Exploit of Conic Finance on Ethereum Omnipool
The decentralized finance (DeFi) protocol Curve’s liquidity pool balancing platform, Conic Finance, has suffered an exploit on the Ethereum omnipool, according to Beosin Alert, a Web3 risk-alert source. Data provided by Beosin reveals that a single transaction sent nearly the entire amount of stolen cryptocurrency, which was $3.26 million in Ether (ETH), to a new Ethereum address.
Conic Finance quickly acknowledged the news on Twitter, saying that it is currently investigating the exploit and will provide updates as soon as they are available. Peckshield, a blockchain security firm, has conducted an initial analysis and determined that the root cause came from the new CurveLPOracleV2 contract.
As Peckshield noted in their audit, a read-only reentrancy issue is present in the CurveLPOracleV2 contract, which was not part of the initial audit scope. This issue is similar to what was identified in their audit.
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments