Convex Finance Forced to Redeploy Smart Contract Due to Vulnerability
Convex Finance was forced to unlock its vote locked CVX tokens after getting to know of a bug in the smart contract. According to the team, this was a non-critical bug that didn’t affect users’ funds in any way.
The bug in question made it possible for “expired locks to relock directly to a new address, which, in turn, enabled them to claim more cvxCRV rewards than they had earned.”
Convex Finance vulnerability was discovered by Popcorn, a yield generator that also funds social impact projects. In return, it’ll get bounty rewards.
The bug in its vICVX reward system meant the contract had to be redeployed and all tokens unlocked. Users who vote locked their CVX tokens will have to withdraw and relook them in the new contract to continue enjoying the rewards.
According to the team, it couldn’t just patch the bug due to its smart contracts’ “immutable and non-upgradeable” nature. Hence, the decision to abandon the contract and create a new one.
Convex Finance protocol allows users to earn more rewards from the automated market maker, Curve. However, it is not the only protocol offering this service.
There are several protocols competing for veCRV, the governance token of the Curve platform. This has made Curve the decentralized platform with most TVL.
Using a unique mechanism where it issues cvxCRV tokens after locking CRV, Convex makes it possible for users to retain liquidity. This has made it one of the best performing protocols in the Curve wars. Its TVL is over $12 billion presently.
Vote locked tokens allow CVX holders to participate in the protocol’s governance and earn rewards.
The decision to redeploy had an effect on the CVX token, as it fell by over 10% in the last 24 hours. This is because users will now have to relock their tokens for at least 16 weeks before earning rewards.
However, many of the users have already relocked their tokens. Large holders are also adding their positions, meaning the tokens could recover quickly again. The vulnerability of smart contracts continues to be a major issue for DeFi whose TVL is now worth well over $200 billion.
What do you think about this subject? Write to us and tell us!
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.