DESCRIPTION OF EVENTS
"Curve is a decentralized, UniSwap-like exchange for stablecoins. By focusing on stablecoins, it’s able to offer traders extremely low slippage, and liquidity providers enjoy little-to-no impermanent loss." "As is the case with many other decentralized finance protocols, Curve wasn’t fully decentralized at launch, run by the Curve team, led by Michael Egorov, the founder of NuCypher with a Ph.D. in Physics."
"Curve supports DAI, USDC, USDT, TUSD, BUSD and sUSD, as well as BTC pairs, and it lets you trade between these pairs extremely quickly and efficiently. When stablecoins or stable assets are involved, Curve’s prices are usually the best in the business."
“The key aspect of Curve is its market-making algorithm, which can provide 100-1000 times higher market depth than Uniswap or Balancer for the same total value locked. This dynamic helps both traders and liquidity providers because fundamental returns for those are higher than on Uniswap and alike by the same factor as the market depth.”
"Curve’s stablecoin swapping mechanism and yield integration mechanism has been audited by Trail of Bits." "Curve smart contracts were audited by Trail of Bits but it’s worth noting that audits don’t eliminate risks entirely."
"Providing liquidity on Curve doesn't come without risks. Before making a deposit, it is best to research and understand the risks involved."
"In March, a sUSD incentivized pool was launched with Synthetix. The trial was overwhelmingly successful as, while having smaller value in the pool, the pool was providing a much deeper liquidity than sETH/ETH Uniswap pool."
"[T]here is a possibility for the contract could potentially be slowly drained. In fact, we've drained 0.1 cent from it (and returned back)."
"The vulnerability in this call wasn't introduced by the changes in this function: it was introduced by the lack of those. A reader could notice that everything in exchange_underlying() works while using rate_i and rate_j, however those shouldn't be used when one of the coins is Y token which cannot be "unwrapped" into one single stablecoin. Using exchange_underlying() could lead to getting more coins than expected by factor of virtual_price which was about 1.014 at the time. This haven't been noticed before because iearn's zap which was used for exchanges used safe exchange() method."
"As soon as we've noticed the issue, we've contacted Synthetix team and quickly shut down the pool using the available kill_me() method. The kill_me() method is usable only during the first 2 months from the pool launch, and that time is supposed to be used for extensive safety tests."
"Critical vulnerability found by Curve team in sUSD contract. All the vulnerable methods are disabled: funds are safe, no loss has happened. Please withdraw your funds and wait for a new contract to be deployed, and the changes to be audited." "The Curve team has paused the pool so no funds are at risk."
"If anything, this really wasn't a miss by @trailofbits - those were few unaudited lines which caused the issue in the place where there were no changes."
"The pool was relaunched in a different format - a very more simple contract, fully audited by Trail of Bits (no changes after audit), and no lending."
Curve Finance is a decentralized smart contract to enable easy switching from one stablecoin to another.
As part of the exchange setup, liquidity pools are required. These were stored in a smart contract hot wallet, and an exploit was found.
However, the exploit was found by an honest white hacker who returned the funds, and the contract liquidity pool was relaunched with a new smart contract.
HOW COULD THIS HAVE BEEN PREVENTED?
In this case, no user funds were lost.
In general, simpler multi-signature setups are more secure than complex smart contracts. When funds are stored "online", they can more easily be taken. There has been minimal exploits of offline multi-signature wallets.
List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community (Jun 22)
@CurveFinance Twitter (Jun 21)
sUSD withdraw - YouTube (Jun 21)
How Curve hacked Curve (Jul 28)
sUSD Curve pool vulnerability & next steps (Jul 28)
FYI: Critical vulnerability found in CURVE sUSD pool contract - no fund loss - pool frozen - If you were in, WITHDRAW ASAP : synthetix_io (Jul 28)
Curve.fi (Jul 28)
What Is Curve Finance (May 24)
What Is Curve Finance (CRV)? A Look At Ethereum's Latest DeFi Token (May 24)
Trail Of Bits Audit Report Curve Finance (Jul 28)
Trail Of Bits Audit Report - Wayback Machine (Jul 28)
Security - Curve Finance (Jul 28)