The Curve Wars: Reentrancy Strikes Back
The world of DeFi was rocked last weekend as a "re-entrancy" bug in the Vyper programming language led to a chain of events that put over $100 million of crypto at risk.
The bug, nestled within older versions of the code in the Curve protocol, was exploited by quick-thinking hackers who flash-loaned approximately $62 million at the expense of liquidity providers (crypto whales). The resulting withdrawal of liquidity from Curve pools by major stakeholders led to a swift drop in the price of the CRV token. (see here for a technical explanation of how the exploit occurred.)
So heres where the REAL problem arises.
Several months ago, the Russian founder of Curve, Michael Egorov, took out a $100 million loan on AAVE to purchase a house in Melbourne, Australia. He used $280 million of CRV (at the time) as collateral for this loan. He also has another loan on Abracadabra collateralised with $51 million CRV, Fraxlend collateralised with $38 million of CRV tokens. With people dumping CRV tokens, Michael risks liquidation.
Have a look at Egorov's position here.
The crypto community is watching with bated breath as whales circle Egorov’s vulnerable position. Many see an opportunity in the crisis, aiming to bring down the price of the CRV token even more. On the other hand, Egorov is struggling to stabilize his position by refinancing the CRV token.
As the CRV token continues to dip, standing at $0.58 from $0.72 last week, Egorov risks liquidation if the price hits $0.38. Such an event could trigger a sell-off of over 300 million in CRV tokens, leading to a significant redistribution of wealth in the market.
Deal making & results
In a desperate bid to stave off this disaster, Egorov has raised over $15 million in stablecoins, selling CRV tokens at $0.4 OTC to players like Justin Sun, Machi Big Brother, and DWF Labs.
The money raised has been used to pay of his debt positions in Fraxlend (due to its Time Weighted Variable interest rate, the interest rate is doubling every 12 hours if nothing changes). But the situation remains precarious as the price of CRV continues to drop and interest rates on his loans increase.
Egorov's far from getting out of the woods yet as whales are still dumping CRV and interest rates on his loans from Frax are still going up. If the situation remains the same, He stands to lose his entire position in FRAX ($38 million CRV).
This crisis has generated a speculative opportunity for savvy investors, who could open long leverages after potential liquidations, aiming for profits around the $0.8 mark. The question now is, will it be the interest rates or liquidations that get Egorov first? Or will it be a two-stage blow, first from the interest rates followed by the liquidations?
This situation has been momentarily stabilized as significant parties, including Justin Sun who purchased $2.9 million of CRV from Egorov, swooped in.
Lessons learned
This incident underscores the risks associated with the use of leverage in DeFi, especially when collateralizing volatile assets. As we've seen with Egorov, holding significant leveraged positions opens up the potential for cascading liquidations. This is exacerbated by the volatility of crypto markets. It is a good reminder for all to be cautious and mindful of their exposure when participating in leveraged DeFi activities.
The value of governance tokens like CRV can be heavily affected by platform vulnerabilities and user sentiment. The rapid sell-off following the discovery of the bug shows how quickly token prices can fall, negatively impacting those who use them as collateral.
The incident also brings to light the significance of robust smart contract security. Even a single vulnerability can cause substantial damage and instability in the DeFi ecosystem.
The incident has raised crucial questions about the security and stability of the decentralized lending space. How can DeFi be seen as a viable alternative to traditional finance when a single breach can cause such profound disturbances?
The crypto industry and its observers wait with bated breath for the resolution of this tumultuous episode, even as they ponder these hard-hitting questions.
On a more positive note, the response to this crisis showcases the crypto-community's resilience and cooperative spirit. It emphasizes that DeFi is not just about individual financial gain but also about communal support and cooperation.