Curve Finance 獎勵發現關鍵錯誤的研究人員 25 萬美元

Curve Finance 是一家領先的去中心化金融平台，最近獎勵了一位發現其係統中的關鍵漏洞的安全研究人員。該漏洞由 Kupia Security 的 Marco Croc 發現，駭客可以利用漏洞操縱餘額並從 Curve Finance 流動性池中提取資金。 Curve Finance 進行了徹底的調查，並為研究人員的貢獻授予了最高的錯誤賞金。

Curve Finance Rewards Researcher for Critical Vulnerability Discovery

Curve Finance 獎勵發現關鍵漏洞的研究人員

Jakarta, Indonesia - In a significant development, Curve Finance, a prominent decentralized finance (DeFi) platform, has bestowed a reward of 250 thousand US dollars (approximately IDR 4,063,750,000) to Marco Croc, a security researcher from Kupia Security. Croc's astute discovery of a critical vulnerability within Curve Finance's system has garnered widespread attention and underscored the importance of robust cybersecurity measures in the realm of decentralized finance.

印尼雅加達 - 著名的去中心化金融 (DeFi) 平台 Curve Finance 向 Kupia Security 的安全研究員 Marco Croc 頒發了 25 萬美元（約合 4,063,750,000 印尼盾）的獎勵，這是一項重大進展。 Croc 敏銳地發現了 Curve Finance 系統中的一個關鍵漏洞，引起了廣泛關注，並強調了去中心化金融領域強有力的網路安全措施的重要性。

Vulnerability Potential for Manipulation and Theft

操縱和盜竊的潛在漏洞

The reentrancy vulnerability unearthed by Marco Croc possesses the ability to empower malicious actors with the means to manipulate account balances and siphon funds from Curve Finance's liquidity pools. Such a scenario poses substantial risks to the platform's ecosystem, prompting Curve Finance to swiftly initiate a comprehensive investigation and extend the maximum bug bounty récompense to the researcher as a token of appreciation for their invaluable contribution.

Marco Croc 發現的重入漏洞能夠使惡意行為者能夠操縱帳戶餘額並從 Curve Finance 的流動性池中抽取資金。這種情況為平台的生態系統帶來了巨大的風險，促使 Curve Finance 迅速啟動全面調查，並向研究人員提供最大的錯誤賞金，以感謝他們的寶貴貢獻。

Importance of Responsible Hacking Ethics

負責任的駭客道德的重要性

While the vulnerability was not deemed to be of great severity, Curve Finance acknowledges that security incidents, regardless of their perceived magnitude, have the potential to generate apprehension among users. Consequently, the récompense serves as an incentive to foster responsible hacking ethics, thereby buttressing the defenses of the protocol against future exploitation attempts.

雖然該漏洞並不被認為非常嚴重，但 Curve Finance 承認，安全事件，無論其感知程度如何，都有可能引起用戶的擔憂。因此，補償可以激勵培養負責任的駭客道德，從而支持協議防禦未來的利用嘗試。

Post-Attack Recovery Efforts

攻擊後恢復工作

This récompense is an integral aspect of Curve Finance's recovery strategy following a US$ 62 million attack in July. In an effort to restore the trust and assets of liquidity providers, the protocol recently conducted a vote to replace US$ 49.2 million (approximately IDR 799,644,000,0001) of lost assets. The proposal was overwhelmingly supported by 94% of Curve DAO (CRV) token holders, encompassing losses incurred across various pools, including JPEGd (JPEG), Alchemix (ALCX), and Metronome (MET).

此次補償是 Curve Finance 在 7 月遭受 6,200 萬美元攻擊後恢復戰略的一個組成部分。為了恢復流動性提供者的信任和資產，該協議最近進行了投票，以替換 4,920 萬美元（約 799,644,000,0001 印尼盾）的損失資產。該提案得到了 94% 的 Curve DAO (CRV) 代幣持有者的壓倒性支持，涵蓋了 JPEGd (JPEG)、Alchemix (ALCX) 和 Metronome (MET) 等各個礦池產生的損失。

Replacement Plan Details

更換計劃詳情

The replacement plan outlines the utilization of CRV tokens from community funds, coupled with the inclusion of tokens successfully recovered since the incident. Consequently, the final distribution will entail the disbursement of 55,544,782.73 CRV, with the computed amount of Ethereum (ETH) and CRV to be retrieved being 5,919.2226 ETH and 34,733,171.51 CRV, respectively.

替換計劃概述了社區資金中 CRV 代幣的使用，以及事件發生後成功恢復的代幣。因此，最終分配將需要支付 55,544,782.73 CRV，計算得出的以太坊 (ETH) 和要收回的 CRV 數量分別為 5,919.2226 ETH 和 34,733,171.51 CRV。

Technical Details of Vulnerability

漏洞的技術細節

As reported by Cryptonews, the vulnerability exploited by the perpetrators specifically targeted the liquidity pool mechanism designed to maintain stability. The vulnerability was found to be present in specific versions of the Vyper programming language (0.2.15, 0.2.16, and 0.3.0), enabling unauthorized withdrawal of funds through reentrancy attacks.

根據 Cryptonews 報告，攻擊者利用的漏洞專門針對旨在維持穩定的流動性池機制。該漏洞被發現存在於特定版本的 Vyper 程式語言（0.2.15、0.2.16 和 0.3.0）中，可透過重入攻擊實現未經授權的資金提取。

Conclusion

結論

The discovery of this vulnerability and the subsequent reward to the responsible researcher underscore the criticality of cybersecurity measures in the burgeoning DeFi ecosystem. Curve Finance's commitment to responsible hacking ethics and proactive incident response serves as a testament to the importance of collaboration between security researchers and organizations in safeguarding the interests of users and maintaining the integrity of decentralized finance platforms.

該漏洞的發現以及隨後對負責研究人員的獎勵強調了網路安全措施在新興 DeFi 生態系統中的重要性。 Curve Finance 對負責任的駭客道德和主動事件回應的承諾證明了安全研究人員和組織之間合作在維護使用者利益和維護去中心化金融平台完整性方面的重要性。