The Curve ecosystem just witnessed a malicious, coordinated attack due to a faulty vyper contract on all affected pools at JPEG'd, Alchemix, and Metronome.

A number of pools using Vyper 0.2.15, 0.2.16, and 0.3.0 have been exploited due to a malfunctioning reentrancy lock, targeting at least four liquidity pools on Curve Finance protocol.

The targeted pools are aETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH, with

• Alchemix's alETH-ETH reporting outflows of $13.6 million,
• JPEGd’s pETH-ETH pool drained by $11.4 million,
• Metronome’s sETH-ETH pool hacked by $1.6 million and
• over 32 million in Curve DAO (CRV) tokens worth over $22 million drained.

The contract did not protect against manipulations of the exchange rate calculation via invalid inputs. This allowed profiting from price discrepancies across swaps.

The key functions involved in the exploit were likely:

-- flashLoan - borrow WETH
-- exchange - swap ETH for tokens at manipulated rate
-- withdraw - get more tokens than expected
-- repay flash loan for less ETH

Another Flash Loan + Arbitrage Exploit.

Let me walk you through this (Refer to the image below):

• The exploiter took an 80,000 $WETH flash loan from Balancer
• They provided 32,431 WETH as liquidity to Curve and received pETH-ETH LP tokens.
• More WETH was provided to Curve, minting 82,182 more LP tokens.
• 3,740 pETH was withdrawn by removing some Curve liquidity.
• The initial 32,431 Curve LP tokens were burned to remove that liquidity.
• Another 1,184 pETH was withdrawn by burning more Curve LP tokens.
• The exploiter then exploited the price difference between $pETH and $WETH on the JPEG'd protocol.
• 4,924 pETH was swapped for 4,285 WETH using JPEG'd's exchange.
• 80,000 WETH repaid to Balancer to return the flash loan.
• Subsequently, 6,106 WETH ~$11 million was retained as profit.

The same events happened with this Alchemic exploit as with JPEG'd (Refer to the image below):

• 40,000 WETH flash loaned from Balancer to Exploiter
• 19,895 $alETH-ETH LP tokens minted by providing $WETH liquidity to the alETH/ETH Curve pool
• 34,277 more alETH-ETH LP tokens minted by providing additional liquidity to the same Curve pool
• 4,821 alETH withdrawn from Alchemix by removing some liquidity
• 19,895 alETH-ETH LP tokens burned to remove initial liquidity from the Curve alETH/ETH pool
• 15,910 more alETH-ETH LP tokens burned to remove the rest of the liquidity from the same Curve pool
• 40,000 WETH repaid to Balancer to repay flash loan
• 7,258 WETH (~$13.6M worth) is withdrawn as profit and sent to the attacker's wallet.

By providing and removing ETH liquidity from Curve, the attacker was able to profit from price discrepancies across the protocols using the flash-loaned ETH while repaying the original loan amount in the end.

There's no validation on the exchange amounts or slippage protection:

• When swapping tokens in unknownf04f2707(), there is no check that the exchange is happening at fair market prices
• The attacker could manipulate the exchange to effectively get more assets than they should
• The contract directly interfaces with the WETH contract to withdraw/deposit ETH
• This enables taking flash loans of ETH in the form of WETH

::UPDATE

Many questioned that this type of trade keeps happening in TradFi, and the trader is considered a genius afterward.

Here are my thoughts:

It's a nuanced debate, for sure. If these opportunities exist due to "incorrect" code, are such traders, or are we ethically obligated not to use them?

But I would still argue that this was an exploit:

• $11 million in profit from a $75 million flash loan is hard to justify as "fair" arbitrage. This wasn't the only one. Alchemix & Metronome were exploited in the same way.
• There was also minimal risk taken relative to their profits. Typical arbitrage takes on real financial risk. Because if this flash loan attempt had failed, there would have been no loss for the exploiter as everything is reverted back in the same transaction, compared to when in TradFi, it would be a completely different picture.
• Again, a single trader couldn't usually cause such price distortions in TradFi.

I don't disagree with the thought completely, but the trades were not morally sound.

In DeFi, the ability to revert the entire transaction, if unsuccessful, creates a fundamentally different risk profile.

So, comparing with what could have/would have happened with TradFi does not make sense.

Thank you for reading, and follow me here and on Twitter for more regular post updates.

If you find my work resourceful, please consider donating to 0xd95d4b14dcfa941bf916255b3624c0bfb22166c8 (Ethereum/Optimism/Arbitrum/BSC chain).

I’d also appreciate it if you shared this with your friends, who would enjoy reading this.

You can find my other research & investment thesis here: https://bit.ly/3CjMvoA

Thank you.