On July 31, 2023, according to Secure3, a blockchain security audit contest platform, multiple protocols including Curve were attacked. Further analysis revealed that the root cause was vulnerabilities in the underlying Vyper compiler for the Ethereum smart contract programming language. Versions 0.2.15, 0.2.16 and 0.3.0 contained serious flaws, resulting in multiple attacks on projects like Curve Finance, Alchemix and JPEG’d, inflicting losses totaling around $70 million. The Secure3 security team determined that the fundamental reason behind the attacks was the failure of reentrancy locks in the vulnerable Vyper versions. Secure3’s security team analyzed the factors behind this incident.

Summary of Vulnerability Analysis

The root cause of the attacks stemmed from logical defects in the reentrancy lock implementation in Vyper versions 0.2.15, 0.2.16 and 0.3.0, which led to failure of the reentrancy locks. The reentrancy lock variables in different functions do not share the same storage location, resulting in ineffective protection against cross-function reentrancy attacks.

Attack Steps

1. The attacker first utilized flash loans to add liquidity into the pool and acquire LP tokens, then invoked the remove_liquidity function to drain liquidity. When assets were withdrawn, the fallback function was triggered to reenter the add_liquidity function and add liquidity again. The attacker profited by withdrawing assets from removing liquidity twice and then repaid the flash loans.
2. add_liquidity function used the total_supply before reentrancy when calculating the minted LP tokens, leading to miscalculation and excessive LP tokens. The attacker invoked remove_liquidity to redeem the excessive LP tokens and drained all LP tokens from the pool.
3. The key factor enabling the attack’s success was that the reentrancy lock variable was not shared. add_liquidity did not detect remove_liquidity’s reentrancy lock, resulting in failure of the reentrancy protection.

This vulnerability was subsequently fixed in Vyper 0.3.1 by making the reentrancy lock variables share the same storage slot.

Summary

The Secure3 security team recommends:

1. Projects based on the affected Vyper versions should immediately inspect contracts to confirm usage of vulnerable reentrancy locks, promptly suspend contracts, and evaluate needs for contract migration or patching.
2. Conduct professional smart contract security audits prior to deployment. Choose a reliable security audit firm like Secure3’s audit contest service, which can provide high-quality and comprehensive security audits to greatly reduce vulnerability risks.

About Secure3

Headquartered in Silicon Valley, Secure3 is an intelligent audit contest platform, aiming to reshape Web3 safety by providing efficient, affordable, and secure smart contract auditing services for all Web3 projects.

Secure3’s audit contest organizes decentralized certified auditors in the form of an audit competition. With 3–10x more auditors (compared to centralized auditing firms) working on the project independently, anonymously, and simultaneously, Secure3 has proven successful in providing cost-efficient and high-quality auditing services. In the past year, Secure3 has done over 100 projects including industry leaders, such as zkSync, Mantle, Manta Network, IoTeX, ParaSpace, MirrorWorld, etc.

Secure3 was incubated by Stanford StartX in 2022, and closed $5M seed funding from Mirana, GGV, Alumni Ventures, Hashkeys, etc.

• Website: https://www.secure3.io/
• Service Intro: http://secure3.io/intro
• All Audits Reports: https://www.secure3.io/reports
• Case Study: https://docs.para.space/para-space/external-audits