The catalyst for bad debt and liquidations can be traced back to UwU Lend, a crypto protocol that allows users to borrow, lend, and deposit tokens. But this incident sheds light on the broader security and transparency issues of the decentralized finance (DeFi) space.

Root of the Problem: Vulnerable Coding of UwU Lend

“On April 15, (UwU Lend) deployed the vulnerable code for its new (sUSDe) markets, and since these markets are not isolated, the entire platform is taking risks,” Egorov said. “UwU was hacked and the attacker deposited CRVs received from UwU to lend.curve.fi (LlamaLend) as part of a cash-out game and disappeared with the funds, leaving the debt in the system.”

This incident underlines how critical the security of DeFi protocols’ smart contracts is. Smart contracts are pieces of code that are automatically executed on the blockchain and govern the functionality of a protocol. Vulnerabilities in these contracts allow hackers to exploit or manipulate the protocols’ resources.

The UwU Lend incident highlights the importance of smart contract auditing and security testing in the DeFi space. Another aspect of the issue that needs to be taken more seriously is that many DeFi protocols are interconnected. The vulnerability in UwU Lend affected a completely different protocol like Curve and led to liquidations. This situation reveals the risk of domino effect in the DeFi ecosystem.

Curve’s Reaction and Future Outlook

UwU Lend lost $20 million in a flash loan attack on Monday and another $3.7 million in a separate attack on Thursday. As of Friday, it is offering a $5 million reward to catch the attackers.

In one post, Egorov estimated bad debt in a particular CRV lending pool at $10 million. Even though this market was completely isolated from other lending pools, depositors in CRV could not withdraw their funds as long as bad debt existed.

However, Egorov said that the situation could help Curve strengthen its security measures and debt mechanisms and provide a better service to users in the coming months.

“Yesterday the system was tested in unimaginable conditions,” Egorov said. “We have a lot to process, but most importantly, we have all the information on how to create the safest and most resilient lending/borrowing process.”

“I am committed to ensuring that all users can withdraw their deposits without any problems. I think Curve Finance is always my priority and the most important thing is our community,” he added.

According to DefiLlama data, Curve is one of the largest crypto protocols with over $2 billion in assets locked as of Friday. This attack highlights that the DeFi space is still in its maturation phase and security needs to be prioritized.

This event has also tested the resilience of the DeFi ecosystem. Curve responded quickly to the issue and prevented it from spreading throughout the system. This is a positive sign for the future of DeFi. However, it is difficult to always stay one step ahead in the race to find vulnerabilities.