August 01, 2023

Are Your Funds Safe? Vyper Reentrancy Vulnerability Causes $59 Million Loss in Multiple Projects

On the evening of July 30th, 2023, multiple projects encountered a dark moment.

At around 21:35 on July 30th, according to Beosin's EagleEye security risk monitoring, the NFT lending protocol JPEG'd was attacked.

While the Beosin security team was analyzing the situation, several other projects were attacked in succession.

At around 22:51 on July 30th, the msETH-ETH pool was raided by hackers.

At around 23:35 on July 30th, the alETH-ETH pool was also cracked using the same attack method.

Shortly after, liquidity pools belonging to DeFi projects Alchemix and Metronome were successively attacked.

The root reason of these multiple attacks is Vyper?

According to a tweet from the Ethereum programming language Vyper on July 31st, Vyper versions 0.2.15, 0.2.16, and 0.3.0 have vulnerabilities in their reentrancy locks. Combined with the ability of native ETH to call callback function during transfers, liquidity pools with native ETH created by these versions can be hacked by reentrancy attacks.

Curve's official Twitter then stated that many stablecoin pools (alETH/msETH/pETH) using Vyper 0.2.15 were attacked due to reentrancy lock failures, but other pools are safe.

Analysis by Beosin Security Team on the Attacked Projects.

Here are the relevant transactions related to the hacking incident:

●Attack Transaction:

0xc93eb238ff42632525e990119d3edc7775299a70b56e54d83ec4f53736400964 0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801




●Attacker's Address





●Attacked Contracts





Vulnerability Analysis

According to Beosin security team, the main cause of this attack was the failure of the reentrancy lock in Vyper 0.2.15. Attackers added liquidity by reentering the add_liquidity function when removing liquidity using the remove_liquidity function of the related liquidity pools. Due to the balance update occurring before reentry into the add_liquidity function, price calculation errors occurred.

Attack Process

We take the msETH-ETH-f pool attacked by transaction 0xc93eb238f as an example.

In the preparation stage, the hacker first flash loaned 10,000 ETH through the Balancer:Vault as attack funds.

Attack Stage

1.  In the first step, the attacker called the add_liquidity function to add the 5000 ETH flash loan to the pool.

2.  In the second step, the attacker called the remove_liquidity function to remove the ETH liquidity from the pool and then reentered the add_liquidity function to add liquidity.

3.  Due to the balance update occurring before reentry into the add_liquidity function, price calculation errors occurred. It is worth noting that both the remove_liquidity function and the add_liquidity function have used reentrancy locks to prevent reentry.

4.  Therefore, the reentrancy lock was not effective here. By reading the vulnerable Vyper code shown below, it can be found that when the name of the reentrancy lock appears for the second time, the original number of storage_slot will increase by 1. In other words, the slot that originally acquired the lock is 0, but after another function uses the lock, the slot becomes 1, and the reentrancy lock already fails.

Fix unused storage slots (#2439) · vyperlang/vyper@eae0eaf · GitHub

Funds Statistics

At the time of publication, the funds lost in this attack have exceeded $59 million. Beosin KYT has monitored that the c0ffeebabe.eth address has returned 2879 ETH, but the stolen funds remain on multiple attacker addresses.

Subsequent Impact

Regarding the impact of this event, on July 31st, Binance founder CZ tweeted that "CEX price feed saves DeFi." Binance users were not affected, and the Binance team checked on the Vyper reentrancy vulnerability. Binance only uses version 0.3.7 or above. It is important to keep the codebase, applications, and operating systems up to date.

On July 31st, Curve tweeted that due to problems with the Vyper compiler in versions 0.2.15-0.3.0, CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH were attacked by hackers. Additionally, the Arbitrum Tricrypto pool may also be affected. Auditors and Vyper developers have not yet found exploitable vulnerabilities, but users are advised to remove their liquidity from the pool.

It can be seen that the impact of this event has not yet ended, and users who have funds in these pools need to pay more attention.

Regarding this event, Beosin security team recommends that the reentrancy locks in Vyper versions 0.2.15, 0.2.16, and 0.3.0 all fail and related projects are advised to check for themselves. After a project is launched, it is strongly recommended that the project team continues to pay attention to vulnerability disclosures of third-party components/dependency libraries and timely avoid security risks.

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team, and set up offices in 10+ cities including Hong Kong, Singapore, Tokyo and Miami. With the mission of “Securing Blockchain Ecosystem”, Beosin provides “All-in-one” blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already provided security for 2000+ blockchain companies, audited more than 3000 smart contracts and protected our customers’ assets worth of $500 billion.


If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin

Related Project

Related Project Secure Score

Guess you like
Learn More
  • Eralend Suffers $3.4 Million in Losses from Attack. Will Hackers Return the Funds?

    July 31, 2023

  • Blockchain Security Monthly Recap of July: $415M lost in attacks

    August 02, 2023

  • Seoul Web3.0 Festival Kicked Off, as Exclusive Security Partner, Beosin Leads Korean Youth to Build

    August 02, 2023

  • Telegram bots, a powerful tool for degens or another story to be shilled?

    August 04, 2023

Join the community to discuss.