Curve Finance Vyper Reentrancy Hack — July 30, 2023
What Happened
On July 30, 2023, Curve Finance and several integrated protocols were hit by a reentrancy attack stemming from a 0-day bug in the Vyper compiler itself — not in the Curve contracts.
Root Cause: Vyper Compiler Bug
• Vyper versions 0.2.15, 0.2.16, and 0.3.0 failed to correctly implement the
@nonreentrant decorator (reentrancy guard).• The bug caused storage slot mismatch between the lock setter (
add_liquidity) and the lock checker (remove_liquidity), so the reentrancy lock did not actually prevent re-entry.• Attackers could repeatedly invoke add/remove sequences in a single tx, manipulating LP-token virtual-price math.
Attack Mechanics
1. Use flash loan as initial capital
2. Add asymmetric liquidity to Vyper-affected pool (3pool, sUSD, renBTC, sAAVE, JPEG'd pETH-ETH, Alchemix alETH-ETH, Metronome msETH-ETH)
3. Re-enter via fallback during liquidity addition (which should have been blocked by
@nonreentrant)4. Remove liquidity at inflated calculated rate
5. Repay flash loan, keep difference
Affected Pools / Projects
• Curve 3pool, sUSD, renBTC, saAAVE
• JPEG'd pETH-ETH ($11.5M — the first pool hit)
• Alchemix alETH-ETH ($22M)
• Metronome msETH-ETH ($1.6M)
• Curve CRV-ETH pool ($24M, attacked separately by an MEV searcher who returned funds)
Financial Impact
• Total estimated loss: ~$70M across all affected pools
• Curve TVL dropped from ~$3B to $1.5B within 24 hours
• CRV token fell ~30% to $0.48
• Egorov's CRV-collateralized loans on Aave/Frax came close to liquidation cascade — averted via OTC buyout deals
Remediation & Lessons
• White-hat MEV searcher (c0ffeebabe.eth) front-ran some attacks, returned $5.4M to Curve
• A bounty program led to partial returns from some attackers
• Vyper team issued patches; all major DeFi audited their Vyper deployments
• Showed how compiler-level bugs can be a systemic risk to multiple protocols simultaneously
References
• https://hackmd.io/@LlamaRisk/BJzSKHNjn (LlamaRisk official post-mortem)