The post Yearn Finance Hit by 63% Treasury Loss Due to Script Glitch appeared on BitcoinEthereumNews.com.

In a significant setback for Yearn Finance, a leading player in the decentralized finance (DeFi) sector, a script malfunction in its multisig (multi-signature) system led to a substantial loss of its treasury assets. The incident on December 11 resulted in the unintended swap of Yearn’s treasury balance, amounting to a loss of approximately 63%. The company confirmed that the loss affected only the treasury funds and did not impact customer funds. The mishap involved the accidental exchange of 3,794,894 lp-yCRVv2 tokens from Yearn’s treasury. This transaction, executed on CoW Swap, led to significant market slippage due to the large volume involved, further exacerbating the loss. Yearn Finance Treasury Error Triggers Huge Loss The event unfolded as a result of multiple oversights in handling the treasury funds. Yearn’s statement explained that the entire treasury balance, including fees, was mistakenly transferred to a trading multisig, initiating over 30 trade orders. Among these was the critical swap of the treasury balance. This transaction’s complexity and high volume of trades hindered effective human review, allowing the error to pass unnoticed. The protocol identified that the script used for token swapping lacked adequate output checks and contained a logical flaw. This flaw failed to cap the trade size, leading to the unintended large-scale transaction. New Safety Steps at Yearn Post Loss Yearn Finance has implemented several measures to prevent a recurrence in response to this incident. The protocol plans to segregate protocol-owned liquidity (POL) funds into separate entities and enhance its trading scripts to produce more comprehensible output messages. Additionally, it will enforce stricter price impact thresholds during trades. This incident is not the first security challenge Yearn has faced. Earlier in the year, the protocol was the target of an attack where a vulnerability in a Yearn vault was exploited, resulting in the theft…

---

Filed under: News - @ December 14, 2023 12:26 pm