Odaily Planet Daily News According to official sources, zkWasm L2 project Fluent has announced the launch of its private testnet V2. This version includes two key enhancements: an enhanced version of Rust SDK and 100% EVM compatibility. Developers can build smart contracts in Solidity and Vyper and use the newly improved Rust SDK.

According to the official announcement of Ethereum's layer 2 network solution zkSync, Etherscan now supports zkSync transaction query and other services, and the service functions that Etherscan can provide to zkSync include: verified contract list, zkSync Non-fungible Token transfer and minting list, Blockchain charts and statistics, code reader, Vyper online compiler, Token approval, contract difference checker, broadcast original transaction, Similar contracts to provide builders and users with transparent access to Blockchain data from multiple external sources.

According to Gold Finance, the Aave community proposal proposes to re-enable CRV lending on v3 Ethereum/Polygon, which said that CRV lending was disabled on Ethereum and Polygon v3 during the Vyper exploit, and given that the vast majority of high-risk CRV positions have left the system, Gauntlet recommends reactivating CRV lending. To do this, we recommend some additional changes to CRV parameterization. The proposed borrowing limit will be reduced from 7.7 million to 5 million.

Odaily Planet Daily News According to official news, Web3 security company Certora has cooperated with the smart contract language Vyper team to open its Prover tool to all users to help strengthen the security of Vyper code. As Vyper community key holders, users will be able to use Certora Prover to verify Vyper code until December 31, 2023.

Golden Finance reported that zkSync Developers announced on official Twitter that the Vyper compiler has been upgraded to version v1.3.10, aiming to solve and fix the problem of uninitialized immutable values in the zkvyper binary file. In addition, the zkSync Era test node has also released a new version v0. .1.0-alpha.3, the update mainly includes: adding 5 new endpoints, implementing standard console logs, and fully supporting ethgetBlockByNumberethgetBlockByHash, etc.

Odaily Planet Daily reported that the Ethereum programming language Vyper released the V0.3.10 candidate version, adding a code size optimization mode, a new #pragma directive specific to vyper, using Cancun's MCOPY opcode for some compiler-generated code, and generating now A selector table with O(1) performance. According to previous news, Vyper released a post-mortem analysis report on the vulnerability incident: On July 30, multiple Curve liquidity pools were attacked due to a potential vulnerability in the Vyper compiler. The vulnerability itself was an improperly implemented reentrancy protection, which affected Affected Vype versions are v0.2.15, v0.2.16, v0.3.0. The vulnerability has been fixed and tested in v0.3.1, and V0.3.1 and later versions are safe.

On September 7th, the Ethereum programming language Vyper released the v0.3.10 candidate version, adding a code size optimization mode, a new #pragma instruction specific to vyper, using Cancun's MCOPY opcode for code generated by some compilers, and generating Selector table now has O(1) performance. Jinse Finance previously reported that the Vyper compiler released a vulnerability event analysis report, and the vulnerability was fixed and tested in v0.3.1.

Odaily Planet Daily News DeFi protocol MetronomeDAO released a Curve attack event analysis report, stating that the recovered funds were injected into the new Curve msETH-WETH pool, which will be fully allocated to affected LPs as an effort to repair usage as much as possible a part of. Metronome continues to pursue the remaining outstanding funds. The team also supports restoration efforts led by Vyper and Curve. Specific instructions on how to reallocate these funds will be announced shortly.

Jinse Finance reported that MetronomeDAO released a post-event analysis report of the Curve attack, stating that the recovered funds were injected into the new Curve msETH-WETH pool, which will be fully allocated to affected LPers as part of efforts to repair usage as much as possible. part. Metronome continues to pursue the remaining outstanding funds. The team is also supporting the restoration efforts led by Vyper and Curve. Specific instructions on how to reallocate these funds will be announced soon.

Odaily Planet Daily News Smart contract security analysis project Certora's formal verification service Certora Prover has supported the Ethereum programming language Vyper, enabling smart contract developers to detect errors after deploying code and before auditing.

According to news on August 15, the formal verification service of the smart contract security analysis project Certora has supported the Ethereum programming language Vyper, enabling smart contract developers to detect errors before auditing after deploying code.

Jinse Finance reported that according to CertiK’s official Twitter release, the Vyper vulnerability caused another decentralized exchange to become a victim of the attack. It is reported that the attacker has gained about 14,000 US dollars.

Odaily Planet Daily News The DeFi lending agreement Sentiment announced on Twitter that it will close Sentiment V1 on August 22 (because its architecture expansion is not feasible), and Sentiment V2 is currently under development. Users will be able to withdraw funds even after the UI is not supported, the team said. The closure of Sentiment V1 will be carried out in 3 steps. From August 15th, the market will no longer accept new loans. Borrowers and lenders can repay and withdraw. After August 22nd, the web application can still be accessed, but core contributors will no longer be maintained. Prior to the news on July 31, Sentiment tweeted that in view of the vulnerabilities recently disclosed by the Curve and Vyper teams, the operation of the protocol was suspended as a risk prevention measure. It is reported that Sentiment was hacked in April, after which the hacker returned $880,000 and kept $96,000.

Odaily Planet Daily News The Ethereum programming language Vyper released a post-event analysis report on last week's vulnerability incident. On July 30, multiple Curve liquidity pools were attacked due to a potential vulnerability in the Vyper compiler. The vulnerability itself is an incorrectly implemented re-entry protection. The affected Vype versions are v0.2.15, v0.2.16, v0.3.0. The vulnerability has been fixed and tested in v0.3.1_V0.3.1 and later are safe. However, the impact on live contracts was not recognized at the time and downstream protocols were not notified. Vyper said that in the future, stricter two-way feedback using the Vyper protocol will be strengthened, and related bug bounty programs and competitions will be launched. Specific measures include: - Working with Codehawks to conduct a short competitive audit of the latest version of Vyper. - Working with Immunefi on a short and long-term bug bounty program for all versions of the Vyper compiler. - The Vyper Security Alliance, a coordinated multi-protocol bounty program to help discover compiler vulnerabilities in current and older versions that affect Vyper's protected real-time TVL. - Cooperate with various audit firms such as ChainSecurity, OtterSec, Statemind and Certora to review the old version of Vyper and continue to review the compiler in the future. - Expanded team size; including a dedicated Security Engineer position aimed at improving Vyper's security tools, both internal and user-facing. - Collaborate with existing security toolkits provided by Solidity, which will greatly benefit the Vyper ecosystem. - Design the language specification, which will facilitate formal verification and help test the working of the compiler itself.

According to PANews on August 6, the Ethereum compiler Vyper released an analysis report on last week's vulnerability incidents: Prior to July 30, due to potential vulnerabilities in the Vyper compiler, multiple Curve liquidity pools were exploited. While the bug was identified and patched, the impact on protocols using the vulnerable compiler was not recognized at the time, nor were they explicitly notified. The vulnerability itself is an improperly implemented reentrancy prevention, and the affected Vype versions are v0.2.15, v0.2.16, v0.3.0. Vulnerability fixed and tested in v0.3.1, v0.3.1 and later are safe. In the future, measures will be taken to improve the correctness of smart contracts compiled with Vyper. The first is to improve the testing of the compiler, including continuing to improve coverage, comparing compiler output with language specifications, and compiling with formal verification (FV) tools Verifier bytecode verification. The second is to provide developers with tools that allow them to more easily adopt a multi-faceted approach to testing their code, including testing at the source code and bytecode level. The third is to strengthen the stricter two-way feedback using the Vyper protocol.

On August 1, the DeFi lending market Archimedes tweeted that the Curve pool using the old version of the Vyper compiler was affected by a reentrant vulnerability, which affected two of Archimedes' v2 partners, AlchemixFi and MetronomeDAO, but there is no harm to Archimedes and users. Immediately, Archimedes is reevaluating launch strategies and weighing all options for a single liquidity pool strategy.

Odaily Planet Daily News The DeFi lending agreement Sentiment tweeted that in view of the vulnerabilities recently disclosed by the Curve and Vyper teams, the operation of the agreement was suspended as a risk prevention measure. According to previous reports, Sentiment was hacked in April, and the hacker returned $880,000 and kept $96,000.

Odaily Planet Daily News Lens Protocol founder Stani expressed his views on the Curve incident: "Although DeFi is open to everyone, it is very difficult and risky to build a resilient DeF. In the case of Curve, they have done a good job at the protocol level. Very good, but Vyper compilation problems lead to DeFi risks that will affect the entire system, including the underlying stack, EVM, etc. The damage of this incident is limited, and the Curve community can handle it. Many attacks were preemptively run, but the MEV robot also returned some to Curve Attack funds. The most important point is that DeFi gives the public the right to know, and is also vulnerable to incorrect information, such as the amount and affected agreements, which caused unnecessary panic.” Stani concluded by saying that the community needs to find the right way to share accurate information and reduce any unnecessary FUD.

(Retweet) Curve was initially sorted out by the attack, what impact will it bring? Earlier today, Vyper discovered that its version of the compiler did not correctly implement reentrancy locks. Malicious actors exploit re-entrancy attacks to repeatedly re-enter contracts, resulting in unauthorized operations or theft of funds. Subsequently, multiple protocols were attacked, and the funds used were initially estimated to be as high as 70 million U.S. dollars. Some of these funds are held by white hat hackers and MEV bots and may be recovered. In the Curve ecosystem, four capital pools were attacked, including the DeFi lending protocol Alchemix, the DeFi public product JPEG'd, and the DeFi synthetic asset Metronome. After the CRV/ETH pool was hacked, the liquidity of CRV on the chain became poor, resulting in price fluctuations on the chain. Although CRV suffered a tragic sell-off, hackers still benefited, and the wallet still holds 7 million CRV. Curve founder Michael Egorov has applied for a large number of loans against CRV on multiple lending agreements, among which Aave has applied for the most loans. If the CRV price reaches the liquidation threshold, the agreement will be forced to liquidate the CRV position. In order to avoid being liquidated at the time of sale, Michael Egorov has been making loan debt repayments, and the new liquidation threshold on his Aave has now been lowered to 0.37. Bad debts seem inevitable if their positions are liquidated, and lending protocols with bad debts have to dip into insurance funds, for example Aave will sell AAVE tokens aggregated by its security modules to cover any shortfall. Widespread volatility and unknowns have led many to suggest withdrawing liquidity on Curve. Aave's USDT pool utilization rate exceeded 50%, and the lending rate soared to 91%, which put tremendous pressure on Michael Egorov's position. If the interest rate does not drop, the position may be liquidated within a few days.

Odaily Planet Daily News Vyper contributor fubuloubu tweeted that compilers have not been reviewed and audited as the public imagined, and most compilers are undergoing major and frequent modifications. Even if there is a complete code base audit, it is impossible Easily outdated due to too many version updates. Ultimately it all points to a motivating problem, no one is going to look for critical bugs in compilers, especially past releases. The bounty can only be claimed if it affects users, so fubuloubu issued a proposal to suggest that the public raise an improvement bounty for Vyper to fix the bug.

On July 31, the DeFi protocol StaFi tweeted that the rETH pool on Curve does not depend on the Vyper version and is not affected. The rETH/ETH and rETH/frxETH pools are not affected by the Curve event. The fund pool is not dependent on the Vyper version, and user funds are safe.

Odaily Planet Daily News NFT lending platform BendDAO tweeted that all BendDAO contracts are compiled using the Ethereum compiler Solidity instead of Vyper. According to previous reports, the Ethereum programming language Vyper issued an announcement saying: Vyper versions 0.2.15, 0.2.16, and 0.3.0 have recursive lock vulnerabilities that fail. Investigations are ongoing, but any projects using these versions should contact us immediately.

Jinse Finance reported that BendDAO, an NFT lending platform, clarified on its official Twitter account that all its contracts are no longer compiled by Vyper, but compiled in the Ethereum compiler Solidity. The impact of the failure has cost approximately $10 million.

Babbitt News, on July 31, the Ethereum programming language Vyper tweeted that Vyper versions 0.2.15, 0.2.16, and 0.3.0 were affected by reentry lock failures, and the investigation is still ongoing.

Odaily Planet Daily News on-chain data shows that the address of the founder of Curve deposited 16 million CRV into Aave V2 more than 5 hours ago, which may be aimed at improving its loan health factor. According to previous reports, the alETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH pools on Curve were attacked due to recursive lock vulnerabilities that failed in some versions of Vyper (0.2.15, 0.2.16, and 0.3.0). Affected by the attack, the price drop of CRV may force the founder of Curve to liquidate the $70 million borrowing position on Aave.