Ghostboard pixel
Sign in Subscribe
curve

sUSD Curve pool vulnerability & next steps

Details about the recent sUSD curve pool vulnerability

Synthetix

3 min read
sUSD Curve pool vulnerability & next steps

This morning (AEDT) a critical vulnerability was discovered in the Curve sUSD pool contract. The Curve team has paused the pool so no funds are at risk. The Curve team is also preparing a disclosure around the specifics of the vulnerability. Please note there are no known issues with the sUSD token contract or other Curve contracts.

We encourage anyone contributing liquidity to the sUSD Curve pool to withdraw it while we plan the migration to a new contract. The instructions on withdrawing liquidity can be found later in this post.

Next steps

The Curve team will deploy a new non-interest bearing pool for sUSD, USDC, DAI USDT. We will transition the SNX incentives to this new pool later this week after community review.

Curve has been working on an implementation of Curve that utilises Aave for all tokens in the pool. The changes required to this pool necessitate an audit which will be arranged as soon as the new contract is ready. Once the audit is complete and any remediations are performed, the Curve team will deploy this new pool. We will then transition the SNX incentives to this new Curve aPool using (aUSDC, aSUSD, aUSDT & aDAI). We will also ensure a simple mechanism for transitioning between these pools is available.

Overview

  • If you take no action your funds are still safe as the Curve pool is paused and only withdrawals are enabled. However, we recommend you follow all steps below until a new contract is deployed for maximal security.
  • If you unstake your yCurve tokens in Mintr you will no longer get SNX rewards until a new contract is deployed.
  • If you withdraw liquidity from the sUSD pool you will get yDAI+yUSDC+yUSDT+yTUSD & ySUSD and will keep earning interest.
  • If you withdraw liquidity from the yCurve pool you will no longer earn interest or trading fees from the pool but will get vanilla DAI+USDC+USDT+TUSD. This pool is not impacted by the bug so no action is required until the migration process is ready.

Withdrawing your yCurve tokens on Mintr

If you are contributing sUSD liquidity on Curve to earn SNX rewards, then you first staked your Curve liquidity tokens (yCurve) into the staking contract on Mintr. To withdraw, select the “Exit: Claim and Unstake” option.

Withdrawing your ySUSD and yDAI+yUSDC+yUSDT+yTUSD on Curve

Then head to https://beta.curve.fi/susd/withdraw and withdraw your balance by selecting “100%” of your liquidity and selecting “Withdraw.” This will give you the ySUSD token (the wrapped iEarn form of sUSD) and the yDAI+yUSDC+yUSDT+yTUSD token (the wrapped iEarn stablecoin hybrid).

Unwrap your ySUSD

Then go to https://iearn.finance/earn and unwrap ySUSD by selecting sUSD, entering your full balance in the right box, and selecting “Claim.”

Unwrap your yDAI+yUSDC+yUSDT+yTUSD

Go to https://beta.curve.fi/iearn/withdraw, where you can convert your yDAI+yUSDC+yUSDT+yTUSD token into DAI, USDC, USDT, and TUSD.

Here is a video made by the Curve team demonstrating the full process:

As always, stay tuned in Discord or via Twitter for any further information.

Sign up for updates like this.

Enter your email
Subscribe