In a recent development, Yearn Finance, a pioneer in decentralized finance (DeFi) and behind the DeFi coin YFI, found itself grappling with a significant setback. A faulty multi-signature script deployed during a routine fee token conversion led to a massive loss of 63% of the protocol’s treasury position. Here are the details…
File flaw revealed for DeFi coin
The incident came to light through an explanatory post on Github, revealing that the flaw in the script triggered the swap of the entire balance of 3,794,894 lp-yCRVv2 tokens in the Yearn treasury, creating purely protocol-owned liquidity (POL). Importantly, no user funds were involved in this incident, as the amount affected belonged solely to Yearn’s internal liquidity. The result of this script malfunction was a significant slippage that led to the loss of approximately 63% of the LP value that determines the value of lp-yCRVv2 tokens during trading.
Faced with these unexpected events, Yearn Finance issued a call to those who may have profited from this mistake. They requested a reasonable refund to Yearn’s primary multisig ychad.eth to compensate for the error. This mishap boils down to accidentally moving the entire POL amount to commercial multisignature, which was incorrectly treated as a fee. Two critical oversights compounded the problem: faulty transfer of the entire lp-yCRVv2 treasury balance and inadequate checks in the commercial multisig’s token swap script.
Have corrective measures been taken?
According to their statement, Yearn Finance, which is behind the DeFi coin YFI, is taking rapid corrective measures and implementing additional measures to guard against similar mishaps in the future. These include segregating POL funds into dedicated manager contracts, improving the readability of output messages in trading scripts, and implementing stricter price impact thresholds.
Losses incurred by Yearn Finance before any returns totaled $1.4 million. This represented approximately 2 percent of the entire treasury. This incident highlights the challenges and risks inherent in decentralized finance operations. Yearn Finance has faced $11.6 million in damage in the past from an exploit in an early version. It also faced security vulnerabilities, such as an $11 million loss from an exploit in one of its vaults in February.
critical reminder
As Yearn Finance works to strengthen its security measures, this incident serves as an important reminder of the ongoing need for robust risk management in the evolving landscape of decentralized finance. Investors and enthusiasts will closely watch how Yearn Finance tackles these challenges and further strengthens its protocols to ensure the resilience of the DeFi ecosystem.