CEX price feed safeguards against $100M vulnerability to prevent Curve price collapse.

CEX price feed safeguards against $100M vulnerability to prevent Curve price collapse.

The Vulnerability in Curve Finance Liquidity Pools and Its Impact on the Blockchain Industry

In the fast-paced world of blockchain technology, even the most robust protocols can occasionally fall prey to vulnerabilities. One such incident occurred on July 30 when several Curve Finance liquidity pools were attacked due to a vulnerability found in the Vyper programming language. Vyper is a contract programming language created specifically for the Ethereum Virtual Machine (EVM). As a prominent decentralized finance (DeFi) protocol, Curve Finance’s key liquidity services were put at risk, with nearly $100 million worth of digital assets exposed to potential loss.

The vulnerability, discovered in versions 0.2.15, 0.2.16, and 0.3.0, caused a malfunctioning reentrancy lock. This flaw allowed the attackers to drain millions from four Curve pools: aETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH. Moreover, given the interconnected nature of the DeFi ecosystem, the ripple effect of these vulnerabilities could potentially extend to other protocols as well.

The Role of Vyper in Curve Finance

The vulnerability in Curve Finance liquidity pools can be traced back to the use of Vyper. Vyper, specifically designed for the EVM, offers advantages such as simplicity and enhanced security. However, as with any piece of technology, vulnerabilities can emerge. In this case, the reentrancy issue was associated with the use of ‘use_eth’, which put the WETH-related pools in jeopardy.

The Impact on Curve Finance and the CRV Token

As news of the vulnerability spread, panic gripped the DeFi market, causing a significant drop in the price of Curve Finance’s native token, CRV. On decentralized exchanges, the price of CRV plummeted to $0.086. However, the situation was somewhat mitigated by the presence of centralized exchanges (CEXs). These exchanges, with their centralized price feeds, ensured that the CRV token traded at a significantly higher price of $0.60, preventing a complete collapse of its value.

The incident highlighted the significance of Chainlink’s oracle system, which Curve pools rely on for obtaining accurate price data. The inclusion of centralized exchange price feeds in these oracles proved to be a crucial factor in preventing the token’s complete devaluation. Interestingly, this ironic turn of events caught the attention of Binance CEO Changpeng Zhao, who found humor in the fact that it was, in the end, a CEX price feed that saved the DeFi protocol.

The use of Chainlink’s oracle system in Curve pools plays a vital role in securing accurate and timely pricing data. By incorporating price feeds from various sources, including centralized exchanges, the oracle system provides robust and reliable information to the DeFi protocols it supports. This incident served as a reminder of the critical role that oracles, such as Chainlink’s, play in the DeFi ecosystem.

The Response from Binance and the Importance of Code Upgrades

Binance, one of the world’s leading cryptocurrency exchanges, promptly addressed the Vyper vulnerability. Having updated their code to version 0.3.7 or above, Binance mitigated any potential impact of the vulnerability on its users. CEO Changpeng Zhao emphasized the importance of staying up-to-date with code libraries, applications, and operating systems, underscoring the need for continuous vigilance and proactive action in mitigating vulnerabilities.

The Nature of the Exploit and Possible Motivations

The bug found in the earlier versions of the Vyper code is believed to have existed for at least 1.5 years. The exploit indicates a high level of sophistication and resources invested by the attacker, raising suspicions that it might be a state-sponsored attack. A contributor to the Vyper program on Twitter hinted at the significant time and resources required to uncover such an exploit, adding weight to the possibility of a state-sponsored motive.


The vulnerability discovered in Curve Finance liquidity pools due to a flaw in the Vyper code served as a stark reminder of the challenges that even the most advanced blockchain protocols face. This incident attracted attention from both the blockchain and traditional financial sectors, exposing the vulnerability of DeFi protocols and highlighting the crucial role of oracles and centralized exchanges in securing the ecosystem.

As the blockchain industry continues to evolve, it is essential for developers and users to remain vigilant against vulnerabilities and regularly update their code libraries, applications, and operating systems. By doing so, they can ensure the continued growth and strength of the decentralized finance ecosystem, while safeguarding the value and security of digital assets.

We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!


Was this article helpful?

93 out of 132 found this helpful

Discover more


MT Capital Research Report | In-depth Analysis of Fren Pet FOMO as the Core Design, a Mining Game Disguised as a Pet Outfit

In essence, Fren Pet's pets can be understood as mining machines, constantly digging a portion of all players' expens...


$200M Mixin Network hack sparks controversy

The incident successfully targeted Mixin's highly secure centralized cloud servers.


Today in Crypto: Bank of Russia unveils CBDC logo, Revolut shuts down US crypto platform, US DoJ seeks to revoke bail for Sam Bankman-Fried and detain him.

Discover your daily, condensed update on the latest news in cryptoassets and blockchain – exploring the hidden storie...


Finance Redefined: A Fun and Furious Recap of DeFi Adventures

In the world of fashion, it's important to stay informed about the latest trends and happenings. This week, the top D...


DeFi hacks and scams in Q2 Over $204M lost.

The DeFi lending protocol Maple Finance has made the decision to provide direct loans to certain borrowers instead of...


Coinbase CEO supports DeFi, Polygon's $1B ZK-rollup proves successful.

Polygon has emerged as a leading advocate for zero-knowledge-proof-based rollups, empowering Ethereum with enhanced s...