Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
On August 6, the Ethereum compiler Vyper released an analysis report on last week's vulnerability incidents: Prior to July 30, due to potential vulnerabilities in the Vyper compiler, multiple Curve liquidity pools were exploited. While the bug was identified and patched, the impact on protocols using the vulnerable compiler was not recognized at the time, nor were they explicitly notified. The vulnerability itself is an improperly implemented reentrancy prevention, and the affected Vype versions are v0.2.15, v0.2.16, v0.3.0. Vulnerability fixed and tested in v0.3.1, v0.3.1 and later are safe. Attack method (per SlowMist): Compiler Bug. Reported loss: -.
- chain
- ethereum
- protocol
- Vyper
- bug_class
- reentrancy
- date_occurred
- 2023-07-30
- loss_usd
- —
- source_id
- sm:vyper::2023-07-30