After Yearn inadvertently loses some of its wealth, it requests a refund
The incident happened after a “faulty multisig script” swapped Yearn’s entire treasury balance
It revised its GitHub post from “63% of the treasury” to “63% of the LP value” after initially reporting a 63% loss. Following Blockworks’ publication of the first statistics on Wednesday, an explanation was issued.
The initial report said that Yearn’s Treasury suffered a loss of around 63% when the 779,958 yvDAI tokens obtained from the trade were taken into consideration.
This loss happened when Yearn’s Treasury balance was accidentally swapped due to a multisignature (multi-signature) script error.
The firm made it clear that the money did not come from customers’ accounts but rather from Yearn’s treasury.
According to a post, Yearn exchanged the entire 3,794,894 lp-yCRVv2 token balance due to a “faulty multisig script.” December 11 was the date of the occurrence.
“Since this sum made up a sizable chunk of the curve pool, it experienced considerable slippage, but the market quickly corrected it and it returned to its normal price,” Yearn stated.
“Total loss for Yearn’s treasury comes out to about 63% when factoring in the 779,958 yvDAI tokens received from this trade.”
“Anyone who profitably arbed this mistake to return an amount that they feel is reasonable to Yearn’s main multisig ychad.The DeFi protocol adds, “Anyone who profitably arbed this mistake should return an amount that they feel is reasonable to Yearn’s main multisig ychad. eth.”
As stated in the post, various oversights caused the improper transfer. All of the funds from the Treasury, including fees, were moved to the trading multisig. From there, the trading multisig sent around 30 orders to CoW Swap, including the one to swap the balance.
The post states that the large number of trades in this particular transaction greatly complicated the human review procedure, leading to the error going unnoticed.
According to Yearn, the script used by the trading multisig to swap tokens contained a mistake, resulting in an unfair deal size due to insufficient output checks and a logical flaw.
To ensure that the same mistake does not occur again, the procedure included additional tests. Implementing “stricter price impact thresholds” during trades, improving trading scripts with more human-readable output messages, and splitting protocol-owned liquidity (POL) money into separate entities are also part of the plan.
Yearn was the victim of an assault earlier this year. The thief managed to escape with stablecoins worth almost $11 million.
The hack occurred when an attacker gained access to tether (USDT) funds by exploiting a flaw in a Yearn vault.
The hacker stole $11.6 million by exchanging 10,000 USDT for stablecoins via Curve Finance, after which they created 1.2 quadrillion yUSDT, the Yearn-equivalent token.