Yearn.finance, a decentralized finance protocol, is seeking the return of $1.4 million in funds following a script error in a multi-signature transaction that led to a significant drain of the protocol's assets.
As per a December 11 GitHub post by Yearn contributor "dudesahn," the protocol's entire financial balance of 3,794,894 lp-yCRVv2 tokens was swapped due to a problematic multi-signature script.
The incident unfolded when Yearn converted its yVault LP-yCurve into a stablecoin on the decentralized exchange CowSwap. A trade resulted in the receipt of 779,958 DAI yVault tokens, causing a 63% drop in the liquidity pool value in the vault relative to the spot price of lp-yCRVv2 at that time.
The report to The Block confirmed the $1.4 million loss. Nonetheless, Dudesahn clarified that the affected tokens belonged to Yearn's vaults and did not impact customer funds.
Given the critical role of these tokens in Yearn's yCRV liquidity, the company appealed to any arbitrage traders who profited from the error to consider returning a portion of their gains. Yearn further initiated recovery measures by communicating on-chain messages to certain traders. As per Etherscan, an arbitrageur transferred 2 Ethereum valued at $4,500 back to Yearn’s vault address, expressing sympathy for the situation and acknowledging the associated risks in the on-chain message.
In efforts to prevent similar errors in the future, Yearn announced plans to segregate protocol-owned liquidity into specific management contracts, introduce human-readable output messages, and enforce stricter price impact thresholds. Notably, on April 11, Yearn faced an $11.6 million attack when hackers minted 100 billion Yearn Tether (yUSDT) tokens and exchanged them for other stablecoins.
