Curve Exploit Post Mortem
Summary
On July 30th, 2023, Curve contacted the Alchemix team alerting us of a vulnerability in several of their pools, including our alETH — ETH pool.
The Alchemix Multisig team immediately started work to pull AMO-owned liquidity from the affected pool, and they successfully removed 8,027 alETH before the remainder of the pool was drained by the exploiter.
The funds stolen by the exploiter consisted of 4,821 alETH and 7,258 ETH.
Details of Vulnerability & Fix
The exploit was a result of a latent vulnerability in the Vyper compiler, which was used to create the affected Curve pools. The bug was present in versions 0.2.15, 0.2.16, and 0.3.0. The bug was patched in version 0.3.1, but Vyper were not aware of the impact of using the vulnerable compilers at the time.
All future alAsset pools deployed by Curve will be using Vyper version 0.3.1 and above, and they will no longer have this vulnerability.
Chronology
Some times are estimated.
July 30th, 2023:
14:49 UTC — Curve contacted the Alchemix team alerting us to a vulnerability in our alETH — ETH pool
14:55 UTC — The Alchemix Multisig team met and immediately started to remove liquidity from the affected pool.
15:21 UTC — 8027 alETH was unstaked and removed from the pool.(1-2)
Due to the nature of the AMO, a balanced complete withdrawal is only possible with the sweep function, which removes the entirety of the funds to the Multisig. This is behind a timelock function, so given the time-sensitive nature of the vulnerability, the only practical possible functions to withdraw liquidity and keep it in the AMO contract were to withdraw funds single sided (as alETH or ETH). alETH was done first to balance the pool, with the intent to withdraw the remainder as ETH in a follow-up transaction. The pool was drained while submitting txn for ETH withdrawal.
15:34 — 4,821 alETH and 7,258 ETH in the pool was removed by the exploiter.(3)
15:34 — The remaining 3,856 alETH left in the pool was removed by an arbitrage bot. The net result of the exploiter and arbitrage bot resulted in a partial loss of backing to alETH of approximately 5,000 ETH.(4)
~18:00 UTC — Out of an abundance of caution, the Multisig team paused the alETH Transmuter, Disabled Yield tokens and bridging.(5–18)
August 4th-5th, 2023:
13:21 onwards — The exploiter returned all alETH stolen from the LP over several transactions.(19–21)
14:20 onwards — Hacker returned all ETH stolen from the LP over several transactions.(22–26)
Moving forward
Alchemix is working with Curve to analyze LP positions prior to the attack and develop a compensation plan. The exact nature of compensation will include returning the recovered funds to LPers (including the Alchemix AMO), as well as potential compensation from Curve in the form of vested CRV tokens.
alETH vaults have been unpaused, and all yield flow, repays, and self-liquidations have been redirected to the AMO contract per AIP-97.(27)
Some Arbitrageurs have returned profits, and we are continuing to reach out to others.(28)
Stuck bridgers were partially reimbursed, as per AIP-96.(29)
Thank you
We’d like to extend a huge thank-you to everyone involved in the recovery of these funds. We couldn’t have done it without you.
Our advisors and collaborators in no specific order:
Ogle
Ogle Security
X\Tg: @cryptogle
https://oglesecurity.com
Alicia Katz
Polygon
X: @aliciakatz
Igor Igamberdiev
Head of Research at Wintermute
X: @FrankResearcher
Banteg
Yearn Finance
X: @bantg
Michael Egorov
Curve Finance
X: @newmichwill
Green Jeff
Head of Strat @ Vesper,
Co-founder @ Metronome Governor DAO
X: @jeffthedunker
Jordan Kruger
Metronome CEO/Co-founder
X: @jordanjkruger
MEV BOT White hats
0x8f7a1943103C0eE486Cc7f289325124e14732f5e
0xa19E4Fec1624c87fE0DD307103Ffc5923cE89BeF
Resources
Etherscan links
1 — Unstake LP from Convex
https://etherscan.io/tx/0x3d92f0152b582304b3068d9c779d4793152703a9baf3d4c4ce0e0a8a7161a4ef
2 — Remove alETH
https://etherscan.io/tx/0x20d00acdfbaeffa5fe618ecbcbb8c13df80133cb6d964f9a7ab6a5a7b0d796f3
3 — Hacker drained all ETH and part of the alETH from pool
https://etherscan.io/tx/0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801
4 — Arbitrage bot removed the remaining alETH from the pool
https://etherscan.io/tx/0x0774e5a648c94140fb1956fd754937ca3937d12fbd2fd89a7f8c9cbbb68adb22
5 — Disable OP bridge
https://optimistic.etherscan.io/tx/0x39516caa0e6b45049c6b9bcb66bcfd438f4f96e2c2a36c2c3e1c3560ef39822c
6 — Pause USDC transmuter
https://etherscan.io/tx/0x4fa45974bfdc2080cf2a25d76e739cf483f4bd4553e7c05a094a45ecde5ff5da
7 — Pause DAI transmute
https://etherscan.io/tx/0x762843907360e4eb69a0b9ec85045d6eb71dab57f3eb4628ee187be3fe61c8e4
8 — Pause USDT transmuter
https://etherscan.io/tx/0x3c4937b9a0c0ceb32c88663a1440e22ae02842a720f26cc919c37eac8d2259c2
https://etherscan.io/tx/0x0040eb17bb59a80790742d37606988530105e3d7415056c4346affb64416f60a
9 — Pause ETH transmuter
https://etherscan.io/tx/0x00e4c54f791f3895c7910dccc5ec6b315a1cced1a9d4f465947996b64a27378c
10 — Pause FRAX transmuter
https://etherscan.io/tx/0x219b32f06148459a549f1862dbffce5176a9ffef67f13f2bffcbdb7d5538c4ea
11 — Disable yvwETH Yield token
https://etherscan.io/tx/0x136f7ccd916a7e8319a40652fe2bf3253d48a5a4dcc8131ba40902ef4624ce8e
12 — Disable wstETH Yield token
https://etherscan.io/tx/0xde6689412ef89edaa79ea70697b263deb3a19c3ca4ee5bf4698786718b872ac3
13 — Disable WETH Yield token
https://etherscan.io/tx/0x4cc6c0f0b068e8232a709e1ff481bcb20aa2c321fe7e09a05380a163dc9ee393
14 — Disable s_aWETH Yield token
https://etherscan.io/tx/0xdfa914fd2ae59c98eaf919dd2b01c83a93aef438f6b94b33bd434f69f92c8ec1
15 — Disable rETH Yield token
https://etherscan.io/tx/0x07831e8686ccd08503e936b2e9b4968c70552e69c2f23b95133be9d429f0ff73
16 — Disable rETH Yield token
https://etherscan.io/tx/0xec199a73bedc844597319495695a670d90325fe4f8923c9b4f66ccd544480b39
17 — Disable vaETH Yield token
https://etherscan.io/tx/0xd36239f88efe87a65cd5d148cee8962f52c14ff3ae173665882330d903375c94
18 — Disable SfrxETH Yield token
https://etherscan.io/tx/0xfbd64bc4380eb0f86835747e6d447c5119c42542e650863a584b9e17adae5e33
19 — Curve pool hacker alETH return #1
https://etherscan.io/tx/0x4197ed0ef9b60ab1cacdc31d6d3ce06413b333b14b8947be5c0cfe29cb88b088
20 — Curve pool hacker alETH return #2
https://etherscan.io/tx/0xaf7d9a75b66118d76383406259c5860afae1a4ecd0c058593da05a2613b18fc2
21 — Curve pool hacker alETH return #3
https://etherscan.io/tx/0x9d0b241e96cb8a2fcd181e1af6c6d4e52b193190209ab028ddf174fd6b184b44
22 — Curve pool hacker ETH return #1
https://etherscan.io/tx/0x25bc0a257301b4168e2e1862669c68dacb46aace6921f9efc6dd152c040a45c2
23 — Curve pool hacker ETH return #2
https://etherscan.io/tx/0x4ab8367b391ad733ab98433f51f2c4d56cec93941d31c9d19b0e3ff6e8771639
24 — Curve pool hacker ETH return #3
https://etherscan.io/tx/0xfa8560f76f1f4ac1a4ed5bb0bded5afc0e9d7aee8b2e098e3fe92c28088aadec
25 — Curve pool hacker ETH return #4
https://etherscan.io/tx/0xfb647fd4e2df611e9c3178c169ded85699284845aeb6a5be5a612ce2ace8d2cb
26 — Curve pool hacker ETH return #5
https://etherscan.io/tx/0xdbf1d8dca9858119e3852d52f18821754640013d9914d692589b13f8181a08e8
28 — Arbitrage profit returns tweet thread.
https://twitter.com/AlchemixFi/status/1698687135510073514