There are ERC-777 security vulnerabilities in some liquidity pools of Curve, and the official said that the relevant pools have been abandoned

PANews reported on August 3 that the security team Decurity discovered that the Curve pbtc-sbtc-f liquidity pool uses ERC-777 Callback, which may pose a risk of reentrancy attacks. Decurity also noted that white-hat attacker c0ffeebabe.eth has exploited this vulnerability to conduct a $1,900 attack. The Curve official team later acknowledged the breach, saying it was the old pBTC pool, which had been deprecated, but still had a small amount of funds remaining in it. This is all due to the same vulnerability in the ERC-777 design.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Share
Comment
0/400
No comments
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)