The developers of the DeFi Curve Finance protocol have found a vulnerability affecting the new yVault2 liquidity pool. The pool had to be closed.
According to a statement on Twitter by Curve Finance, the vulnerability is affecting the new trading pool yVault2, which includes the Yearn Finance yield aggregator project. The pool was quickly closed to prevent an incident.
Curve gives users the ability to switch between USD-backed stablecoins with extremely low fees and slippage. Curve’s liquidity is entirely provided by users, who in return earn income from interest charged to Curve’s stablecoin borrowers. According to the developers’ statement, all blocked tokens will be automatically returned to liquidity providers.
Yearn Finance is a profitability aggregator that automatically transfers users’ cryptoassets to other protocols, exchanges and wallets that generate profitability. All users who have blocked their cryptoassets on Yearn receive a token with “Y” in their name in return. For example, a user who invests USDT in Yearn receives yUSDT in return, which can later be used in other protocols to generate income or exchanged for another cryptocurrency.
This structure is called “vault”, where tokens “v1” and “v2” based on two vaults, which charge different fees and use different strategies, are issued to users based on the assets they have deposited. The latest vulnerability affected the “v2” pool, with the team confirming that the problem was not fundamental, but technical.
This is the second vulnerability involving the Yearn Finance protocol in recent days. Last week, an experienced hacker hacked v1 yDAI, causing the vault to lose approximately $ 11 million worth of crypto assets.
