Recently, Conic Finance faced a concerning second hack, raising doubts and discussions about the effectiveness of security audits. The project had undergone an audit conducted by PeckShield, but the hack managed to occur in the CurveLPOracleV2 contract, which was not within the scope of the audit. This has led to scrutiny, with SlowMist warning that audits can be circumvented if a project has malicious intentions. Shenyu from Cobo further emphasized the need for audit companies to be accountable to and paid by users, adding another layer of responsibility and oversight.
Conic Finance Faces Twin Hacks as PeckShield Audit Failures Alarm Investors
According to PeckShield, the primary cause of the recent hack on Conic Finance was traced back to the new CurveLPOracleV2 contract. Furthermore, during their audit, they had identified a similar read-only reentrancy issue, which, unfortunately, had not been included in the audit scope.
Despite these security concerns, Conic Finance continues to offer an accessible platform for liquidity providers to diversify their exposure across multiple Curve pools. One of their innovative features is the introduction of Conic Omnipools, which enable liquidity allocation in a single asset across various Curve pools. This grants liquidity providers exposure to multiple Curve pools through a single LP token.
Moreover, Conic Finance takes the extra step of automatically staking all Curve LP tokens on Convex to earn CVX and CRV rewards. Additionally, Conic LPs are rewarded with CNC, the Conic DAO token. The allocation of liquidity in an Omnipool is based on target allocation weights, subject to regular updates through a liquidity allocation vote, in which CNC holders with locked votes participate.
Despite the recent hacks and security concerns, Conic Finance’s platform remains an attractive option for liquidity providers seeking to maximize their yields while gaining exposure to multiple Curve pools through innovative features like Omnipools and integration with Convex’s staking mechanism. However, industry stakeholders are advocating for greater transparency and accountability in the auditing process to mitigate potential risks and ensure a safer DeFi ecosystem.
Leave a comment