Curve or ERC-777 may have security vulnerabilities, and the official response states that the related funding pool has long been abandoned.
2023-08-02 15:54
Odaily News: Today, the security team Decurity discovered another security vulnerability in the Curve platform. Curve uses ERC-777 Callback in some token markets' smart contracts, which poses a security risk and may be susceptible to reentrancy attacks.
Decurity also pointed out that a MEV robot has already exploited this vulnerability to carry out an attack worth $1900. In response, Curve officials stated that this issue is a legacy problem. The attack occurred in the pBTC pool, which had already been deprecated and only had a small amount of remaining funds in the contract.
It is currently unclear whether other fund pools have similar security risks.
Decurity also pointed out that a MEV robot has already exploited this vulnerability to carry out an attack worth $1900. In response, Curve officials stated that this issue is a legacy problem. The attack occurred in the pBTC pool, which had already been deprecated and only had a small amount of remaining funds in the contract.
It is currently unclear whether other fund pools have similar security risks.
Recommended Articles
