The Convex Finance team warned users on Twitter on March 4 that it had redeployed the smart contracts responsible for the vote-blocking control mechanism? after discovering a bug that would have given some users disproportionate rewards.
“There were no use cases [of the bug] prior to the rollout of the new vlCVX contract. However, since Convex Finance contracts are immutable and not subject to renewal, a new contract had to be deployed. The new vlCVX contract implements a fix for this potential bug,” the statement said.
The bug fix resulted in millions of tokens being unlocked, which had an impact on the price of CRV. The market chaos was caused by Convex’s vote-blocking mechanism, a key one in the project’s tokenomics. It allows users to receive rewards from protocols and direct liquidity deposits to another Curve Finance protocol, but only if users lock their tokens for 16 weeks.
This mechanism plays a key role in the complex multi-layered battle for control of the Curve Finance protocol token. The vote locking mechanism is used in the management of CVX’s negotiable offering. Regular CVX traders keep track of key unlocking dates as they can lead to supply and price fluctuations.
Despite the fluctuations in the CVX market, things have gone more or less smoothly. It’s much safer for users and the project when the team finds an exploit on its own and fixes it before hackers use it to launch a cyberattack. Recently, NFT Treasure’s largest release and trading platform, based on the Arbitrum solution, was attacked by hackers. In February, cybercriminals hacked Dego Finance and took tokens from liquidity pools.
Realizing that cybersecurity professionals are not always able to identify vulnerabilities, teams are hiring “white-hat” hackers to find exploits. In February, the Cardano project team announced that it was doubling the reward for “white hackers” to find vulnerabilities in the wallet and network to maximize ecosystem security.