Convex Finance, a platform that increases rewards for those who use the popular altcoin project DeFi Curve, has begun to solve a problem that could lead to a $15 billion carpet pull. Here are the details of the company’s statements regarding the vulnerability in the altcoin in question.
Altcoin DeFi Convex Finance has discovered a $15 Billion Vulnerability
The event, which apparently meant that legitimate crypto projects were running away with investors’ funds, was a hot topic in the DeFi altcoin market last year. OpenZeppelin, a blockchain security company, discovered a critical vulnerability during the Coinbase security audit of the Convex Finance protocol. The company found that if two of the three signatories of the multi-signature Convex wallet take a certain set of steps, they will gain access to the pool of tokens of liquidity providers.
OpenZeppelin, which we follow closely as Somanews, describes the steps in detail in the post. Significant funds are already considered at risk, since the DeFi Convex altcoin supports most of the Curve Finance CRV stablecoins in circulation. The vulnerability could have led to anonymous Convex developers gaining control of the blocked value of the Convex of about $15 billion.
The company is not sure if the vulnerability was intentional
The vulnerability can only be exploited by the Convex development team, or OpenZeppelin claims that this complicates the disclosure process. The cryptocurrency security firm said they were not entirely sure the problem was intentional, meaning the developers may not have been aware of the vulnerability or intended to smuggle the money. If the firm of the altcoin project DeFi was to blame, the consequences of warning people with the strength of the pull to the carpet could be catastrophic.
Finally, OpenZeppelin stated that it was trying to prevent the vulnerability from being exploited before announcing an investment in the Convex team. They used Immunefi, a partner in finding vulnerabilities for the altcoin DeFi, as their intermediary. Since then, they have been trying to fix the bug. Although the vulnerability was never exploited, the money was not wasted. Convex has released additional resources to address the vulnerability with multiple signatures in its publicly available documents.