Yearn Finance encounters multisig script error, treasury hit with $1.4 million loss

Yearn Finance encounters multisig script error, treasury hit with $1.4 million lossYearn Finance encounters multisig script error, treasury hit with $1.4 million loss

In this post:

  • Yearn Finance’s treasury lost 63% of its holdings, about $1.4 million, due to a flawed multisig script during a fee token conversion process.
  • The script error caused large-scale trade and temporary price slippage, with an appeal to users who profited to return funds voluntarily.
  • In response, Yearn Finance plans to implement measures like segregating POL funds and enhancing script readability, amidst a history of security challenges in DeFi operations.

Yearn Finance, a prominent player in the yield-farming sector, recently reported a critical error in its multi-signature (multisig) script. This error led to an unintended transfer and subsequent swap of a substantial portion of its treasury, resulting in a loss estimated at $1.4 million. This incident was disclosed in a post on GitHub.

During what was described as a routine fee token conversion for the treasury, a flawed script mistakenly swapped 3,794,894 lp-yCRVv2 tokens for 779,958 yvDAI tokens. The error stemmed from the entire treasury balance of lp-yCRVv2, including both Position of Liquidity (POL) and fees, being sent to a trading multisig. This transfer was far greater than the intended fees portion. The faulty script, lacking proper output checks and containing a logical flaw, failed to limit the trade size, leading to a significant price slippage.

Market impact and subsequent actions

The unexpected trade caused notable market disruptions, with the price quickly arbitraging back to normal levels. Yearn Finance appealed to users who profited from this price movement, asking them to return what they deemed reasonable to the protocol’s main multisig wallet. Before any such returns, the losses amount to approximately 2% of the entire treasury. 

In response to this incident, Yearn Finance outlined several corrective measures. The team plans to segregate POL funds into dedicated manager contracts, enhance the readability of output messages in trading scripts, and impose stricter price impact thresholds. These steps aim to fortify the protocol against similar mishaps in the future.

Context of security challenges

This event is not the first security challenge Yearn Finance has faced. Earlier this year, an exploit targeting an early version of the protocol, known as iearn, led to losses of $11.6 million, as reported by PeckShield, a blockchain security firm. Additionally, in February, another exploit resulted in the theft of $11 million in cryptocurrencies from one of its vaults.

 While not directly impacting user funds, the recent incident underscores the ongoing security and operational challenges in the decentralized finance (DeFi) space.

Yearn Finance’s proactive response and commitment to improving its systems demonstrate the protocol’s resilience and adaptability in the face of these challenges. 

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Bitcoin is looking more bullish than ever
Subscribe to CryptoPolitan