reason for the Curve attack is determined to be a vulnerability in the Ethereum programming language Vyper.
At 12:44 AM, the Ethereum programming language Vyper tweeted that the reentrancy locks in versions 0.2.15, 0.2.16, and 0.3.0 had failed. At 12:45 AM, Curve's official Twitter stated that many stablecoin pools (alETH/msETH/pETH) that use Vyper 0.2.15 were targeted in the attack due to a failure in reentrancy locks.
Some community members pointed out that the version recommended in the Vyper official documentation was actually flawed. Vyper is a contract programming language designed specifically for the Ethereum Virtual Machine (EVM). It is considered one of the most widely used Web3 programming languages.
An error in the smart contract language layer means that almost all protocols using Vyper will be affected.
TokenInsight is dedicated to covering the most important and cutting-edge trends in the world of crypto. If you have information to share with us, please feel free to contact our email news@tokeninsight.com. Your trust will be well respected.
Security Incidents
Curve
Ethereum
