Curve Finance 奖励发现关键错误的研究人员 25 万美元

Curve Finance 是一家领先的去中心化金融平台，最近奖励了一位发现其系统中的关键漏洞的安全研究人员。该漏洞由 Kupia Security 的 Marco Croc 发现，黑客可以利用该漏洞操纵余额并从 Curve Finance 流动性池中提取资金。 Curve Finance 进行了彻底的调查，并为研究人员的贡献授予了最高的错误赏金。

Curve Finance Rewards Researcher for Critical Vulnerability Discovery

Curve Finance 奖励发现关键漏洞的研究人员

Jakarta, Indonesia - In a significant development, Curve Finance, a prominent decentralized finance (DeFi) platform, has bestowed a reward of 250 thousand US dollars (approximately IDR 4,063,750,000) to Marco Croc, a security researcher from Kupia Security. Croc's astute discovery of a critical vulnerability within Curve Finance's system has garnered widespread attention and underscored the importance of robust cybersecurity measures in the realm of decentralized finance.

印度尼西亚雅加达 - 著名的去中心化金融 (DeFi) 平台 Curve Finance 向 Kupia Security 的安全研究员 Marco Croc 颁发了 25 万美元（约合 4,063,750,000 印尼盾）的奖励，这是一项重大进展。 Croc 敏锐地发现了 Curve Finance 系统中的一个关键漏洞，引起了广泛关注，并强调了去中心化金融领域强有力的网络安全措施的重要性。

Vulnerability Potential for Manipulation and Theft

操纵和盗窃的潜在漏洞

The reentrancy vulnerability unearthed by Marco Croc possesses the ability to empower malicious actors with the means to manipulate account balances and siphon funds from Curve Finance's liquidity pools. Such a scenario poses substantial risks to the platform's ecosystem, prompting Curve Finance to swiftly initiate a comprehensive investigation and extend the maximum bug bounty récompense to the researcher as a token of appreciation for their invaluable contribution.

Marco Croc 发现的重入漏洞能够使恶意行为者能够操纵账户余额并从 Curve Finance 的流动性池中抽取资金。这种情况给平台的生态系统带来了巨大的风险，促使 Curve Finance 迅速启动全面调查，并向研究人员提供最大的错误赏金，以感谢他们的宝贵贡献。

Importance of Responsible Hacking Ethics

负责任的黑客道德的重要性

While the vulnerability was not deemed to be of great severity, Curve Finance acknowledges that security incidents, regardless of their perceived magnitude, have the potential to generate apprehension among users. Consequently, the récompense serves as an incentive to foster responsible hacking ethics, thereby buttressing the defenses of the protocol against future exploitation attempts.

虽然该漏洞并不被认为非常严重，但 Curve Finance 承认，安全事件，无论其感知程度如何，都有可能引起用户的担忧。因此，补偿可以激励培养负责任的黑客道德，从而支持协议防御未来的利用尝试。

Post-Attack Recovery Efforts

攻击后恢复工作

This récompense is an integral aspect of Curve Finance's recovery strategy following a US$ 62 million attack in July. In an effort to restore the trust and assets of liquidity providers, the protocol recently conducted a vote to replace US$ 49.2 million (approximately IDR 799,644,000,0001) of lost assets. The proposal was overwhelmingly supported by 94% of Curve DAO (CRV) token holders, encompassing losses incurred across various pools, including JPEGd (JPEG), Alchemix (ALCX), and Metronome (MET).

此次补偿是 Curve Finance 在 7 月份遭受 6200 万美元攻击后恢复战略的一个组成部分。为了恢复流动性提供者的信任和资产，该协议最近进行了投票，以替换 4920 万美元（约 799,644,000,0001 印尼盾）的损失资产。该提案得到了 94% 的 Curve DAO (CRV) 代币持有者的压倒性支持，涵盖了 JPEGd (JPEG)、Alchemix (ALCX) 和 Metronome (MET) 等各个矿池产生的损失。

Replacement Plan Details

更换计划详情

The replacement plan outlines the utilization of CRV tokens from community funds, coupled with the inclusion of tokens successfully recovered since the incident. Consequently, the final distribution will entail the disbursement of 55,544,782.73 CRV, with the computed amount of Ethereum (ETH) and CRV to be retrieved being 5,919.2226 ETH and 34,733,171.51 CRV, respectively.

替换计划概述了社区资金中 CRV 代币的使用，以及事件发生后成功恢复的代币。因此，最终分配将需要支付 55,544,782.73 CRV，计算得出的以太坊 (ETH) 和要收回的 CRV 数量分别为 5,919.2226 ETH 和 34,733,171.51 CRV。

Technical Details of Vulnerability

漏洞的技术细节

As reported by Cryptonews, the vulnerability exploited by the perpetrators specifically targeted the liquidity pool mechanism designed to maintain stability. The vulnerability was found to be present in specific versions of the Vyper programming language (0.2.15, 0.2.16, and 0.3.0), enabling unauthorized withdrawal of funds through reentrancy attacks.

据 Cryptonews 报道，攻击者利用的漏洞专门针对旨在维持稳定的流动性池机制。该漏洞被发现存在于特定版本的 Vyper 编程语言（0.2.15、0.2.16 和 0.3.0）中，可通过重入攻击实现未经授权的资金提取。

Conclusion

结论

The discovery of this vulnerability and the subsequent reward to the responsible researcher underscore the criticality of cybersecurity measures in the burgeoning DeFi ecosystem. Curve Finance's commitment to responsible hacking ethics and proactive incident response serves as a testament to the importance of collaboration between security researchers and organizations in safeguarding the interests of users and maintaining the integrity of decentralized finance platforms.

该漏洞的发现以及随后对负责研究人员的奖励强调了网络安全措施在新兴 DeFi 生态系统中的重要性。 Curve Finance 对负责任的黑客道德和主动事件响应的承诺证明了安全研究人员和组织之间合作在维护用户利益和维护去中心化金融平台完整性方面的重要性。