Yearn Finance Suffers Losses Due to Faulty Multisig Script: No User Funds Affected

Yield-farming protocol Yearn Finance experiences a setback as a faulty multisig script results in a significant loss of funds from its treasury.

Yearn Finance, a popular yield-farming protocol, recently disclosed a mishap involving a faulty multisig script that caused a loss of 63% of its treasury position. Fortunately, no user funds were affected by this incident. The protocol team has taken immediate steps to address the issue and prevent similar incidents from occurring in the future.

Faulty Script Leads to Losses:

During a routine fee token conversion process on behalf of Yearn’s treasury, a faulty script caused a substantial loss. The script mistakenly transferred the entire treasury balance of lp-yCRVv2 tokens, including fees, to the trading multisig. This transfer was unintended, as only a smaller portion of the fees was expected to be transferred. The script lacked sufficient output checks and contained a logical error that allowed the trade size to exceed reasonable limits.

The trade resulted in significant price slippage, but the market quickly corrected itself. The Yearn protocol team has urged any users who profited from the price movement caused by the incident to return a reasonable amount to Yearn’s main multisig.

Losses and Recovery Efforts:

The losses incurred by Yearn Finance due to the faulty script amounted to $1.4 million, equivalent to approximately 2% of the entire treasury. However, the protocol is hopeful that some funds will be returned through ongoing communication channels. No details were provided regarding the progress of these recovery efforts, but the spokesperson expressed optimism.

Preventing Future Incidents:

To prevent similar incidents in the future, the protocol developers have outlined several steps. First, they plan to separate POL funds into dedicated manager contracts, ensuring better control and management. Additionally, they aim to introduce more human-readable output messages on trading scripts to enhance transparency. Lastly, stricter price impact thresholds will be enforced to prevent excessive losses due to price slippage.

Previous Incidents and Lessons Learned:

This is not the first time Yearn Finance has faced setbacks. Earlier this year, an exploit involving an early version of Yearn, called iearn, resulted in damages of $11.6 million. In February, another exploit led to the loss of $11 million worth of cryptocurrency from one of Yearn’s vaults. These incidents highlight the need for robust security measures and continuous improvement in the protocol’s infrastructure.

Conclusion:

Yearn Finance’s recent loss due to a faulty multisig script underscores the importance of stringent security measures in the decentralized finance (DeFi) space. While no user funds were affected, the incident serves as a reminder of the risks associated with innovative financial protocols. Yearn Finance has taken immediate steps to rectify the issue and prevent future occurrences. As the DeFi ecosystem continues to evolve, it is crucial for protocols to prioritize security and implement robust measures to safeguard user funds and maintain trust in the industry.