👀 Weekly Digest

Curve exploit

This week, one of the hottest topics in the blockchain world is the Curve hacking attack and the subsequent liquidation risk caused by a sharp decline in the token price. Curve is not only the second-largest DEX project on the Ethereum chain in terms of TVL but also the protocol with the highest stablecoin locked-in volume in the DeFi world.

The news of the hacking attack on the Curve protocol was shocking, and after identifying the security vulnerability, people are now concerned about whether the sharp drop in the Curve token $CRV will trigger the liquidation of massive borrowing positions in AAVE and Fraxlend, leading to bad debts in these related protocols.

Vulnerability Analysis

The main cause of the Curve vulnerability was a compilation error in the vyper language used in its code. In certain versions, the reentrancy locks that were originally in place to prevent reentrancy attacks were not executed, allowing the hacker to drain the liquidity pool through a reentrancy attack. Any liquidity pool that was created using Vyper 0.2.15, 0.2.16, and 0.3.0 versions and consists of native ETH tokens is at risk.

The Curve team also advised users to withdraw from the tricrypto pool on the Arbitrum chain, even though profitable vulnerabilities have not been found at the moment, it's best to exit this pool due to the vulnerability.

Important Timeline

Beijing Time 7/30 21:10 ~ 7/31 06:00 - The peth/eth, aleth/eth, mseth/eth, and crv/eth liquidity pools were successively attacked by hackers, with white-hat hackers also participating in rescue operations.

The total affected value was approximately $69 million, with about $17 million returned by white-hat operations to the project. The final total loss was about $52 million.

Chain Reaction

As a result of the hacking attack, the Curve $CRV token experienced a sharp decline of nearly 40% over four days, with the lowest on-chain DEX offering falling below 0.01 due to the hacker's sell-off and insufficient liquidity. This has also raised concerns about whether Curve founder Michael's use of $CRV as collateral to borrow stablecoins on multiple lending platforms may face liquidation risk. The most concerning situation is the nearly 250 million $CRV collateralized on AAVE, which may lead to protocol bad debts if liquidated.

Currently, Michael has sold 54.5 million $CRV at an average price of $0.4 through OTC trading to raise $21.8 million in stablecoins to address the urgent need to reduce the high collateralization ratio facing liquidation.

Source: https://dune.com/0xramen/curve-otc-dashboard

Binance Launchpool Projects: Sei & CyberConnect

Following the conclusion of its previous Launchpool project, Pendle, Binance Exchange wasted no time in launching another round of Launchpool with two projects this time: Web3 social network CyberConnect and Layer 1 public blockchain Sei.

The new Launchpool also introduced an exciting feature - the inclusion of the newly launched stablecoin FDUSD pool, marking the first step of collaboration with FDUSD. Binance users holding BNB, TUSD, and FDUSD can participate in the corresponding pools for 30 days to receive the respective project tokens as rewards.

Sei Project Overview

Sei is a Layer 1 blockchain built on the Cosmos multi-chain network, specifically designed to optimize digital asset trading. It is a fully open-source and general-purpose blockchain.

Key features of Sei include:

Twin-Turbo Consensus: Sei adopts the Twin-Turbo consensus mechanism, achieving finality in 400 milliseconds, ten times faster than Solana and other high-performance blockchains.
Smart Block Propagation: Sei uses smart block propagation to send block proposals with transaction summaries to validators, allowing them to locally build blocks and respond faster.
Optimistic Block Processing: Sei uses optimistic block processing, where blocks begin processing immediately upon receipt by validators, further improving transaction processing speed.
Single Slot Finality: Sei requires consensus among validators before adding a block to the network, preventing reorganizations and forks, ensuring user transactions cannot be reversed.
Parallel Processing: Sei processes transactions in parallel, handling up to 20,000 orders per second.
Front-Running Prevention: Projects on Sei can use a local matching engine to prevent negative MEV (Maximal Extractable Value) behaviors, such as front-running.
Native Price Oracle: Validators provide decentralized price feeds for popular assets, ensuring a more reliable trading experience.
Permissionless Smart Contracts: Sei is a permissionless blockchain, allowing developers to deploy Rust-based smart contracts.

The $SEI token is the multi-functional token on the Sei blockchain, used for fee payments, governance participation, staking, and liquidity provision, supporting the operation and development of the Sei network.

CyberConnect Project Overview

CyberConnect is a web3 social networking protocol that enables developers to create social applications where users have ownership of their digital identities, content, connections, and interactions.

CyberConnect's value proposition is to create persistent on-chain connections through its network while providing users with a familiar web2-style social experience, along with the advantages of decentralization and user data ownership.

CyberConnect consists of three core components:

CyberAccount: This is a multi-chain account system that supports ERC-4337, allowing users to onboard into a multi-chain web3 social experience without the need for seed phrases and transaction fees.
CyberGraph: This component is an anti-censorship smart contract database designed to record user content and social connections, with built-in monetization tools.
CyberNetwork: This is an efficient and scalable Layer 2 network designed to bring web3 social experiences to a wider audience.

The project has its governance token, CYBER, which can be used for the following functions:

Governance: CYBER token holders have voting rights and can delegate their voting power to others, participating in decision-making to improve the protocol.
CyberID Purchases: CYBER tokens are used to purchase CyberIDs, which may be a significant identity component for users on the platform.
CyberAccount Fuel: CYBER tokens are used as the payment method for fueling all CyberAccount transactions conducted on EVM-compatible chains.

Regenerate

DataCheck

https://twitter.com/DodoResearch/status/1686220699319603200?s=20

🚄 Bullet News

The DEX Leetswap, which had the highest TVL on the Base blockchain, suffered a hacking attack resulting in a loss of approximately $620,000. The project team announced the suspension of the protocol's trading functionality upon learning of the attack and later reclaimed the remaining 220 ETH in the protocol. They stated that they are collaborating with white-hat hackers and security researchers to recover funds as much as possible.
The U.S. Securities and Exchange Commission (SEC) filed a lawsuit against Richard Schueler, the founder of HEX and Pulsechain, accusing him of selling unregistered securities in violation of federal securities laws. Following the lawsuit, the tokens $PLS and $HEX experienced a 50% price drop.
Flashbots, an Ethereum infrastructure service, completed a $60 million Series B funding round at a valuation of $1 billion. The funding was led by Paradigm's General Partner, Charlie Noyes.