Yearn.finance pleads for refunds after $1.4M multi-sig crash
Decentralized financial protocol Yearn.finance is hoping to return $1.4 million in funds after brokers made a multi-signature script error, resulting in a huge withdrawal of the protocol's treasury.
“A flawed multisig script caused Yearn's public treasury to exchange 3,794,894 lp-yCRVv2 tokens,” according to a Dec. 11 GitHub post by Yearn contributor “dudesah”.
The error occurred while converting Yearn yVault LP-yCurve (LP-yCRVv2) – the proceeds from performance fees paid on Vault harvests – to the decentralized exchange CowSwap, a stablecoin.
$1.4M cleared.
Aren's Finance has revealed that around $1.4 million of their funds have been lost due to a botched script.
Later, his team said that only their LP site was affected, user funds were not targeted pic.twitter.com/4FNXN8DAYp
— De.Fi Antivirus Web3 ️ (@DeDotFiSecurity) December 13, 2023
Eren experienced a significant slippage when he received 779,958 DAI yVault (yvDAI) tokens from the trade, resulting in a 63% drop in the price of the liquid pool – relative to the spot price of lp-yCRVv2 at the time.
In a memo to The Block, Yaren confirmed the $1.4 million figure.
However, Dudesan said that the affected tokens are “liquidity directly owned by the protocol” in Aren's treasury and there was no impact on customer funds.
Given how “crucial” these tokens are to Yeren's yCRV liquidity, the firm has asked any successful Friday traders who profited from the event to consider repatriating some of their funds:
“We ask that anyone who took advantage of this bug to refund the amount they feel is reasonable to Airman MultiSig.”
Jaren took his recovery efforts a step further, writing messages on the chain to some traders.
Related: Yearn.finance token falls 43%, community speculates on exit scam
According to Etherscan, an arbitrator has already transferred 2 Ether (ETH) worth $4,500 to Aren's Treasury address. “Sorry to hear our kids are getting the best of us. We didn't make as much profit as others, and we took some risk and helped the peg, but still some returns,” he added in a chain message.
To prevent similar mistakes in the future, it said it would separate protocol ownership into separate manager contracts, implement human-readable output messages, and enforce price impact limits.
The hacker became the victim of an $11.6 million exploit on April 11 after issuing one quadrillion Yern Tether (yUSDT) tokens and selling them to other stablecoins.
Magazine: US law enforcement agencies are turning up the heat on crypto-related crimes.
