Recently, serious vulnerabilities were discovered in some versions of the smart contract programming language Vyper, leading to attacks on some important projects including Curve Finance. The Vyper team has announced that the three affected versions (0.2.15, 0.2.16, and 0.3.0) have a reentrancy lock function failure problem, and recommended that relevant projects contact them immediately for technical support and solutions.

However, the Curve team stated that some stable pools using Vyper version 0.2.15, such as alETH, msETH, and pETH, have suffered cyberattacks. In addition, the NFT staking protocol JPEG'd was also affected by the reentrancy vulnerability, with stolen assets reaching approximately $10 million. The lending project AlchemixFi and the DeFi protocol MetronomeDAO were also attacked, and the attackers made profits of US$13 million and US$1.6 million respectively.

What do you think of this vulnerability incident? Feel free to chat in the comment area.