In a chilling demonstration of the vulnerabilities inherent in our digital age, Conic Finance, a prominent decentralized finance (DeFi) protocol, announced last Friday that it has been exploited, resulting in the loss of a whopping 1,700 ether (ETH), valued at a staggering $3.6 million dollars. This unfortunate event underscored the challenges the protocol faces in its ambitious endeavor to diversify exposure across the Curve ecosystem while enhancing rewards. The wakeup call also brought to light the hidden dangers that come with the rapidly growing demand for such products.
The attack affected one of Conic Finance’s innovative new products, Omnipools, casting a gloom over its future prospects. While these pools attracted millions of dollars of capital soon after their launch on March 1, a recent security breech has the industry questioning the security measures safeguarding these funds.
Leading security firm, BlockSec, attributed the root cause of the attack to manipulation of prices through a method known as “read-only reentrancy.” This strategy is a pesky bug that permits attackers to outsmart a smart contract by placing repeated calls to a protocol to abscond assets. A call here should be understood as an authorization that sanctions a smart contract address to engage with a user’s wallet address.
Omnipools function by allocating the liquidity of a single asset into different Curve pools, giving shape to a network of earnings involving tokens like Curve (CRV), Convex (CNX), and Conic’s native token Conic (CNC).
Meanwhile, Conic’s developers fervently continue their quest to fully understand the exploit, engaging with relevant parties and identifying the need for heightened security measures. Responding swiftly to the attack, they shut down the fault-prone pool that offered the loophole for it.
In an announcement, they stated, “We have disabled ETH Omnipool deposits on the Conic front end.” This precautionary measure is viewed by many as part of the broader ongoing conscientious effort to prevent similar incidents in the future. Yet, it has understandably sparked discussions about the balance between the opportunities and the risks that come with embracing new blockchain technologies and their applications.
Source: Coindesk