Sirwin
Sirwin

Curve Gets Hacked.... And Somehow Chainlink is the Hero?

By Michael @ CryptoEQ | CryptoEQ | 31 Jul 2023


You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 50+ reports (including this one) and complete industry-leading analysis on the top crypto assets. 

67cbbf4723857b85c151585aa280e6d940346c501cef75bafd7dea02b44b24c9.png

Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:

  • Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
  • Early access to future CORE ratings: Being early is sometimes just as important as being right!
  • Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
  • CORE report Audio playback: Don’t want to read? No problem! Listen on the go.

Curve Finance

Curve is a decentralized exchange (DEX) with a specific orientation towards stablecoins and stablecoin-related activities, such as swaps and yield generation. Curve operates as an automated market maker (AMM) that works to pair agents with others to conduct transactions without an intermediary party. Curve powers its platform through its own novel dual token infrastructure in the form of CRV and locked CRV tokens (veCRV). This token infrastructure enabled unique liquidity battles known as “Curve Wars.'' Due to the unique voting rights stemming from locking up CRV into veCRV, governance over the protocol is extremely sought after, leading to the phenomenon known as ‘Curve Wars.’ Curve Finance was launched in January 2020 following the publication of the original StableSwap whitepaper by Michael Egorov. Following the protocol build, the CRV token was officially launched in August 2020.

The Curve Finance protocol aims to minimize user swap fees, reduce slippage, and continually guarantee high amounts of liquidity. Curve accomplishes this through economic incentives, novel technology, and strategic partnerships with other DeFi protocols, such as Compound and Yearn Finance.

The Hack

Curve fell victim to an exploit due to a bug in specific versions of Vyper, a programming language used to code smart contracts. The affected liquidity pools were alETH, msETH, and pETH, resulting in losses that exceeded $50 million.

The immediate aftermath of the exploit was a sharp decline in Curve's Total Value Locked (TVL), which decreased by almost 50%, reaching a low of $1.7 billion. This significant contraction in TVL is indicative of the vulnerability that even well-established protocols can face, and it underscores the importance of rigorous code auditing and security measures.

The exploit's impact extended beyond the immediate loss in liquidity pools. Curve's native token, $CRV, experienced significant losses, dropping by over 12%. The price of the CRV/WETH pair on Uniswap, a decentralized exchange, plummeted to nearly zero, reaching a low of around $0.08.

This drastic price movement could have had catastrophic consequences for the broader DeFi ecosystem if it had been used as a reference by other protocols. However, the Chainlink oracle, which provides price feeds for various DeFi protocols, quoted the lowest price at that time as $0.59.

Oracles

Blockchain oracles play a critical role in enabling the execution of agreements through smart contracts. While smart contracts are self-governing programs operating on the blockchain, their ability to interact with deterministic off-chain systems poses complexity. Deterministic systems produce expected results based on specific inputs and static states. Blockchains aim for consensus on basic binary questions relying on data already stored in their ledgers. However, incorporating off-chain data directly into blockchains would disrupt determinism, as off-chain data is subject to frequent changes. This would hinder consensus among nodes and undermine the distributed nature of blockchain.

Oracles solve this problem by pulling external data and relaying it to blockchains for use in smart contracts. By doing so, they allow blockchains to securely utilize off-chain data without compromising consensus. Nonetheless, the use of oracles introduces challenges, including the potential for incorrect or manipulated data inputs. Centralized oracles can act as single points of failure and raise trust concerns. To address these issues, multiple oracles can be used to provide redundant data, and decentralized oracles offer tamper-proof and transparent data sourcing through distributed networks of nodes.

There are two broad categories of oracles: centralized and decentralized. Centralized oracles serve as single sources of truth, controlled by a single entity, and provide data to smart contracts. They offer faster data retrieval and greater control but face drawbacks such as single points of failure and lack of transparency. Decentralized oracles, on the other hand, leverage networks of nodes to securely access and validate external data. They offer advantages like no single point of failure, transparency, and censorship resistance. However, they can be more complex to set up and may have scalability limitations.

Chainlink's Role

Chainlink is a chain-agnostic and API-agnostic decentralized oracle network initially built on Ethereum. Chainlink’ss designed to connect off-chain data sources, such as financial market data to on-chain smart contracts. “Oracles'' can be thought of as the bridge on which on-chain smart contracts access, retrieve, and verify data coming from outside of a blockchain. They also relay data and instructions from smart contracts to other off-chain systems. 

Oracles can, in theory, connect blockchains and their token incentive structures to nearly anything. Creating verifiable, trusted smart contracts tied to real-world identities could penetrate the voting, passport, and medical history industries. Creating access to reliable and accurate real-world data also opens the door for decentralized sports betting, prediction markets, and insurance, representing trillions in combined economic activity. 

Chainlink puts forth its solution to the oracle problem by connecting different blockchains to the off-chain world while providing “reliable tamper-proof inputs and outputs for complex smart contracts on any blockchain.” In addition, Chainlink aims to become the standard for interacting with other off-chain services, such as payment gateways for use cases, including financial data, financial agreements, insurance, and more.

As an oracle, the solution it offers is trustless connectivity to any API endpoint, including off-chain data sources such as web APIs, data and price feeds, bank or retail payment systems, events data, sports data, market data, IoT, or biometric sensors to a blockchain by retrieving and verifying data originating outside the network. These off-chain data sources are important for various financial services, such as collateral-backed loans and the settlement of derivatives prices.

Chainlink's price feed is determined by a weighted quote of Centralized Exchange (CEX) price and Decentralized Exchange (DEX) price. Since Uniswap's CRV liquidity pool is relatively small, the Chainlink quote did not rely on the Uniswap price. This crucial distinction saved numerous other DeFi lending protocols from cascade liquidation.

The incident highlights the importance of reliable and robust oracle solutions in the DeFi space. Chainlink's ability to provide an accurate price feed, despite extreme market volatility, acted as a safeguard against potential disruptions in the DeFi ecosystem.

Conclusion

The recent exploit involving Curve and other protocols serves as a stark reminder of the risks inherent in the rapidly evolving DeFi space. While the innovation and potential rewards are substantial, the complexities of smart contract coding and the interdependencies between various protocols can lead to unforeseen vulnerabilities.

The incident also underscores the vital role that oracles like Chainlink play in maintaining stability and integrity within the DeFi ecosystem. As the space continues to grow and mature, the need for rigorous security measures, comprehensive code audits, and robust infrastructure will become increasingly paramount.

For cryptocurrency investors and users, understanding the dynamics of the DeFi ecosystem and the potential risks involved is essential. Vigilance, due diligence, and a nuanced understanding of the underlying technology can go a long way in mitigating risks and harnessing the transformative potential of decentralized finance.

How do you rate this article?

106


Michael @ CryptoEQ
Michael @ CryptoEQ

I am a Co-Founder and Lead Analyst at CryptoEQ. Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.


CryptoEQ
CryptoEQ

Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.