Convex Finance, a platform that increases rewards for those using the popular DeFi altcoin project Curve, has begun solving an issue that could lead to a $15 billion rug pull. Here are the details of the company’s statements regarding the vulnerability in the altcoin in question…
DeFi altcoin Convex Finance saw a $15 billion vulnerability
rug pull, which apparently meant legitimate crypto projects escaped with investor funds incident has been becoming a hot topic in the DeFi altcoin market over the past year. OpenZeppelin, a blockchain security company, discovered a critical vulnerability in the Coinbase security audit of the Convex Finance protocol. The company found that if two of the three Convex multisig wallet signers took a certain set of steps, they would have access to a pool of liquidity provider tokens. OpenZeppelin, which we follow closely as
Kriptokoin.com, details the steps in a post. Significant funds are already considered at risk, as DeFi altcoin Convex keeps most of Curve Finance’s CRV stablecoins in circulation. The vulnerability could have caused Convex’s anonymous developers to take control of Convex’s locked value of approximately $15 billion.
The company isn’t sure if the vulnerability was intentional
The vulnerability could only be exploited by Convex’s development team, or OpenZeppelin says it complicates the disclosure process. The crypto security firm said they are not entirely sure the issue was intentional, meaning that the developers may have been unaware of the vulnerability or intended to smuggle money. If the firm of the DeFi altcoin project were at fault, the consequences of warning people with rug pull power could have the potential to be disastrous.
Finally, OpenZeppelin said it is trying to ensure that the vulnerability is not exploited before announcing investment in the Convex team. They used Immunefi, the vulnerability bounty partner for the DeFi altcoin, as their intermediary. Since then, the bug has been tried to be fixed. While the vulnerability was never exploited, no money was wasted. Convex has released additional resources to address the multi-signature vulnerability in their public documents.