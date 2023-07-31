Various auditors, including SupremacyHQ and BlockSecTeam, have been criticized for sharing affected Vyper versions publicly, potentially jeopardizing ongoing efforts to address recent exploits. However, one security firm has clarified its actions, explaining that it chose to alert the community and the protocol to ensure users were aware of the issue and could take necessary precautions.

SupremacyHQ and BlockSecTeam, among other auditors, have faced backlash for tweeting about the affected Vyper versions while teams were working diligently to resolve recent exploits. Critics argue that the firms' public disclosure may have preempted potential white-hat solutions to the vulnerabilities. In response, one security firm highlighted its efforts to inform the affected protocol, emphasize the importance of user protection, and defend its decision to alert the community.

According to the firm, they discovered the issue with the WETH pool (0x8301) at 17:10 UTC on July 30 and attempted to contact Curve Finance through a trusted channel, given that direct DMs were unavailable. Following the discovery of an attack on the pool two hours later, the firm underscored the importance of notifying the protocol and users in order to safeguard funds. Consequently, they decided to alert the community via a Twitter thread at 19:59 UTC.

The firm maintains that it always stands with users and seeks to help protect the community, pointing to its track record of saving and rescuing users' funds. While the firm extends sympathies to those who lost money in the security incident, it deems the blame directed at a team working to help the community to be unfair.

Regarding the affected Vyper versions, it is recommended that contracts migrate to the most recent version, 0.3.7+, which has been comprehensively audited and refactored. Although no guarantees can be made, using the newest version can improve overall security.

