On Sunday July 29, 2023, Curve Finance was exploited due to a previously unknown re-entrancy bug in older Vyper compiler versions. Vyper is a programming language for EVM and the second most popular behind Solidity. Because Curve is coded in Vyper, it was vulnerable to the bug.
The bug only affected Curve pools where native ETH was used, as it has a callback function. White hat and black hat exploiters were able to snipe $69m worth of assets over the course of 8 hours. Currently $15m in assets have been returned, with the potential for more once communication channels are established with the hackers.
Frax Has Zero Exposure and Losses to the Curve Exploit
We want to state that Frax has ZERO exposure to this bug and no Frax Curve LPs are at risk. Frax did not lose any assets in this exploit and all protocol funds are safe and secure.
After the exploit, Frax removed all protocol owned liquidity from all Curve liquidity pools until a full post-mortem is conducted and all currently deployed liquidity pools are reviewed.
Sam Kazemian first wrote in the Telegram group about the protocol pulling frxETH AMO liquidity:
Out of an abundance of caution we've removed a good amount of the protocol controlled liquidity from frxETH-ETH pool to protect the protocol. The peg is fine and everything is solvent. We will periodically swap into the Curve pool to keep the frxETH peg tight as usual but the POL itself has been withdrawn safely with zero issues/losses. Please make sure people on Twitter/Discord do not have any false information about frxETH being affected by anything. There are no losses or issues, but until everything is sorted out and dust settles, we've acted quickly to keep everyone safe. Again, there are NO issues with frxETH or any losses. We've just withdrawn protocol controlled liquidity to be safe. That's all. Please don't get it mixed up. We're just acting fast and professionally for every Frax user's safety. There are NO issues or losses of any frxETH or protocol owned liquidity.
When asked about the frxETH peg health due to lower liquidity in the Curve pool Kazemian wrote:
The ETH that was used as protocol controlled liquidity is simply sitting idle for the next 2-3 days until we are sure everything is fine. That ETH can be used to defend the peg before a single valdiator is ejected. If necessary validators will be ejected to defend the peg but that is far, far from necessary. There's no losses or anything across any of the balance sheet for FRAX or frxETH so today's events do not economically affect the pegs of frxETH or FRAX.
Later in the day after all attacks had taken place he wrote:
Just to update on this, we've also removed AMO liquidity owned by the protocol in FRAX3CRV, FRAXUSDC, and FRAXUSDP out of an abundance of caution. We will add it again in the next 48 hours after we've done our own independent analysis of the Curve pools and are confident everything is completely safe. For now, there's more Uni v3 FRAXUSDC liquidity in the meantime. We want to reiterate again, there have been no losses or issues with FRAX or frxETH at this time. There have been no losses of collateral or balance sheet assets. We simply took extra caution to secure protocol owned liquidity/collateral. No other places such as Fraxlend or Fraxswap currently have any losses or issues at this time. We'll watch the CRV Fraxlend pair but as of now there is no bad debt nor is there any effect on that for the FRAX peg. We're watching everything around the clock so if anything changes we'll let everyone know. So far, no losses and no issues at least as of this writing.
Sam mentioned Fraxlend because one of the targets of the hack yesterday was the Curve CRV/ETH LP, which was completely drained for $25m over 3 transactions. This liquidity pool was the primary host for CRV liquidity. Michael, the founder of Curve, owns an incredible amount of CRV and has used it to take loans from several lending protocols, to include Aave and Fraxlend.
Now that the largest on-chain liquidity pool is fully drained, if Michael were to be liquidated, it is unlikely that his position could be sold without severe slippage. In this event, FRAX lenders might not recover their full deposit amount. In the case of a shortfall Fraxlend dynamically restructures the debt across all lenders. The shortfall percentage is equally applied to all lenders at the time of liquidation and applied to the virtual price of fFRAX.
Unlike Aave or Compound, Frax’s dynamic debt restructuring keeps the contract from being “bricked” as lenders rush to remove available liquidity as fast as they can. It’s a race to exits for lenders post-liquidation as whomever is last is stuck with “bad debt” and cannot withdraw any amount of assets from the pool.
Michael’s position on Fraxlend is especially precarious for two reasons.
First, all Fraxlend pairs are isolated pools. Depositors collateral cannot be rehypothecated and they cannot use cross-asset margin to bolster their position. Michael must fully pay down his debt to a level lenders find acceptable to fund.
The second problem for Michael is how fast the interest rates on Fraxlend rise based on utilization. Currently the CRV/FRAX Fraxlend pool is 100% utilized. All of the FRAX deposited into the contract has been borrowed by Michael. If Michael fails to pay down his debts, the high utilization ratio with skyrocket Fraxlend APRs, doubling every twelve hours.
Michael has started to pay down his Fraxlend debt and is keeping the interest rates under control at the moment, but it’s unclear how long this can continue, as Michael is starting to be stressed on Aave, where his largest borrowing position is. Overnight, stablecoin borrowing rates on Aave rose to 25%+. Unlike Fraxlend, where the borrowing pool is isolated, bad debt on Aave is socialized across the protocol. If Michael’s position is liquidated, resulting in bad debt, the DAO will sell AAVE on the open market to close the debt gap.
Frax doesn’t guarantee any of the shortfall with FXS or protocol funds. This has minimized FRAX risk to Michael’s CRV position almost non-existent. Kazemian stated in the Telegram chat that AMO exposure, or unbacked FRAX seeded into the lending pool, is only $100,000.
Chainlink to save the day
One saving grace for Michael has been the Chainlink oracles that almost all lending markets rely on. When the exploiter stole the 40m CRV, on-chain prices collapsed to near zero. However, Chainlink uses a variety of sources, centralized and decentralized, for its data feeds. Exchange prices for CRV have remained steady at $.63 since the exploit, preventing Michael’s position from being liquidated.
As of writing this, Michael’s liquidation price is $.40. He has deposited 59m CRV and borrowed 17.84m FRAX. His interest rate to borrow FRAX currently is 49%. The maximum interest rate for the lending pair is 10,000%. If utilization stays at this rate, the maximum APR will be reached in 3.5 days.
This Vyper exploit presents a stark reminder of how vulnerable the “blockchain stack” can be. This type of vulnerability was not easy to find and likely took months of carefully combing through code, showing the lengths hackers will go in a bear market to discover weaknesses. Language diversity is important for any system and we as a community must make sure that we prevent a monoculture coming about which would make the stack even more fragile. As the ramifications of this exploit play out in the coming months, thorough audits and time are necessary to build resiliency once again. This is not the first time DeFi has faced adversity and surely will not be the last, it’s all a matter of how DeFi bands together to grow stronger from here.