Curve Finance Vyper Reentrancy

On July 30, 2023, multiple Curve Finance stable-coin pools were drained by reentrancy attacks for a combined ~$73M. The bug was not in Curve's Solidity-equivalent logic — it was in the Vyper compiler itself.

What happened

Three Vyper releases (0.2.15, 0.2.16, 0.3.0) implemented the @nonreentrant decorator using a malformed lock that did not actually prevent reentry on certain code paths. Several Curve pools — including alETH/ETH, msETH/ETH, pETH/ETH and the CRV/ETH pool — had been deployed using these compiler versions and were therefore vulnerable to the canonical reentrancy attack from 2016.

The attacker called remove_liquidity mid-swap, which triggered an ETH transfer to a controlled contract that re-entered the pool before storage was updated, allowing repeated withdrawals beyond the attacker's actual share.

Aftermath

• Vyper published patched versions and a clear advisory listing affected releases.
• A coalition of white-hat MEV searchers ("c0ffeebabe.eth") front-ran ~$5.4M of the exploit and returned it to Curve.
• Several portions of the loss were recovered through negotiation; the rest remains outstanding.
• Audit firms now routinely include compiler-version checks in their checklists for Vyper deployments.

Why it matters

Curve is one of the most heavily audited protocols in DeFi. The attack underscored that audits of the contract itself cannot guarantee safety if the compiler that produces the bytecode has bugs. Reproducible builds and compiler-version transparency have since become standard practice.