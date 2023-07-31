In response to the Curve hacking incident, Vyper contributor @fubuloubu stated that vulnerability detection can take weeks to months and suggests that state-sponsored hackers may have been involved. They highlighted the incentive problem, pointing out the challenges in finding critical bugs in compilers, especially older versions, and proposed a co-sponsored bounty program to improve Vyper.

@fubuloubu explained that Vyper's smaller code base and simpler design may have attracted hackers as it is easier to explore compared to Solidity's larger code base. They emphasized that compilers are not as thoroughly vetted or audited as one might assume, with frequent and significant changes making auditing a challenge. The underlying issue highlighted in these circumstances is the lack of incentives for discovering critical bugs in compilers, particularly in older versions.

To tackle such public good problems, @fubuloubu proposed a solution to improve Vyper by introducing a bounty program co-sponsored by users, dedicating resources to finding and mitigating potential vulnerabilities. They emphasized that this isn't the end of Vyper or Curve, but a call for the community to work together to ensure improved security and stability.