Curve Exploit Post Mortem

Alchemix Finance
4 min readSep 21, 2023

--

Summary

On July 30th, 2023, Curve contacted the Alchemix team alerting us of a vulnerability in several of their pools, including our alETH — ETH pool.

The Alchemix Multisig team immediately started work to pull AMO-owned liquidity from the affected pool, and they successfully removed 8,027 alETH before the remainder of the pool was drained by the exploiter.

The funds stolen by the exploiter consisted of 4,821 alETH and 7,258 ETH.

Details of Vulnerability & Fix

The exploit was a result of a latent vulnerability in the Vyper compiler, which was used to create the affected Curve pools. The bug was present in versions 0.2.15, 0.2.16, and 0.3.0. The bug was patched in version 0.3.1, but Vyper were not aware of the impact of using the vulnerable compilers at the time.

All future alAsset pools deployed by Curve will be using Vyper version 0.3.1 and above, and they will no longer have this vulnerability.

Chronology

Some times are estimated.

July 30th, 2023:
14:49 UTC — Curve contacted the Alchemix team alerting us to a vulnerability in our alETH — ETH pool

14:55 UTC — The Alchemix Multisig team met and immediately started to remove liquidity from the affected pool.

15:21 UTC — 8027 alETH was unstaked and removed from the pool.(1-2)
Due to the nature of the AMO, a balanced complete withdrawal is only possible with the sweep function, which removes the entirety of the funds to the Multisig. This is behind a timelock function, so given the time-sensitive nature of the vulnerability, the only practical possible functions to withdraw liquidity and keep it in the AMO contract were to withdraw funds single sided (as alETH or ETH). alETH was done first to balance the pool, with the intent to withdraw the remainder as ETH in a follow-up transaction. The pool was drained while submitting txn for ETH withdrawal.

15:34 — 4,821 alETH and 7,258 ETH in the pool was removed by the exploiter.(3)

15:34 — The remaining 3,856 alETH left in the pool was removed by an arbitrage bot. The net result of the exploiter and arbitrage bot resulted in a partial loss of backing to alETH of approximately 5,000 ETH.(4)

~18:00 UTC — Out of an abundance of caution, the Multisig team paused the alETH Transmuter, Disabled Yield tokens and bridging.(5–18)

August 4th-5th, 2023:
13:21 onwards — The exploiter returned all alETH stolen from the LP over several transactions.(19–21)

14:20 onwards — Hacker returned all ETH stolen from the LP over several transactions.(22–26)

Moving forward

Alchemix is working with Curve to analyze LP positions prior to the attack and develop a compensation plan. The exact nature of compensation will include returning the recovered funds to LPers (including the Alchemix AMO), as well as potential compensation from Curve in the form of vested CRV tokens.

alETH vaults have been unpaused, and all yield flow, repays, and self-liquidations have been redirected to the AMO contract per AIP-97.(27)

Some Arbitrageurs have returned profits, and we are continuing to reach out to others.(28)

Stuck bridgers were partially reimbursed, as per AIP-96.(29)

Thank you

We’d like to extend a huge thank-you to everyone involved in the recovery of these funds. We couldn’t have done it without you.

Our advisors and collaborators in no specific order:

Ogle
Ogle Security
X\Tg: @cryptogle
https://oglesecurity.com

Alicia Katz
Polygon
X: @aliciakatz

Igor Igamberdiev
Head of Research at Wintermute
X: @FrankResearcher

Banteg
Yearn Finance
X: @bantg

Michael Egorov
Curve Finance
X: @newmichwill

Green Jeff
Head of Strat @ Vesper,
Co-founder @ Metronome Governor DAO
X: @jeffthedunker

Jordan Kruger
Metronome CEO/Co-founder
X: @jordanjkruger

MEV BOT White hats
0x8f7a1943103C0eE486Cc7f289325124e14732f5e
0xa19E4Fec1624c87fE0DD307103Ffc5923cE89BeF

Resources

Etherscan links

1 — Unstake LP from Convex
https://etherscan.io/tx/0x3d92f0152b582304b3068d9c779d4793152703a9baf3d4c4ce0e0a8a7161a4ef

2 — Remove alETH
https://etherscan.io/tx/0x20d00acdfbaeffa5fe618ecbcbb8c13df80133cb6d964f9a7ab6a5a7b0d796f3

3 — Hacker drained all ETH and part of the alETH from pool
https://etherscan.io/tx/0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801

4 — Arbitrage bot removed the remaining alETH from the pool
https://etherscan.io/tx/0x0774e5a648c94140fb1956fd754937ca3937d12fbd2fd89a7f8c9cbbb68adb22

5 — Disable OP bridge
https://optimistic.etherscan.io/tx/0x39516caa0e6b45049c6b9bcb66bcfd438f4f96e2c2a36c2c3e1c3560ef39822c

6 — Pause USDC transmuter
https://etherscan.io/tx/0x4fa45974bfdc2080cf2a25d76e739cf483f4bd4553e7c05a094a45ecde5ff5da

7 — Pause DAI transmute
https://etherscan.io/tx/0x762843907360e4eb69a0b9ec85045d6eb71dab57f3eb4628ee187be3fe61c8e4

8 — Pause USDT transmuter
https://etherscan.io/tx/0x3c4937b9a0c0ceb32c88663a1440e22ae02842a720f26cc919c37eac8d2259c2

https://etherscan.io/tx/0x0040eb17bb59a80790742d37606988530105e3d7415056c4346affb64416f60a

9 — Pause ETH transmuter
https://etherscan.io/tx/0x00e4c54f791f3895c7910dccc5ec6b315a1cced1a9d4f465947996b64a27378c

10 — Pause FRAX transmuter
https://etherscan.io/tx/0x219b32f06148459a549f1862dbffce5176a9ffef67f13f2bffcbdb7d5538c4ea

11 — Disable yvwETH Yield token
https://etherscan.io/tx/0x136f7ccd916a7e8319a40652fe2bf3253d48a5a4dcc8131ba40902ef4624ce8e

12 — Disable wstETH Yield token
https://etherscan.io/tx/0xde6689412ef89edaa79ea70697b263deb3a19c3ca4ee5bf4698786718b872ac3

13 — Disable WETH Yield token
https://etherscan.io/tx/0x4cc6c0f0b068e8232a709e1ff481bcb20aa2c321fe7e09a05380a163dc9ee393

14 — Disable s_aWETH Yield token
https://etherscan.io/tx/0xdfa914fd2ae59c98eaf919dd2b01c83a93aef438f6b94b33bd434f69f92c8ec1

15 — Disable rETH Yield token
https://etherscan.io/tx/0x07831e8686ccd08503e936b2e9b4968c70552e69c2f23b95133be9d429f0ff73

16 — Disable rETH Yield token
https://etherscan.io/tx/0xec199a73bedc844597319495695a670d90325fe4f8923c9b4f66ccd544480b39

17 — Disable vaETH Yield token
https://etherscan.io/tx/0xd36239f88efe87a65cd5d148cee8962f52c14ff3ae173665882330d903375c94

18 — Disable SfrxETH Yield token
https://etherscan.io/tx/0xfbd64bc4380eb0f86835747e6d447c5119c42542e650863a584b9e17adae5e33

19 — Curve pool hacker alETH return #1
https://etherscan.io/tx/0x4197ed0ef9b60ab1cacdc31d6d3ce06413b333b14b8947be5c0cfe29cb88b088

20 — Curve pool hacker alETH return #2
https://etherscan.io/tx/0xaf7d9a75b66118d76383406259c5860afae1a4ecd0c058593da05a2613b18fc2

21 — Curve pool hacker alETH return #3
https://etherscan.io/tx/0x9d0b241e96cb8a2fcd181e1af6c6d4e52b193190209ab028ddf174fd6b184b44

22 — Curve pool hacker ETH return #1
https://etherscan.io/tx/0x25bc0a257301b4168e2e1862669c68dacb46aace6921f9efc6dd152c040a45c2

23 — Curve pool hacker ETH return #2
https://etherscan.io/tx/0x4ab8367b391ad733ab98433f51f2c4d56cec93941d31c9d19b0e3ff6e8771639

24 — Curve pool hacker ETH return #3
https://etherscan.io/tx/0xfa8560f76f1f4ac1a4ed5bb0bded5afc0e9d7aee8b2e098e3fe92c28088aadec

25 — Curve pool hacker ETH return #4
https://etherscan.io/tx/0xfb647fd4e2df611e9c3178c169ded85699284845aeb6a5be5a612ce2ace8d2cb

26 — Curve pool hacker ETH return #5
https://etherscan.io/tx/0xdbf1d8dca9858119e3852d52f18821754640013d9914d692589b13f8181a08e8

27 — AIP-97
https://snapshot.org/#/alchemixstakers.eth/proposal/0xdc4bc3e2770a6f6eab58f5b9d2891eaec1d658676107a2612fdb86eddc71f616

28 — Arbitrage profit returns tweet thread.
https://twitter.com/AlchemixFi/status/1698687135510073514

29 — AIP-96
https://snapshot.org/#/alchemixstakers.eth/proposal/0x91b3e83519dab3dc6f4de1b9c23732d6a390a4cbe014a2cbfd1b3518a30799bb

--

--

No responses yet