{"id":4308,"date":"2023-08-04T20:22:08","date_gmt":"2023-08-04T20:22:08","guid":{"rendered":"https:\/\/de.fi\/blog\/?p=4308"},"modified":"2023-09-06T04:24:38","modified_gmt":"2023-09-06T04:24:38","slug":"vyper-reentrancy-vulnerability-lessons-exploit","status":"publish","type":"post","link":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit","title":{"rendered":"Vyper Reentrancy Vulnerability: Unraveling the Impact of a High-Stakes Exploit"},"content":{"rendered":"\n<p>Recently, the world of decentralized finance (DeFi) was shaken by a significant security loophole discovered in <a href=\"https:\/\/docs.vyperlang.org\/en\/stable\/\">Vyper<\/a>, a common smart contract programming language. This problem led to a severe security breach on July 30, where cybercriminals made off with millions of dollars worth of cryptocurrencies.<\/p>\n\n\n\n<p><blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">PSA: Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks. The investigation is ongoing but any project relying on these versions should immediately reach out to us.<\/p>\u2014 Vyper (@vyperlang) <a href=\"https:\/\/twitter.com\/vyperlang\/status\/1685692973051498497?ref_src=twsrc%5Etfw\">July 30, 2023<\/a><\/blockquote> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n\n\n\n<p>For those who may not know, smart contracts are digital contracts used in blockchain technology, and Vyper is a programming language designed specifically for these smart contracts on the Ethereum Virtual Machine (EVM). Being Python-like, Vyper is quite user-friendly and straightforward, often used by developers familiar with Python language.<\/p>\n\n\n\n<p>The incident that happened is significant as it exposes the potential vulnerabilities even in secure systems, reminding us of the constant need for enhanced safety measures in the rapidly growing world of <a href=\"https:\/\/de.fi\/\">DeFi<\/a>. The consequences of this exploit serve as a wake-up call for the DeFi community and highlight the need for stricter security protocols.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Understanding Vyper: A Powerful Tool in DeFi Infrastructure<\/h2>\n\n\n\n<p>At the heart of this incident is Vyper, a contract-oriented programming language engineered for the Ethereum Virtual Machine (EVM). As a Python-like language, Vyper shares notable similarities with Python, making it an approachable choice for developers familiar with this popular language and venturing into the web3 space.<\/p>\n\n\n\n<p>The key objective for Vyper was the aspiration to rectify security loopholes and enhance smart contract development. In a bid to this end, it <a href=\"https:\/\/docs.vyperlang.org\/en\/stable\/#principles-and-goals\">emphasizes simplicity and readability in its syntax<\/a>, which is poised to mitigate the risk of errors and potential vulnerabilities. <\/p>\n\n\n\n<p>By virtue of its user-friendly nature and the seamless execution it offers on the EVM, Vyper has cemented its place as a trustworthy language for crafting secure, auditable smart contracts within the proliferating world of DeFi. Some of the most trusted projects using Vyper include YFI, Curve, and Alchemix.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Anatomy of the Vyper Exploit<\/h2>\n\n\n\n<p>The security breach that occurred took advantage of a specific vulnerability in the Vyper language, which became a high-risk factor for DeFi protocols leveraging the affected versions. The exploit was orchestrated through a type of vulnerability called a reentrancy attack made possible by a bug within the Vyper compiler.<\/p>\n\n\n\n<p>A reentrancy attack takes place when an external call to another contract is made before the first call is resolved, thereby allowing the attacker to reenter the first function and exploit the incomplete state change.<\/p>\n\n\n\n<p>While many projects were safe due to the fact they did not use specific versions of Vyper that were vulnerable to the attack, others were not as lucky. The malicious actor leveraged the reentrancy attack to exploit multiple liquidity pools on the Curve Finance protocol. The pools targeted were aETH\/ETH, msETH\/ETH, pETH\/ETH, and CRV\/ETH, leading to significant capital drains. <\/p>\n\n\n\n<p><blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">As a result of an issue in Vyper compiler in versions 0.2.15-0.3.0, following pools were hacked:<br><br>crv\/eth<br>aleth\/eth<br>mseth\/eth<br>peth\/eth<br><br>Another pool potentially affected is arbitrum\u2019s tricrypto. Auditors and Vyper devs could not find a profitable exploit, but please exit that one<\/p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1685925429041917952?ref_src=twsrc%5Etfw\">July 31, 2023<\/a><\/blockquote> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n\n\n\n<p>This event evoked concerns within the DeFi community, given the potential risk of similar attacks on all pools containing Wrapped Ether (WETH). Here at De.Fi we jumped into action posting updates as information flowed in via our <a href=\"https:\/\/twitter.com\/DeDotFiSecurity\">De.Fi Security account<\/a>:<\/p>\n\n\n\n<p><blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">\ud83d\udea8 JUST IN: <a href=\"https:\/\/twitter.com\/CurveFinance?ref_src=twsrc%5Etfw\">@CurveFinance<\/a> LP was Exploited<br><br>~$19M was lost due to the hack of CRV\/ETH LP<br><br>Stolen assets:<br>\u2022 7680 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$ETH<\/a><br>\u2022 7,2M <a href=\"https:\/\/twitter.com\/search?q=%24CRV&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$CRV<\/a><br><br>Eventually, <a href=\"https:\/\/twitter.com\/search?q=%24CRV&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$CRV<\/a> dropped 82% in price<a href=\"https:\/\/t.co\/Pq8P2rIWi6\">https:\/\/t.co\/Pq8P2rIWi6<\/a> <a href=\"https:\/\/t.co\/oTRzgED7CR\">pic.twitter.com\/oTRzgED7CR<\/a><\/p>\u2014 De.Fi \ud83d\udee1\ufe0f Web3 Antivirus (@DeDotFiSecurity) <a href=\"https:\/\/twitter.com\/DeDotFiSecurity\/status\/1685738804093583361?ref_src=twsrc%5Etfw\">July 30, 2023<\/a><\/blockquote> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Consequences for DeFi Projects<\/h2>\n\n\n\n<p>The aftermath of the attack had profound implications for numerous DeFi projects. Alchemix&#8217;s alETH-ETH pool was stripped of a staggering $13.6 million. The pETH-ETH pool belonging to PEGd lost $11.4 million, and Metronome&#8217;s sETH-ETH pool was also hacked, leading to a loss of $1.6 million. Furthermore, over 32 million Curve DAO (CRV) tokens, equivalent to over $22 million, were illicitly drained.&nbsp;<\/p>\n\n\n\n<p>Ellipsis, a decentralized exchange, reported that several stable pools with BNB had been compromised using the faulty Vyper compiler. These alarming developments triggered a wave of instability in the market, with CRV&#8217;s price experiencing a sharp 12% decline.<\/p>\n\n\n\n<p>The Vyper exploit has cast a spotlight on the less-talked-about world of smart contract programming and highlights the perpetual need for enhanced security measures in the DeFi ecosystem. It underscores the stark reality of the risks associated with smart contract programming languages, making it clear that continuous updating, auditing, and patching are crucial to protecting the integrity of DeFi protocols.<\/p>\n\n\n\n<p>In a postmortem whitehat rescue effort participant and OtterSec founder <a href=\"https:\/\/osec.io\/blog\/2023-08-01-vyper-timeline#user-content-fnref-1\">Robert Chen wrote<\/a>:<\/p>\n\n\n\n<p><em>&#8220;This bug could have been caught with a unit test. Formal verification is very useful for many bug classes, but I&#8217;m not convinced it&#8217;s as useful for relatively simple, non-optimizing compilers.<br><br>It&#8217;s important to note that this bug was <a href=\"https:\/\/twitter.com\/real_philogy\/status\/1685948253139857409\">patched since November 2021<\/a>.<\/em><\/p>\n\n\n\n<p><blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">I think this Vyper 0day is less about the skill of the Vyper team or the language itself but more about *processes*.<br><br>The bug was a fixed many versions of Vyper ago, the actual oversight was not realizing the potential impact to projects at the time it *was* fixed.<\/p>\u2014 philogy (@real_philogy) <a href=\"https:\/\/twitter.com\/real_philogy\/status\/1685948253139857409?ref_src=twsrc%5Etfw\">July 31, 2023<\/a><\/blockquote> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n\n\n\n<p><em>Unfortunately, public goods get easily forgotten. With immutable contracts, projects can have implicit dependencies on code written years ago. Protocol developers and security experts should stay up to date on security developments across the entire execution stack.&#8221;<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Aftermath: Returning Funds and Future Safeguards<\/h2>\n\n\n\n<p>While the attack resulted in colossal financial losses, some funds were successfully recovered and returned. Over $6.8 million has been returned so far, offering some relief to the beleaguered DeFi community. Negotiations are also currently underway with the exploiter to incentivize the return of more funds:<\/p>\n\n\n\n<p><blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">Dear hacker, you&#8217;ve got an incoming message<a href=\"https:\/\/t.co\/ZKJjrO65PX\">https:\/\/t.co\/ZKJjrO65PX<\/a><\/p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1687180381714358272?ref_src=twsrc%5Etfw\">August 3, 2023<\/a><\/blockquote> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n\n\n\n<p>Nonetheless, this event has undoubtedly brought to the fore the critical importance of implementing robust security measures in the DeFi space. The harsh lesson is that there is a necessity for comprehensive stress testing and continuous auditing. With the DeFi sphere rapidly evolving, developers and protocols must remain vigilant against looming vulnerabilities. Collaboration on best practices, timely updates, implementation of security patches, and an understanding of the industry&#8217;s <a href=\"https:\/\/de.fi\/rekt-database\">history of hacks<\/a> are non-negotiable elements in maintaining the integrity of DeFi protocols.<\/p>\n\n\n\n<p>Luckily it appears that these lessons are being taken to heart. Developers within the community are already at work to harden the Vyper ecosystem against future attacks:<\/p>\n\n\n\n<p><blockquote class=\"twitter-tweet\"><p lang=\"en\" dir=\"ltr\">Man, the vyper chats are absolutely popping off right now with ideas on how to improve things, so an issue like this never happens again<br><br>I would not be short vyper right now (if that was a thing you could do)<br><br>Postmortem coming soon\u2122<\/p>\u2014 se\u00f1or doggo \ud83c\udff4\ud83c\udff4\u200d\u2620\ufe0f in his wartime ceo era (@fubuloubu) <a href=\"https:\/\/twitter.com\/fubuloubu\/status\/1686415446445117442?ref_src=twsrc%5Etfw\">August 1, 2023<\/a><\/blockquote> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Staying Safe With De.Fi<\/h2>\n\n\n\n<p>In closing, the Vyper exploit reveals the grim reality of cyber threats, particularly in the realm of smart contract programming languages. The impact of this exploit serves as a stark reminder that effective security measures and incessant vigilance are paramount for the continued growth and resilience of the DeFi industry.<\/p>\n\n\n\n<p>Here at De.Fi, we&#8217;re proud to offer a variety of free tools to users of our DeFi dashboard to help keep their funds safe. Our <a href=\"https:\/\/de.fi\/scanner\">free smart contract auditor<\/a> and <a href=\"https:\/\/de.fi\/shield\">wallet permissions revoke tool<\/a> are essential products that ensure users can spot vulnerabilities quickly and easily. For projects that are interested in boosting security, we also offer <a href=\"https:\/\/de.fi\/request-audit\">smart contract audit services<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, the world of decentralized finance (DeFi) was shaken by a significant security loophole discovered in Vyper, a common smart contract programming language.<\/p>\n","protected":false},"author":2,"featured_media":4309,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[16],"class_list":["post-4308","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-defi-security","tag-crypto-scam-reports"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vyper Reentrancy Vulnerability: Exploit Review + Takeaways<\/title>\n<meta name=\"description\" content=\"DeFi was shaken by a security loophole discovered in the Vyper programming language. \u2713 Learn more about the Vyper Reentrancy Vulnerability with De.Fi.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vyper Reentrancy Vulnerability: Exploit Review + Takeaways\" \/>\n<meta property=\"og:description\" content=\"DeFi was shaken by a security loophole discovered in the Vyper programming language. \u2713 Learn more about the Vyper Reentrancy Vulnerability with De.Fi.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit\" \/>\n<meta property=\"og:site_name\" content=\"De.Fi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-04T20:22:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-06T04:24:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/de.fi\/blog\/wp-content\/uploads\/2023\/08\/Vyper-Exploit_-How-it-Worked.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1008\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"De.Fi Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dedotfi\" \/>\n<meta name=\"twitter:site\" content=\"@dedotfi\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"De.Fi Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit#article\",\"isPartOf\":{\"@id\":\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit\"},\"author\":{\"name\":\"De.Fi Security\",\"@id\":\"https:\/\/de.fi\/blog\/#\/schema\/person\/bc7c94cb5e037c8978c6059885825591\"},\"headline\":\"Vyper Reentrancy Vulnerability: Unraveling the Impact of a High-Stakes Exploit\",\"datePublished\":\"2023-08-04T20:22:08+00:00\",\"dateModified\":\"2023-09-06T04:24:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit\"},\"wordCount\":1279,\"publisher\":{\"@id\":\"https:\/\/de.fi\/blog\/#organization\"},\"keywords\":[\"Crypto Scam Reports\"],\"articleSection\":[\"De.Fi Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit\",\"url\":\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit\",\"name\":\"Vyper Reentrancy Vulnerability: Exploit Review + Takeaways\",\"isPartOf\":{\"@id\":\"https:\/\/de.fi\/blog\/#website\"},\"datePublished\":\"2023-08-04T20:22:08+00:00\",\"dateModified\":\"2023-09-06T04:24:38+00:00\",\"description\":\"DeFi was shaken by a security loophole discovered in the Vyper programming language. \u2713 Learn more about the Vyper Reentrancy Vulnerability with De.Fi.\",\"breadcrumb\":{\"@id\":\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/de.fi\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vyper Reentrancy Vulnerability: Unraveling the Impact of a High-Stakes Exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/de.fi\/blog\/#website\",\"url\":\"https:\/\/de.fi\/blog\/\",\"name\":\"De.Fi Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/de.fi\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/de.fi\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/de.fi\/blog\/#organization\",\"name\":\"De.Fi\",\"url\":\"https:\/\/de.fi\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/de.fi\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/de.fi\/blog\/wp-content\/uploads\/2023\/06\/spaces_XOyvZ43P03BZ8mN6KNWT_icon_1hV2Waqet2YS2jtkV0f3_Logo.webp\",\"contentUrl\":\"https:\/\/de.fi\/blog\/wp-content\/uploads\/2023\/06\/spaces_XOyvZ43P03BZ8mN6KNWT_icon_1hV2Waqet2YS2jtkV0f3_Logo.webp\",\"width\":223,\"height\":234,\"caption\":\"De.Fi\"},\"image\":{\"@id\":\"https:\/\/de.fi\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/dedotfi\",\"https:\/\/t.me\/dedotfi\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/de.fi\/blog\/#\/schema\/person\/bc7c94cb5e037c8978c6059885825591\",\"name\":\"De.Fi Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/de.fi\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f2f941b8d00bf81e01f135977bd5284977931ec40bfd2c06000150d2a6d661d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f2f941b8d00bf81e01f135977bd5284977931ec40bfd2c06000150d2a6d661d?s=96&d=mm&r=g\",\"caption\":\"De.Fi Security\"},\"url\":\"https:\/\/de.fi\/blog\/author\/defisecurity\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vyper Reentrancy Vulnerability: Exploit Review + Takeaways","description":"DeFi was shaken by a security loophole discovered in the Vyper programming language. \u2713 Learn more about the Vyper Reentrancy Vulnerability with De.Fi.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit","og_locale":"en_US","og_type":"article","og_title":"Vyper Reentrancy Vulnerability: Exploit Review + Takeaways","og_description":"DeFi was shaken by a security loophole discovered in the Vyper programming language. \u2713 Learn more about the Vyper Reentrancy Vulnerability with De.Fi.","og_url":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit","og_site_name":"De.Fi Blog","article_published_time":"2023-08-04T20:22:08+00:00","article_modified_time":"2023-09-06T04:24:38+00:00","og_image":[{"width":1920,"height":1008,"url":"https:\/\/de.fi\/blog\/wp-content\/uploads\/2023\/08\/Vyper-Exploit_-How-it-Worked.png","type":"image\/png"}],"author":"De.Fi Security","twitter_card":"summary_large_image","twitter_creator":"@dedotfi","twitter_site":"@dedotfi","twitter_misc":{"Written by":"De.Fi Security","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit#article","isPartOf":{"@id":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit"},"author":{"name":"De.Fi Security","@id":"https:\/\/de.fi\/blog\/#\/schema\/person\/bc7c94cb5e037c8978c6059885825591"},"headline":"Vyper Reentrancy Vulnerability: Unraveling the Impact of a High-Stakes Exploit","datePublished":"2023-08-04T20:22:08+00:00","dateModified":"2023-09-06T04:24:38+00:00","mainEntityOfPage":{"@id":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit"},"wordCount":1279,"publisher":{"@id":"https:\/\/de.fi\/blog\/#organization"},"keywords":["Crypto Scam Reports"],"articleSection":["De.Fi Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit","url":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit","name":"Vyper Reentrancy Vulnerability: Exploit Review + Takeaways","isPartOf":{"@id":"https:\/\/de.fi\/blog\/#website"},"datePublished":"2023-08-04T20:22:08+00:00","dateModified":"2023-09-06T04:24:38+00:00","description":"DeFi was shaken by a security loophole discovered in the Vyper programming language. \u2713 Learn more about the Vyper Reentrancy Vulnerability with De.Fi.","breadcrumb":{"@id":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/de.fi\/blog\/vyper-reentrancy-vulnerability-lessons-exploit#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/de.fi\/blog\/"},{"@type":"ListItem","position":2,"name":"Vyper Reentrancy Vulnerability: Unraveling the Impact of a High-Stakes Exploit"}]},{"@type":"WebSite","@id":"https:\/\/de.fi\/blog\/#website","url":"https:\/\/de.fi\/blog\/","name":"De.Fi Blog","description":"","publisher":{"@id":"https:\/\/de.fi\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/de.fi\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/de.fi\/blog\/#organization","name":"De.Fi","url":"https:\/\/de.fi\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/de.fi\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/de.fi\/blog\/wp-content\/uploads\/2023\/06\/spaces_XOyvZ43P03BZ8mN6KNWT_icon_1hV2Waqet2YS2jtkV0f3_Logo.webp","contentUrl":"https:\/\/de.fi\/blog\/wp-content\/uploads\/2023\/06\/spaces_XOyvZ43P03BZ8mN6KNWT_icon_1hV2Waqet2YS2jtkV0f3_Logo.webp","width":223,"height":234,"caption":"De.Fi"},"image":{"@id":"https:\/\/de.fi\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/dedotfi","https:\/\/t.me\/dedotfi"]},{"@type":"Person","@id":"https:\/\/de.fi\/blog\/#\/schema\/person\/bc7c94cb5e037c8978c6059885825591","name":"De.Fi Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/de.fi\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6f2f941b8d00bf81e01f135977bd5284977931ec40bfd2c06000150d2a6d661d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f2f941b8d00bf81e01f135977bd5284977931ec40bfd2c06000150d2a6d661d?s=96&d=mm&r=g","caption":"De.Fi Security"},"url":"https:\/\/de.fi\/blog\/author\/defisecurity"}]}},"_links":{"self":[{"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/posts\/4308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/comments?post=4308"}],"version-history":[{"count":17,"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/posts\/4308\/revisions"}],"predecessor-version":[{"id":4338,"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/posts\/4308\/revisions\/4338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/media\/4309"}],"wp:attachment":[{"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/media?parent=4308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/categories?post=4308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/de.fi\/blog\/wp-json\/wp\/v2\/tags?post=4308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}