github.com/yearn/yearn-se… Yearn's yvDAI vault Compound strategy had a vulnerability. "In the event of a successful exploit, an attacker would have been able to liquidate an affected strategy's entire debt position on Compound and potentially capture liquidation fees."
Fixed within 3 hours of disclosure of _xyzaudits_. This hero saved a lot of money today. IIRC compound liquidation penalty is about 5%? So the total amount at risk was about $15m? Not sure if I did my math correctly. @iearnfinance $YFI
To be fair, liquidation on Compound is a fair race, and there is no guarantee the exploiter would have been able to get the liquidation fee anyway, plus the attack needed to be carried out several times for the vault to be liquidated fully.
Correction: I believe up to 20% of the vaulted funds were vulnerable as the vault was using a leveraged compound strategy. I'm not clear how much funds were in compound.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
People have been asking me all day if Titan (aka @IronFinance) was a rug. Did the team steal the money?
Here is an ELI5 explanation (While skipping some unnecessary details): $IRON $TITAN @IronFinance
1/22
Let’s explain @IronFinance. It is a fork of @fraxfinance. IRON is a currency with the following rules: You can exchange $0.75 $USDC and $0.25 worth of $TITAN for 1 $IRON. The $USDC is sent to a vault and the $TITAN is burnt out of existence. Simple.
2/22
The reverse can happen too. 1 $IRON can be exchanged for $0.75 USD and $0.25 worth of $TITAN anytime. The $USDC will be extracted from the vault and $0.25 worth of $TITAN will be minted which you can sell to get $1 back in total. Are the rules clear?