{"id":19323,"date":"2024-05-01T14:00:28","date_gmt":"2024-05-01T14:00:28","guid":{"rendered":"https:\/\/coinengineer.io\/?p=19323"},"modified":"2024-05-01T12:38:45","modified_gmt":"2024-05-01T12:38:45","slug":"curve-finance-awarded-a-security-researcher","status":"publish","type":"post","link":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/","title":{"rendered":"Curve Finance Awarded a Security Researcher"},"content":{"rendered":"

Curve Finance<\/strong> awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability. A security researcher has been rewarded $250,000 for discovering a vulnerability that has allowed hackers to siphon millions of dollars from crypto protocols in the past.<\/p>\n

Pseudonymous cybersecurity researcher Marco Croc of Kupia Security has identified a reentrant vulnerability in decentralized finance (DeFi) protocol Curve Finance. In an X thread, he explained how the bug could be exploited to manipulate balances and withdraw funds from liquidity pools.<\/p>\n

Marco Croc explained that Curve Finance<\/a> acknowledges potential vulnerabilities and \u201crecognizes the severity of the vulnerability.\u201d After a thorough investigation, Curve Finance awarded Marco Croc the maximum error award of $250,000.<\/p>\n

According to Curve Finance<\/a>, the threat was not classified as “very dangerous” and they believed that they would be able to recover the stolen funds in such a situation. However, the protocol noted that a security incident of any scale “might have created serious panic.”<\/p>\n

Curve Finance survived a $62 million hack in July. As part of returning to normalcy, the DeFi protocol voted to compensate liquidity providers (LPs) worth $49.2 million in assets.<\/p>\n

On-chain data confirms that 94% of token holders have approved the distribution of over $49.2 million worth of tokens to cover losses of Curve, JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET) pools.<\/p>\n

According to Curve’s proposal, the community fund will provide Curve DAO (CRV) tokens. The final amount includes a deduction for tokens recovered since the incident.<\/p>\n

\u201cIn total, the recovery of ETH 2,887 was calculated to be 5919.2226 ETH, the CRV to be recovered was calculated to be 34,733,171.51 CRV, and the total to be distributed was calculated to be 55,544,782.73 CRV,\u201d the proposal states.<\/p>\n

The attacker exploited a vulnerability in stable repositories using some versions of the Vyper programming language. The bug made Vyper versions 0.2.15, 0.2.16 and 0.3.0 vulnerable to reentrant attacks.<\/p>\n

\n

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don\u2019t forget to follow us on our\u00a0Telegram,\u00a0<\/strong><\/a>YouTube<\/strong><\/a>,\u00a0and\u00a0Twitter<\/strong><\/a>\u00a0channels for the latest news and updates.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Curve Finance awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability. A security researcher has been rewarded $250,000 for discovering a vulnerability that has allowed hackers to siphon millions of dollars from crypto protocols in the past. Pseudonymous cybersecurity researcher Marco Croc of Kupia Security has identified<\/p>\n","protected":false},"author":6,"featured_media":8714,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,2],"tags":[727,730,5799,5798],"class_list":["post-19323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-news","category-news","tag-curve-finance","tag-curve-finance-hack","tag-curve-finance-security","tag-curve-finance-vulnerability"],"yoast_head":"\nCurve Finance Awarded a Security Researcher - Coin Engineer<\/title>\n<meta name=\"description\" content=\"Curve Finance awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Curve Finance Awarded a Security Researcher - Coin Engineer\" \/>\n<meta property=\"og:description\" content=\"Curve Finance awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/\" \/>\n<meta property=\"og:site_name\" content=\"Coin Engineer\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-01T14:00:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-01T12:38:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/\",\"url\":\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/\",\"name\":\"Curve Finance Awarded a Security Researcher - Coin Engineer\",\"isPartOf\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png\",\"datePublished\":\"2024-05-01T14:00:28+00:00\",\"dateModified\":\"2024-05-01T12:38:45+00:00\",\"author\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\"},\"description\":\"Curve Finance awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability.\",\"breadcrumb\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#primaryimage\",\"url\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png\",\"contentUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png\",\"width\":1600,\"height\":900,\"caption\":\"Curve Finance\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/coinengineer.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Curve Finance Awarded a Security Researcher\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\",\"url\":\"https:\/\/coinengineer.net\/blog\/\",\"name\":\"Coin Engineer\",\"description\":\"Btc, Coins, Pre-Sale, DeFi, NFT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/coinengineer.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\",\"name\":\"Tanju Akb\u0131y\u0131k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"caption\":\"Tanju Akb\u0131y\u0131k\"},\"url\":\"https:\/\/coinengineer.net\/blog\/author\/cetanju\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Curve Finance Awarded a Security Researcher - Coin Engineer","description":"Curve Finance awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/","og_locale":"en_US","og_type":"article","og_title":"Curve Finance Awarded a Security Researcher - Coin Engineer","og_description":"Curve Finance awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability.","og_url":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/","og_site_name":"Coin Engineer","article_published_time":"2024-05-01T14:00:28+00:00","article_modified_time":"2024-05-01T12:38:45+00:00","og_image":[{"width":1600,"height":900,"url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png","type":"image\/png"}],"author":"Tanju Akb\u0131y\u0131k","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tanju Akb\u0131y\u0131k","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/","url":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/","name":"Curve Finance Awarded a Security Researcher - Coin Engineer","isPartOf":{"@id":"https:\/\/coinengineer.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#primaryimage"},"image":{"@id":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png","datePublished":"2024-05-01T14:00:28+00:00","dateModified":"2024-05-01T12:38:45+00:00","author":{"@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546"},"description":"Curve Finance awarded the maximum bug bounty of $250,000 to cybersecurity researcher Marco Croc after thoroughly investigating the vulnerability.","breadcrumb":{"@id":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#primaryimage","url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png","contentUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2023\/12\/tempory-30.png","width":1600,"height":900,"caption":"Curve Finance"},{"@type":"BreadcrumbList","@id":"https:\/\/coinengineer.net\/blog\/curve-finance-awarded-a-security-researcher\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/coinengineer.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Curve Finance Awarded a Security Researcher"}]},{"@type":"WebSite","@id":"https:\/\/coinengineer.net\/blog\/#website","url":"https:\/\/coinengineer.net\/blog\/","name":"Coin Engineer","description":"Btc, Coins, Pre-Sale, DeFi, NFT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/coinengineer.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546","name":"Tanju Akb\u0131y\u0131k","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","caption":"Tanju Akb\u0131y\u0131k"},"url":"https:\/\/coinengineer.net\/blog\/author\/cetanju\/"}]}},"_links":{"self":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/19323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/comments?post=19323"}],"version-history":[{"count":1,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/19323\/revisions"}],"predecessor-version":[{"id":19324,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/19323\/revisions\/19324"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media\/8714"}],"wp:attachment":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media?parent=19323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/categories?post=19323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/tags?post=19323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}