TechFlow news — Blockchain security firm OpenZeppelin discovered a vulnerability in Convex Finance that could have led to a $15 billion rug pull. OpenZeppelin disclosed the issue via Immunifi, and the vulnerability has since been patched.
OpenZeppelin stated that in late 2021, as part of a security audit for Coinbase, it conducted a security review of the Convex Finance protocol. The security research team identified a vulnerability that would have allowed two out of three anonymous signers of a multisig wallet to gain direct control over Convex’s locked assets—worth approximately $15 billion at the time. Convex’s documentation explicitly stated such control was impossible. The vulnerability has since been fixed by the Convex team. It was never exploited, and no funds were lost.
Navigating Web3 tides with focused insights
Contribute An Article
Media Requests
Risk Disclosure: This website's content is not investment advice and offers no trading guidance or related services. Per regulations from the PBOC and other authorities, users must be aware of virtual currency risks. Contact us / [email protected] ICP License: 琼ICP备2022009338号




