A Deep Dive Into How Curve Pool’s $70 Million Reentrancy Exploit Was Possible

The recent Curve Pool Exploit is different from the majority of cryptocurrency hacks that we’ve seen happen in the last few years because unlike many of the previous exploits, this one is not directly related to a vulnerability of the smart contract itself, but rather, the underlying compiler of the language that it was written in.

In this case, we’re talking about Vyper: a smart contract-oriented Pythonic programming language designed to interact with the Ethereum Virtual Machine (EVM). The circumstances surrounding this exploit fascinated me so I wanted to do a deep dive into what allowed this exploit to happen in the first place.

As the exploit unfolded, headlines kept reporting new numbers every day. It seems that the situation has finally been contained, but not before over $70 million U.S. Dollars were stolen. As of today, several DeFi projects’ pools were also hacked, including PEGD’s pETH/ETH: $11 million; Metronome’s msETH/ETH: $3.4 million; Alchemix’s alETH/ETH: $22.6 million; and Curve DAO: around $24.7 million, according to LlamaRisk’s post-exploit assessment.

The exploit is known as a reentrancy malfunction, that was made possible on certain versions of the Vyper programming language, specifically v0.2.15, v0.2.16 and v0.3.0. Therefore all projects using these specific Vyper versions are a vector for attack.

What is reentrancy?

In order to understand how this exploit was possible in the first place, we need to first need to understand what reentrancy is and how it works.

A function is called reentrant if it can be interrupted in the middle of its execution and then safely called again (“re-entered”) before its previous invocations complete execution. Reentrant functions are used in applications like hardware interrupt handling, recursion, etc.

In order for a function to be reentrant, it needs to satisfy the following conditions:

1. It may not use global and static data. This is just a convention, there are no hard restrictions in place, but a function using global data can lose information if interrupted and re-started.
2. It should not modify its own code. The function…