PSA: Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks. The investigation is ongoing but any project relying on these versions should immediately reach out to us.
— Vyper (@vyperlang) July 30, 2023
Certain type of Curve factory pool is encountering read-only reentrancy attack and causing a total loss of $11m(@JPEGd_69) + $13m(@AlchemixFi) + …
Initial investigation founds that vyper compiler (0.2.15) doesn’t implement the reentrancy guard correctly.
add_liquidity and… pic.twitter.com/avaHdtSFsm
— Tony KΞ (@tonyke_bot) July 30, 2023
Curve forks report exploits
A small number of stablepools with BNB using an old Vyper compiler have been exploited.
We are assessing the situation and will update the community on any further findings. https://t.co/pxkhRRSr5w
— Ellipsis (@Ellipsisfi) July 30, 2023
To mitigate contagion risks all positions have been promptly removed from Curve / Convex until further notice.
The treasury exposure to the @AlchemixFi alETH/ETH pool is 429.6 ETH. We are monitoring the situation, more information soon. https://t.co/wewmvWavwM
— Auxo (@AuxoDAO) July 30, 2023
Stay on top of crypto news, get daily updates in your inbox.
Source: https://decrypt.co/150679/defi-contagion-curve-finance-exploit-ripples-across-industry