Home
News
- Convex Finance has been made aware of a fault in its vlCVX incentives system, necessitating the redeployment of a new contract.
- Convex stated that no funds were lost and that “user deposits were not jeopardized.”
Convex Finance Bug discovered
Convex Finance was obliged to unlock vote-locked CVX from a contract today owing to a non-critical defect.
The vote-locked CVX contract has been redeployed following the discovery of a fault in its incentive mechanism. All CVX locked in the contract containing the bug were unlocked, which means that users who had vote-locked their CVX tokens will have to withdraw them and re-lock them in the new contract if desired.
Vote-locked CVX tokens are locked Convex tokens that award platform fees and grant voting rights.
Must-know facts about Convex Finance
Convex Finance is a system that helps users earn larger yields from Curve, an automated market maker that generates yields and provides liquidity, and has the highest total value locked of any decentralized finance platform.
Protocols fight for veCRV, a governance token that grants voting rights over how Curve rewards are allocated, in order to route more Curve awards to their own protocol, increasing yield and total value locked. The Curve Wars have been coined to describe this situation.
Convex’s issue of cvxCRV tokens upon locking CRV allows users to earn Curve staking rewards while maintaining liquidity. While CRV remains locked, cvxCRV can be exchanged at a little discount, earning yield.
Convex has done well in the Curve Wars, with its total value locked crossing $20 billion earlier this year, putting it in second place just behind Curve in terms of overall value locked. It has since dropped to fourth place.
ALSO READ – Bug issues lead to redeployment of Convex Finance Smart Contract
No compromise with user funds
Although the bug did not compromise user funds, it did allow “expired locks to relock directly to a new address, allowing them to claim more cvxCRV rewards than they had earned.” A new contract had to be deployed and the old one was simply abandoned because Convex’s contracts are “immutable and non-upgradeable.”
Employees at Popcorn, a yield generator that also funds social impact organizations, alerted Convex to the bug, for which the company will receive a bounty reward from Convex’s treasury.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.
