DeFi Yearn Finance Fixes a Critical Vulnerability in the Leveraged COMP Farming Strategy


DeFi protocol Yearn Finance awarded a maximum bounty of $200,000 to a security researcher xyzaudits after they revealed a vulnerability in the leveraged COMP farming strategies that have since been mitigated.

“No funds were lost,” assured the team.

According to the vulnerability disclosure, an attack vector in the GenLevComp strategy type that is in use in two strategies in the yvDAI 0.3.0 vault was disclosed through Yearn's security process.

In this leverage strategy, DAI is borrowed and lent repeatedly on Compound in order to farm Comp tokens which makes use of dYdX for flash loans.

If successfully exploited, the attacker would have been able to liquidate an affected strategy's entire debt position on Compound and potentially capture liquidation fees.

This would have led to a “significant loss of user funds.”

But the vulnerable strategies have been successfully wound down, and a fix has been committed and tested.

A blue-chip project, Yean had over $4 billion in total value locked (TVL), as of writing, down from more than $5 billion in mid-June, as per DeFi Llama.

In Q2 2021, the project enjoyed a jump of 138% in its TVL while its revenue grew by 233% to 18.3 million from $5.5 million. Yearn’s active wallet addresses are also seeing an increase of 31% to 21.5k.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide