Yearn Finance, a key player in the yield-farming sector, recently disclosed a significant flaw in its multi-signature script that caused an unintended transfer and subsequent swap of a substantial part of its treasury, resulting in an estimated loss of $1.4 million.
During what was termed as a routine fee token conversion for the treasury, a faulty script erroneously exchanged 3,794,894 lp-yCRVv2 tokens for 779,958 yvDAI tokens. The mistake originated through sending the entire treasury balance of lp-yCRVv2, comprising both Position of Liquidity and fees, to a trading multisig.
This transfer exceeded the intended fees portion. The flawed script, lacking proper output checks and containing a logical flaw, failed to restrict the trade size, leading to significant price slippage and massive losses.
Market impact and subsequent measures
The unexpected trade caused notable market disruptions, with the price swiftly correcting back to normal levels. Yearn Finance urged users who benefitted via this price movement to return a reasonable amount to the main multisig wallet. Prior to any such returns, the losses constitute approximately 2% of the entire treasury.
In response to the incident, Yearn Finance outlined various corrective measures. The team intends to segregate funds into dedicated manager contracts, improve the readability of output messages in trading scripts, and enforce stricter price impact thresholds. These actions aim to bolster the protocol against similar mishaps in the future.
Security challenges context
This is not the first time that Yearn Finance has faced a security challenge. Earlier this year, an exploit targeting an early version of the protocol, known as iEarn, resulted in losses of $11.6 million, as reported by PeckShield, a blockchain security firm. Additionally, in February, another exploit led to the theft of $11 million in cryptocurrencies.
While not directly impacting user funds, the most recent incident highlights the ongoing security and operational challenges in the decentralized finance space. The proactive response and commitment shown by Yearn Finance to enhancing its systems showcase both resilience and adaptability in addressing these challenges.