Yearn.Finance (YFI) unveiled details of virtual assault revealed by white-hacker

  • Banteg (@bantg), a core developer of the Yearn.Finance (YFI) Defi ecosystem, reveals the details of a hypothetical assault on the pieces of its protocol revealed by a white-hat hacker.

Are you safe from frauds?

According to Banteg’s tweets, on January 30, 2022, a white-hat hacker reported the scenario of an assault against the SingleSidedBalancer technique, which is part of Yearn.yield Finance’s farming toolset.

The SingleSidedBalancer technique (or SSB) is intended to enable Defi fans to farm Balancer’s native currency BAL, which provides single-asset liquidity. SSBs can be found on the Ethereum (ETH) and Fantom (FTM) blockchains.

– Advertisement –

Because only the SSB approach on yvUSDT was proven to be commercially exploitable, the attack design was employed to allow hackers to imbalance the Balancer pool and gain USDT at an inflated price.

An attacker might empty Yearn.liquidity Finance’s pool for more than $41 million in equivalent through a series of flash loans with USDC and DAI.

ALSO READ – REGULATORS WITNESSES A NEW TWIST OF LAUNDERING VIA NFTS

No funds are currently in danger

According to the thorough explanation provided in Yearn.security Finance’s repository on GitHub, the vulnerability was corrected in 25 minutes once all exploitable elements were removed; no funds are currently in danger.

Yearn.Finance and Balancer had upgraded all susceptible strategies by Feb.11. Because the potential vulnerability falls under the ‘Critical’ category, the white-hat attacker was rewarded with a 200,000 USDC on February 2.

As previously reported by U.Today, on Feb.10, the company behind the Optimism scaling solution for Ethereum (ETH) fined Mr. Jay Freeman $2 million for revealing a weakness in Optimism smart contracts that would have allowed minting a limitless quantity of Ether in every wallet.

Source: https://www.thecoinrepublic.com/2022/02/13/yearn-finance-yfi-unveiled-details-of-virtual-assault-revealed-by-white-hacker/