VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Curve Finance tweeted that a vulnerability was found in the Pool Factory v1 version of the fund pool, and it is recommended that v1 users use crv.finance to withdraw funds immediately. Curve.fi and Pool Factory v2 fund pools do not respond. But it only affects the v1 pool, and hackers cannot use it to steal user funds. Attack method (per SlowMist): Contract Vulnerability. Reported loss: -.
Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Curve Finance
- bug_class
- logic
- date_occurred
- 2021-03-05
- loss_usd
- —
- source_id
- sm:curve-finance::2021-03-05
Related — same bug class· logic