Yearn.finance Suffers $1.4 Million Loss from Multisignature Scripting Error, Amplifies Security Measures
Summary:
DeFi protocol Yearn.finance suffered a significant loss due to a multisignature scripting error, leading to a loss of around $1.4 million from its treasury. In efforts to prevent future errors, Yearn.finance plans on separating its liquidity into specific manager contracts, implementing human-readable output messages and enforcing stricter price impact thresholds. No customer funds were affected by the incident. This event follows a previous exploit in April where Yearn lost $11.6 million.
Yearn.finance, a decentralized finance protocol, experienced a substantial setback due to a multisignature scripting malfunction, resulting in a loss of approximately $1.4 million from its treasury. According to a GitHub post on Dec. 11 by Yearn contributor "dudesahn," the error occurred when 3,794,894 lp-yCRVv2 tokens were inadvertently swapped due to a faulty multisignature script. The situation occurred as Yearn.finance was turning its yVault LP-yCurve (lp-yCRVv2) into stablecoins on CowSwap, a decentralized exchange.
The protocol's treasury experienced a precipitous drop in liquidity pool worth after receiving 779,958 DAI yVault (yvDAI) tokens from the transaction. Yearn's liquidity pool value decreased by 63% compared to the spot price of lp-yCRVv2 at the time. While Yearn confirmed the loss of $1.4 million, it assured that only the protocol-owned liquidity was affected and no customer funds were impacted.
Recognizing the significance of these tokens to its yCRV liquidity pool, Yearn.finance made an appeal to traders who may have profited from the incident to return a portion of the funds. The protocol course-corrected by assigning more specific manager contracts to separate its owned liquidity in the future. Additionally, human-readable output messages will be included and stricter price impact thresholds will be established to prevent similar mishaps.
Unfortunately, this incident is not the first time Yearn.finance has encountered a loss. The protocol experienced a whopping $11.6 million exploit on April 11 when a hacker illicitly produced an enormous quantity of Yearn Tether (yUSDT) tokens. This recent mishap renews concerns about rising crypto-related crimes, which US enforcement agencies continue to investigate.
Published At
12/14/2023 3:08:40 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.