The Saga of Curve Finance: DeFi's Intricate Landscape
Understanding Curve, Its Controversies, OTC Deals, and Potential Pitfalls
Disclaimer: Dewhales Capital does not provide investment advisory services to the public. Any information should not be taken as investment, accounting, tax or legal advice or as a recommendation to purchase, sell or hold or to pursue any investment style or strategy. The accuracy and appropriateness of the information is not guaranteed by Dewhales Capital.
The content presented in this article, along with others, is based on opinions developed by the analysts at Dewhales and does not constitute sponsored content. At Dewhales, we firmly adhere to a transparency-first philosophy, making our wallets openly available to the public through our website or DeBank, and our articles serve as vehicles for self-expression, education, and contribution to the ecosystem.
What is Curve?
How the drama unfolded
OTC Deals
Potential Pitfalls
As the advertising slogan of the Colt gun manufacturer says: "God made man, but Samuel Colt made them equal". Probably, the same can be said about crypto in this situation. But is the situation really as dire as it was portrayed in the moment of general panic?
What is Curve
Firstly - what Curve Finance is and why it is so popular and why it affects the whole DeFi ecosystem so much. Curve is an AMM DEX and its main competitor is Uniswap. The most important difference is that Curve is positioned as a DEX for low-volatility assets - stablecoins and wrapped/synthetic assets (sBTC, renBTC or wBTC), and that's also why Curve has minimal slippage - because stablecoin prices are considered predictable. And that's why Curve's TVL has been higher or around Uniswap's TVL, even though Uniswap supports a multitude of assets and Curve mostly a limited number of assets - because the stability of Curve's platform attracts liquidity providers who are looking for a safe place for their stablecoins and wrapped assets where they will be spared the risks of Slippage and Impermanent Loss. But the main tragedy with Curve is that it started the so-called Curve Wars and involved a lot of protocols, we will talk about this in detail in the next section "How other Curve-based pools and new pairings work".
Curve's TVL before the reentrancy exploit was $3.26B vs Uniswap's $3.7B, now it's $1.72B vs $3.77B respectively, according to DefiLllama. Curve's peak TVL value is $24.29B vs. Uniswap's $10.24B, which clearly shows that this protocol has been a leader in the DeFi ecosystem and continues to occupy it as an AMM for stablecoins. It's worth considering the factor that the higher the TVL - the technically lower the Slippage should be, so Curve's lower TVL in the long run may bring another negative that could reduce the popularity of the platform.
Curve Finance was launched in January 2020 (Uniswap in 2018), about two months after Michael Egorov published the "StableSwap" whitepaper in November 2019. And in June 2021, Egorov published a whitepaper for an MMA system with dynamic binding, making Curve V2 available.
And another one of the most important points in this whole story is that Curve has a governance token CRV. We will not go into details of tokenomics, but to understand the further development of the situation it is worth considering it in general terms and marking that Curve uses ve tokenomics model (not ve(3,3) as in later projects after Solidity's Andre Cronje). ve-tokenomics means that fungible tokens are deposited to receive votes, but this does not give users as broad rights and benefits as in the ve(3,3) case. That is, Curve has a CRV and a veCRV.
CRV is used to attract liquidity providers. And in order to get the right to manage and receive staking income, users need to lock it into veCRV. CRV issuance is regulated by gauges (Gauges).
veCRV is a non-transferable token. The amount of veCRV received depends on how long a user blocks a CRV, and veCRV holders can vote for calibration weights that determine how many CRV awards a particular liquidity pool will receive. That is, the protocols themselves can also vote for their own pools or or pools that are in their area of interest so that they can receive more rewards. In addition, veCRV holders are rewarded with automatic market maker commissions and increased rewards.
And it is the latter aspect that has led to the emergence of Curve-based projects that have launched Curve Wars in pursuit of profit by blocking CRVs and also encouraging CRV owners to block their tokens with additional incentives (issuing other tokens), thus creating even more value for CRVs. Below we take a closer look at what happened, what projects were involved, and how Curve became one of the foundational layers of DeFi.
How the drama unfolded
At the time of publication it is known that about $50m worth of funds have been affected by the exploit. However, DeFi's total TVL fell by $2.3B. Along with this, COMP is down over 14%, AAVE is down over 9.4% and FXS is down over 5%. This clearly shows how fragile and interconnected the DeFi ecosystem is. In this study, we will look at why compromising not even the core protocol itself, but just projects using older versions of its code, can be so dangerous for the whole of DeFi.
The fact is that Michael Egorov, founder of Curve, used about 47% of the entire circulating CRV supply to borrow about $63 million in stablecoins on Aave alone, backed by a substantial $175 million in CRV token (305m CRV).ᅠEgorov also put up 59m CRV on Fraxlend as collateral as part of a 15.8 million FRAX loan. And all was well until the exploit of the projects, which were based on older versions of Vyper 0.2.15, 0.2.16 and 0.3.0.
Vyper is a contract-oriented Python programming language designed for the Ethereum Virtual Machine (EVM). The exploit was caused by re-entry, but the bug was not hidden at the smart contract level, the vulnerability was at the Vyper language compiler level. This bug was fixed in later versions of Vyper, but remained in those projects that used older versions. In the Vyper language, protection against replay attacks is implemented at the compiler level, which differs from Solidity's approach. As discovered on 30 July, an N-day vulnerability in the compiler allowed the re-entry blocking modifier to be bypassed. The bug occurred because each function that used the lock did so with a local variable, meaning that each function only closed itself. As a result, the attackers were able to perform a cross-functional reentry attack.
The the exploit has begun with protocols deployed on BSC, but also hit Curve Finance. On 30 July, Curve Finance reported that several stable pools (alETH/msETH/pETH) using Vyper 0.2.15 were exploited due to a faulty re-entry lock. Curve later issued a clarification, "As a result of a problem in the Vyper compiler, the following pools were exploited in versions 0.2.15-0.3.0: crv/eth, aleth/eth (Alchemix), mseth/eth, peth/eth (NFT JPEGd).'' The exploit was also reported by the Ellipsis exchange, which had several stable pools with BNB exploited and the sETH-ETH Metronome pool lost $1.6 million. Furthermore another $25m worth of funds were withdrawn from the CRV/ETH Curve pool, according to Bankless.
According to the latest reports, Vyper 0.3.1+ has been patched and audited and is free of this bug, as are subsequent versions. And the lack of information about this serious vulnerability may indicate that the bug was simply not noticed and fixed accidentally.
But Vyper developers claim to have found this bug in version 0.2.15, in which it appeared due to a fix for another bug in version 0.2.14 and report that it was discovered and tested in version 0.3.1. But why then was no forced update reported?
It's all led to a loss of funds, and BlockSec, a blockchain auditing firm, estimated total losses at more than $42 million in a preliminary analysis published on Twitter. The latest figures put the total losses from the attack at around $52 million (but part of the funds may be held by "white-hat" hackers). In total, Curve manages 232 different pools. And another problem is that pools created in Curve can only be shut down for the first 2 months, and compiler versions with the bug were released back in 2021 during a 3-month window from 24 July 2021 to 30 November 2021. So for example, it is not possible to shut down pools as was the case on Kyberswap.
Eventually, the discovery of this exploit led to black and white hackers competing for funds. In particular, white hacker c0ffeebabe.eth managed to withdraw and return 2,879 $ETH. But, unfortunately, the further rescue operation was not successful, judging by the information of one of Curve's deployers and co-creators of Yearn Banteg: It is still unknown about other funds rescued by white hackers.
Chronology of events related to the exploits of pools associated with Curve and old versions of Vyper:
At 13:10 UTC, $11 million was drained from the pETH/ETH pool.
At 14:07 UTC, several researchers and coders decompiled the JPEGd contract using a decompiler tool and noticed a difference in the reentrancy protection slot. Test contracts were also created.
At 14:50 UTC, the msETH/ETH pool was drained.
At 15:34 UTC, the alETH/ETH pool was drained (transaction link).
At 15:43 UTC, the rescue team identified a vulnerability in the CRV/ETH pool, compiled using Vyper version 3.0.0.
At 16:11 UTC, work on the Whitehat exploit began.
At 16:44 UTC, a public statement on the affected versions was released.
At 19:11 UTC, someone else stole funds from the CRV/ETH pool, but some funds still remained.
At 21:26 UTC, Addison proposed an ambitious plan to recover the remaining assets in the CRV/ETH pool, and a plan was presented to recover 3100 ETH by updating the administrative fee of the bot, which would slow down the pool drain.
At 22:02 UTC, by some strange coincidence, the CRV bot administrator requested a fee, and the pool was drained, but later these funds were returned (it was c0ffeebabe.eth).
All of these events have caused the Curve CRV token to start falling. As a result, for example, lending and borrowing protocol Aave disabled the CRV borrowing feature amid panic. Michael Egorov's position began to move dangerously close to liquidation as the token's price fell. And to Michael's credit - he is constantly monitoring the situation, keeping it from sliding into an unmanageable collapse with cascading liquidations. But if Michael's position starts to liquidate, there is not enough liquidity in the market to close it out. In simple words - CRV will be forcibly sold into the market and there are no buyers for it.
In addition, the main panic was fuelled by the fact that the exploiter has 7.19m CRV tokens left (wallet already marked), which he could theoretically use to hit the market at any time and affect the price of CRV, thus bringing liquidation closer. Especially in the event of liquidation, Egorov's positions would likely have bad debts on Aave and other lending protocols, as there is not enough liquidity online for CRV to liquidate Egorov's position. The situation is also exacerbated by the fact that DeFi's lenders reacted to the incident by pulling funds out of Aave and other protocols, in the process increasing loan fees. Also, the main problem is that the DeFi community is reacting to Egorov's actions and removing liquidity from the pools it replenishes.
OTC Deals
Therefore, the market began to be rescued, including through OTC deals with the CRV token. Michael Egorov began to act quickly and swiftly, paid off some of his debts and increased the amount of collateral assets provided, resulting in his liquidation price dropping to $0.37 per CRV on Aave, according to DefiLlama. The position boasts a health ratio of 1.71, from 1.5 earlier 31st July, according to DeBank records. What actions Egorov has taken:
According to Debank, he repaid a noteworthy FRAX loan of 5.13 million stablecoins and returned 12.5 million CRV tokens as collateral.
Also on 1 August, Egorov deployed the Curve pool to stimulate liquidity in the lending market. Just four hours after launch, the pool received $2m of liquidity and reduced its utilisation rate from 100% to 89%.
In the network there is information that deals on OTC were at the price of $0.4 per token with a lock for 6 months. But the strange thing is that in fact there are no locks, buyers received tokens in full after sending stablecoins. As we can see below - some tokens have even been moved across multiple wallets already.
Michael Egorov's wallet: 0x7a16fF8270133F063aAb6C9977183D9e72835428
Blockchain data shows that he sold 5 million CRV to Tron founder Justin Sun for $2 million, at a nominal value of $2.9 million, which Justin Sun immediately announced on his Twitter and disclosed plans to implement the stUSDT pool on Curve. Interestingly, Justin Sun's wallet 0x3DdfA8 had been inactive for almost six months before this transaction. Another notable detail is that the 5 million CRV sold by Justin Sun was received from the wallet (smart contract address) 0x3835a Frax in exchange for 2 million FRAX: sending FRAX to 0x3835a and receiving CRV from address 0x3835a.
Justin Sun hasn't done anything with its CRV tokens at this point.2.5 million CRV was presumably sold to Wintermute (TXID), though there is also information that Wintermute was not a counterparty in the over-the-counter deals. However, the wallet 0x4D3e45 received deposits from the Wintermute wallet 0xDBF5E9c. From the wallet 0x4d3e, 1 million USDT was received.
This buyer has not done anything with their CRV tokens at this time4.25 million CRV was sent to DCF DOG (TXID) (0xFa4FC4), and before that, 1.7 million USDT was received from this address.
DCF DOG disposed of the received tokens in a rather interesting way: it converted the received CRVs into yCRV, st-yCRV, cvxCRV and stkcvxCRV.Another 2.5 million CRV was sent to DWF Labs (TXID 1) (0xD4B69), and before that, 1 million USDT was received. Later, an additional 10 million CRV was sent (TXID 2) (0xD4B69), and before that, 4 million USDT was received.
DWF Labs has not done anything with their CRV tokens at this time.Next, 2.5 million CRV was sold to the DeFi project Cream Finance (TXID), and before that, two transactions of 500k USDC and 500k USDT were received from the Cream Finance multisig wallet.
Cream Finance sent the CRVs they received in 12.5 hours to creamcrvlockerAdditionally, 3.75 million CRV was sent to NFT owner Jeffrey Huang, known as Machi Big Brother (TXID), and in return, 1.5 million USDT was received (TXID).
Machi almost immediately, half an hour later, sent all CRV to creamcrvlocker.It can also be observed that 17.5 million CRV was transferred in seven transactions of 2.5 million CRV each from Michael's wallet to the wallet 0xd533a, from which the tokens were then sent to the address 0x23f79D4 and finally settled on the empty address 0x00fb4c1d.
At the moment, 17.5m CRVs are still on the last wallet.2.5 million CRV was sent to c2tp.eth (TXID), and before that, 1 million FRAX was received.
Blocked received CRV at Convex Finance1.25 million CRV was sent to 0xcb5 (TXID), and before that, 500k USDT was received. There is speculation that this wallet may belong to PrismaFi, an LST-backed CDP platform that is being developed in co-operation with the Curve team.
This buyer has not done anything with their CRV tokens at this time.250k CRV was sent to 0x9dbf7 (TXID), and before that, 100k USDT was received.
This buyer has not done anything with their CRV tokens at this time.2.5 million CRV was sent to erwwer 0xb0b85, and before that, 1 million USDT was received.
This buyer has not done anything with their CRV tokens at this time.
Lookonchain suggests that Egorov sold a total of 39.25m CRVs and received $15.8m in return. But in fact, a total of 54,5m CRVs were sold on OTC for $21.8m as of 1 August.
Cumulatively, according to Egorov's curvefi.eth wallet on Arkham, the wallet's balance has decreased from $202m on 30 July to $179m as of 1 August. Currently, all assets on Michael's wallet are in aCRV, except for small positions such as 204k in Thresold token, 198k in MAI and 190k in DBR DOLA Borrowing Right Community.
On 2 August, OTC deals continued, the amount of funds sold has already reached 16,25m CRV tokens ($6,5m):
2.5 million CRV was sold TXID for 1 million USDT TXID to a newly created wallet 0x5AaeB1, which had previously received 1 million USDT and 1 ETH from the wallet 0x3f3429D with a balance of approximately $35.7 million, the ownership of which remains unidentified, but this wallet has been periodically mentioned in Lookonchain reports.
5 million CRV was sold TXID for 2 million USDT TXID to wallet 0x003027, the ownership of which could not be identified as well. Presumably, this wallet belongs to StakeDAO.
5 million CRV was sold again TXID to the same wallet 0x003027 after 20 minutes for 2 million USDT TXID.
3,75 million CRV was sold TXID for 1,5 million USDT TXID to a Yearn Treasury wallet. Yearn immediately deployed CRV to the yCRV/CRV pool.
Against this backdrop, an interesting observation was made: aware that Michael's wallet is currently under close scrutiny, projects started sending small amounts of tokens to it in order to attract attention. Among the first to do so was Optimus AI, which sent 5555 OPTIMUS tokens worth approximately $570 from their wallet optimusvisionfund.eth.
According to Arkham and Etherscan data, Michael Egorov's wallet balance has decreased from $179m on 1 August to $172m as of August 3:
All of Michael's actions were aimed at reducing the size of debt positions of the size of the loan, and this can be clearly seen by the reduction in the size of debt positions. According to DeBank data, as of 28 July, Egorov had a total loan of about $110 million, secured by 447.7 million CRV tokens (about 47% of CRV's total current supply). At the time of 3 August, the amounts owed had reduced significantly, he now has $80m in debt secured by $216m in CRV tokens (372.64m CRV), according to DeBank data:
Based on the data we can conclude that Michael received $28.3m for selling 70.75m CRV OTC, while the amounts owed and collateralized decreased by $30.61m and 75m CRV respectively. The Health Factor (HF) on the positions as of 3 August is in good values, but lower than before this situation started.
Interestingly, Gauntlet, the risk management firm that noticed Egorov's huge CRV credits on Aave back in January, recommended in early June to freeze the CRV market on Aave V2 as the CRV token price started to fall and the first risks of possible liquidation and a possible cascading collapse appeared on the horizon due to the fact that Egorov's secured CRV on Aave V2 represents more than 33% of the total number of tokens in circulation. But the proposal was rejected by the Aave community.
Potential Pitfalls
In order to understand what the consequences could be for DeFi, it's worth understanding that in this case it's not just about Vyper's mistake, but that this event set off a chain of other events, in particular - problems with Michael Egorov's loan, which is secured by CRV. And if it theoretically liquidates his loan - as we wrote above, there could be a huge number of CRVs on the market for which there are no buyers. And the fall of the CRV could trigger a subsequent cascading chain of reactions.
Why "theoretically"? Firstly, the volume of purchases on OTC indicates that the risks are calculated and most likely the market is not expecting such a development.
Secondly, minor risks include the case if a exploiter decides to sell 7.19m CRV, then due to the fact that his wallet is marked as hacker, he will only be able to do so on Uniswap, and if he decides to sell in one side (which is unlikely), theoretically the price of the token could fall by an impressive 66.97%, which is below the current Egorov liquidation price. But this is an unlikely scenario, as the current 24h trading volume of CRV according to Coinmarketcap is $427m and the amount of 7.19m CRV is unlikely to sell the price significantly. Because firstly, immediately in the next block arbitrageurs will switch on and start comparing the price and secondly, Aave uses Chainlink price oracle which takes data from multiple sources (in the case of Michael's deposit CRV uses V2, but the general principle of operation is the same in all versions).
Especially as the price of the CRV token was falling to $0.086 on the DEX, but it was the CEX price flow that kept the CRV price at $0.60 on centralized exchanges, preventing a collapse of the token.
But still, in reality, there is the risk of price pressure remains. Due to the so-called handshake lock, they bought tokens at $0.4 at the current price of $0.6 - this will give them at least 45-50% profit.
Perhaps the outcome of this story will lead to CDP platforms developing some mechanisms to be more selective about borrowers, position sizes and more flexible in shaping LTV. Next we'll look at what Curve is and what Curve-related protocols (not on older versions of Vyper) might be affected in a pessimistic (but unlikely scenario) and consider how closely intertwined the DeFi protocols are with each other.