Decentralized finance (DeFi) protocols are undergoing a stress test following a critical vulnerability was found on versions of Vyper programming language, resulting in the theft of millions of dollars' worth of cryptocurrencies on July 30.
A number of pools using Vyper 0.2.15, 0.2.16 and 0.3.0 have been exploited due to a malfunctioning reentrancy lock, targeting at least four liquidity pools on Curve Finance protocol. "The short answer is that everything that could be drained was drained. The targeted pools are aETH/ETH, msETH/ETH, pETH/ETH and CRV/ETH. All remaining pools are safe and unaffected by the bug," Curve Finance said on Discord.