Protocol for decentralized finance (DeFi)Conic Finance announced on Friday that one of its Omnipools had been compromised by an exploit that allowed an attacker to take over 1,700 ether (ETH), which is worth more than $3.6 million at the current exchange rate.The attack’s primary cause, according to security company BlockSec, was price manipulation brought on by “read-only reentrancy.”Reentrancy is a widespread flaw that lets attackers fool a smart contract by repeatedly calling a protocol in order to take money.A call is a request to interact with a user’s wallet address from the smart contract address.
Users can now deposit tokens into Conic Finance’s Omnipools, a new product that increases payouts while diversifying exposure across the Curve ecosystem. Omnipools became live on March 1.Shortly after being live, the protocol garnered millions of dollars in investment, indicating tremendous demand for such a product.Each Omnipool distributes a single asset’s liquidity among various Curve pools.To increase the earning potential of Curve’s (CRV) incentives, all Curve liquidity provider (LP) tokens are staked on Convex.Both Conic (CNC), the native token of Conic, and Convex (CNX), another token in the Curve ecosystem, are rewarded.
Conic Finance’s engineers tweeted that they were still looking into the exploit’s underlying causes and consulting with the appropriate parties.The programmers also said that they had shut down the problematic pool that had allegedly enabled the hack.“We have disabled ETH Omnipool deposits on the Conic front end,” they stated.