Bug Causes Convex Finance to Redeploy $12 Billion Smart Contract 

By Robert Drage March 08, 2022 In Convex Finance, Crypto News, DeFi

A “non-crucial” bug in Convex Finance’s reward system has necessitated the protocol to redeploy the US$12 billion smart contract, releasing all the users’ vote-locked CVX.

According to a Twitter post by Convex Finance (CVX), the bug had made it possible for expired locks to relock directly to a new address, allowing them to claim more cvxCRV rewards than they had actually earned:

Due to the way Convex works, a simple edit to the contract would not have sufficed and it needed to be redeployed. This meant that all the vote-locked tokens held in the contract would be unlocked upon redeployment.

Advertisement

As the team wrote in a blog post: “There were no instances of [the bug] being used prior to deployment of the new vlCVX contract. However, since Convex Finance contracts are immutable and non-upgradeable, a new contract had to be deployed. The new vlCVX contract has implemented a fix for this potential bug going forward.”

Redeployment Causes Supply Shock

With the smart contract bug causing a premature unlock of a massive portion of CVX’s token supply, the market behaved in an unfavourable way. All the unlocked CVX was now eligible to be sold on the open market. Within the first 30 minutes, prices were down 20 per cent due to sellers and a resultant massive supply shock.

According to one user: “Based on the website, 72.11 percent of $CVX supply, or 38.1 million tokens, have been unlocked. If only 30 percent of these tokens are dumped today, then about US$250 million in buys will be needed to maintain the $20 price.”

Whales Ever Buying the Dip

This provided an opportunity for a few whales to snatch up some extra CVX. With prices falling to US$15 from around $20 in a matter of hours, some whales managed to snatch up quite a parcel:

The nascent DeFi industry is unfortunately infamous for hacks and bugs due to its complexity. Crypto projects generally work hard to secure users’ funds, and DeFi protocols as large as CVX have billions to worry about. Keeping the protocol secure and fixing bugs are key to ensuring user confidence. Last October, for instance, Compound Finance (COMP) fixed a bug that had been plaguing the protocol for some time.

Robert Drage
Author

Robert Drage

Robert is a freelance researcher, with a background in information science currently interested in blockchain technology and technical developments in the field.

You may also like