A vote has been taken by Curve Finance defi protocol community members to reimburse the liquidity providers (LPs) that were victims of a $61 million hack in July.
On December 21, 94% of token holders authorized the distribution of tokens worth more than $49.2 million to compensate for the losses of the Curve, JPEGd, Alchemix, and Metronome pools, according to on-chain data.
Losses are computed by factoring in the quantity of Ether and CRV tokens present in the pools before the breach and the CRV emissions that were not distributed to LPs during the preceding months but were nevertheless accounted for.
The community fund will provide the Curve DAO (CRV) tokens per Curve’s proposition. Deducted from the ultimate sum are the tokens that have been recovered after the occurrence.
“The overall ETH to recover was calculated as 5919.2226 ETH, the CRV to recover was calculated as 34,733,171.51 CRV, and the total to distribute was calculated as 55’544’782.73 CRV,” according to the proposal.
Concerns regarding the exploit’s repercussions on the cryptocurrency ecosystem led to a stress test of several DeFi protocols following the July 30 security incident. Overall value locked (TVL) for Curve was close to $4 billion in July. Affected pools included CRV/ETH, alETH/ETH, pETH/ETH, and msETH/ETH.
“This remediation proposal seeks to make affected LPs whole,” Curve wrote in the proposal. “Although stolen funds in each pool were either fully or partially recovered, MEV bots have shorted all affected pools.”
The assailant constructed the breach by leveraging a susceptibility present in stable pools and specific iterations of the Vyper programming language—a widely adopted option for DeFi protocols owing to its inception on the Ethereum Virtual Machine. Versions 0.2.15, 0.2.16, and 0.3.0 of Vyper were susceptible to reentrancy assaults due to the flaw.
