In a recent turn of events, Yearn Finance, a decentralized finance (DeFi) protocol, found itself grappling with a significant setback due to a malfunctioning script that inadvertently caused the swapping of 63% of its treasury holdings.
The incident unfolded during a routine token conversion process, affecting Yearn Finance’s protocol-owned liquidity (POL) but thankfully leaving user funds untouched.
The primary cause of the incident was a faulty multisig script, as documented in a GitHub post.
This script triggered the swap of the entire treasury balance, consisting of 3,794,894 lp-yCRVv2 tokens. Importantly, this mishap solely impacted protocol-owned liquidity (POL), assuring users that their funds remained secure.
The defective script, characterized by insufficient output checks and a critical logical error, led to the complete transfer of the lp-yCRVv2 treasury balance into the trading multisig.
This exceeded the expected fee allocation, resulting in a substantial loss amounting to 63% of the treasury’s value.
Notably, Yearn Finance issued a call to users who had profited from the market fluctuations stemming from this error, urging them to return a fair portion of the gains to Yearn’s primary multisig wallet (0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52).
Throughout this incident, Yearn Finance’s native token, YFI, experienced relatively stable pricing, fluctuating between a low of $8,166.96 and a high of $8,465.69.
In a bid to fortify its defenses against future mishaps, Yearn Finance is implementing a series of proactive measures.
These include segregating POL funds into dedicated manager contracts, enhancing the clarity of human-readable output messages on trading scripts, and imposing stricter price impact thresholds.
This incident serves as a reminder of the ongoing challenges and risks prevalent in DeFi protocols, particularly within Yearn Finance’s history marked by prior exploits.
These experiences contribute to the overall maturation of DeFi platforms, such as Yearn Finance, prompting the adoption of more robust security measures and risk mitigation strategies as the ecosystem continues to evolve.