A reentrancy vulnerability was discovered in Curve Finance’s factory pools that led to significant outflows of over $26 million for projects such as JPEGd, Metronome and Alchemix.
BlockSec estimates total outflows from this security incident on Curve pools to be around $41 million.
This critical security flaw, which occurs when a contract’s external call is mistakenly called back before its completion, enabled the attacker to steal funds or exploit the contract’s logic.
Curve Finance is a DEX that offers efficient trading of stablecoins and also provides a standardized framework or “factory” where new liquidity pools can be created.
This system allows projects or individuals to launch their own liquidity pools using Curve’s infrastructure without requiring permission from Curve.
