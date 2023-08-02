Decurity has discovered a potential security vulnerability on the Curve platform, specifically regarding the use of ERC-777 Callback in smart contracts within some token markets. This usage might present security risks and be vulnerable to re-entry attacks.

Decurity reported that an MEV bot exploited this vulnerability to carry out a $1,900 attack. In response, Curve's official statement clarified that the issue is historical and occurred in the pBTC pool, which was long abandoned with only a small amount of funds remaining in the contract.

The potential existence of similar security risks in other fund pools remains uncertain at the moment.