Connect with us
Active Currencies 15494
Market Cap $3,376,764,528,515.70
Bitcoin Share 57.16%
24h Market Cap Change $2.44

Yearn Finance ‘promptly mitigates’ flash loan attack vector

2min Read

Share this article

According to a disclosure by Yearn Finance, a flash loan attack vector was discovered by a security researcher recently, before being resolved by Yearn’s security team.

A potential vulnerability was mitigated around 1.5 hours after being reported by Wen-Ding Li through Yearn’s security vulnerability disclosure process on 29 October 2020. It was also revealed that through the said flash loan vulnerability, funds of the TUSD vault could have been at risk. However, fortunately, it was not exploited and funds remained safe.

The security researcher who reported the attack disclosed that he had an initial proof of concept of a flash loan attack that could be mounted on the TUSD vault and could result in an 18% loss to users, with the attacker being able to walk away with 650K TUSD.

In an effort towards mitigation, the TUSD vault was soon configured to stop deploying funds to use its strategy while the problem was investigated and fixed.

Wen-Ding Li also pointed out that other vaults using the Curve strategy (such as the DAI vault and the GUSD vault) would potentially be vulnerable to the same attack. However, he did note that these vaults already have min set to zero and are therefore not as vulnerable.

The disclosure came at an interesting time for many in the community since it followed not long after the recent incident with Harvest Finance. The said incident was also caused by a Flash Loan attack, one that leaves protocols helpless to the vulnerabilities in their code.

Most developers that notice any potential issue in the code would choose to exploit it, but in this case, the vulnerability was reported and fixed quickly. Ergo, it can be said that Yearn Finance’s successful mitigation of the attack has highlighted how bounty programs for bringing attention to bugs such as this one are a success. However, there is a flip side to the same too, with the case yet another reminder of how vulnerable some of these projects are.

Share

Samyuktha is a full-time journalist at AMBCrypto. Currently pursuing her Masters in Finance and Business Analytics, she is interested in cryptocurrencies, fintech, and blockchain technology adoption across various sectors.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.