Yearn.finance rapidly fixes "attack vector" similar to one used on $1b protocol Harvest

Publicado en by Cryptoslate | Publicado en

Harvest Finance, what used to be a $1 billion yield farming protocol on Ethereum, underwent a brutal attack last week that wiped approximately $30 million from user accounts.

The pseudonymous attacker leveraged a flash loan, along with a series of manipulative transactions between Curve, Uniswap, and Harvest, that allowed them to drain millions of dollars worth of stablecoin from Harvest's pools.

Reports indicate that the attacker could have kept on going and withdrawn close to $1 billion of stablecoin and tokenized Bitcoin deposits in the protocol but opted against doing so for an unexplained reason.

This attack highlighted how flash loans can be used to exploit economic vulnerabilities within DeFi protocols and pool to the tune of millions of dollars.

Whether it's unclear whether or not he was inspired by the Harvest Finance attack, a security researcher in the space found a similar economic flaw within Yearn.

Wen-Ding Li described a potential attack vector of a flash loan attack that could take place on Yearn.

"Having established contact, Wen-Ding discloses that he has an initial proof of concept of a flash loan attack that can be mounted on the TUSD vault, resulting in an 18% loss to users, with the attacker being able to walk away with 650k TUSD.".

The theoretical attack vector was similar to the Harvest one in that this Yearn.

Finance's Vaults for DAI and GUSD were vulnerable to the same vector of attack but the proper measures were in place to avoid this from transpiring.

This attack vector comes shortly after another was patched.

x