Curve Finance closes pool after vulnerability found in yVault2

The Curve Finance team, the decentralised exchange, identified a vulnerability in the new yVault2 liquidity pool linked to the DeFi project yEarn.Finance. Users’ funds were not affected, the developers said.

🚨🚨🚨

We have discovered an issue with the new yv2 (@iearnfinance) pool. The pool has been killed in order to protect LPs.

All funds are safe. Deposits will be sent directly to liquidity providers’ wallets, no further action is required to withdraw.

— Curve Finance (@CurveFinance) February 8, 2021

According to the developers, deposits will be automatically returned to liquidity providers, with no further action required on their part.

Representatives of yEarn.Finance confirmed that the vulnerability does not threaten users’ funds.

Recent yv2 pool issue doesn’t affect any of yearn vaults. Funds are safe. https://t.co/WcNx73T85l

— yearn.finance (@iearnfinance) February 8, 2021

On February 5, the yEarn.Finance team reported the detection and remediation of a vulnerability in the v1 yDAI pool. The project’s lead developer, who goes by banteg, said that an unknown withdrew $2.8 million using flash loans, and the pool lost $11 million.

The founder, Andre Cronje, promised to compensate the damage from the attack to users who purchased insurance policies from Nexus Mutual and Cover Protocol partners.

Subscribe to ForkLog’s channel on YouTube!