Yearn Finance lost $1.4m due to a multisig script error
Decentralized protocol Yearn Finance lost $1.4 million due to a multisig script error.
Information about this appeared on the project’s GitHub page, which led to significant price slippage and arbitrageurs making money from the error. The Yearn Finance team appealed to project users who received assets due to a bug with a request to return the funds.
The error occurred when Yearn Finance converted his yVault LP-yCurve (lp-yCRVv2), obtained through farming fees, into stablecoins on the decentralized exchange CowSwap.
“A faulty multisig script caused Yearn’s entire treasury balance of 3,794,894 lp-yCRVv2 tokens to be swapped.”
Yearn Finance team
Yearn Finance suffered a significant setback when it received 779,958 yVault DAI tokens (yvDAI) from the transaction, causing the value of the liquidity pool from its treasury to drop 63% from the lp-yCRVv2 spot price at the time.
According to Etherscan, one arbitrageur has already transferred 2 Ether (ETH) worth $4,500 back to Yearn’s treasury address.
Yearn said it will separate the liquidity owned by the protocol into specific governing contracts, implement human-readable output messages, and introduce stricter price impact thresholds to prevent similar mistakes in the future.
In April, Yearn Finance lost more than $10 million in various stablecoins due to a misconfiguration of one of its tokenized stablecoins. The attacker allegedly took advantage of a vulnerability in the yUSDT smart contract to use $10,000 in USDT to issue over one quadrillion tokenized yUSDT stablecoins.