Convex Finance, a decentralized finance (DeFi) protocol for CRV token holders and Curve liquidity providers that boosts interest rewards, has patched a vulnerability that if executed would put $15 billion of total value locked in Convex at risk of a rug pull, OpenZeppelin reports.
Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world
The firm wrote in a blog post the vulnerability was first discovered in late 2021 as part of a security audit for Coinbase. Even though Convex documentation claimed that unsanctioned access was not possible, the auditors found that if two of the three signers of the Convex multi-sig executed a specific series of steps, those users "would be provided with unrestricted access" to liquidity provider tokens staked in a target pool.
Given that Convex Finance is a fully anonymous project, OpenZeppelin determined that the optimal approach was to reach out to bug bounty partner Immunefi for an introduction to an intermediary between OpenZeppelin and Convex.
As iHodl earlier reported, a sidechain called Ronin Network suffered a hacker attack in which $625 million in cryptocurrencies were stolen. According to Ronin developers, the hacker managed to steal 173,600 ETH, as well as $25.5 million in the stablecoin USDC.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange.