Share this page!

Finance Geek Profile picture
Twitter logo
30 Jun, 5 tweets, 2 min read
github.com/yearn/yearn-se… Yearn's yvDAI vault Compound strategy had a vulnerability. "In the event of a successful exploit, an attacker would have been able to liquidate an affected strategy's entire debt position on Compound and potentially capture liquidation fees."
Fixed within 3 hours of disclosure of _xyzaudits_. This hero saved a lot of money today. IIRC compound liquidation penalty is about 5%? So the total amount at risk was about $15m? Not sure if I did my math correctly. @iearnfinance $YFI
To be fair, liquidation on Compound is a fair race, and there is no guarantee the exploiter would have been able to get the liquidation fee anyway, plus the attack needed to be carried out several times for the vault to be liquidated fully.
As a result, now 329m USDC sitting in Yearn's contract idle for over 1 day now. etherscan.io/address/0x5f18…
Correction: I believe up to 20% of the vaulted funds were vulnerable as the vault was using a leveraged compound strategy. I'm not clear how much funds were in compound.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Finance Geek

Finance Geek Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @FinGeekCo

Finance Geek Profile picture
17 Jun
People have been asking me all day if Titan (aka @IronFinance) was a rug. Did the team steal the money?

Here is an ELI5 explanation (While skipping some unnecessary details): $IRON $TITAN @IronFinance

1/22 Image
Let’s explain @IronFinance. It is a fork of @fraxfinance. IRON is a currency with the following rules: You can exchange $0.75 $USDC and $0.25 worth of $TITAN for 1 $IRON. The $USDC is sent to a vault and the $TITAN is burnt out of existence. Simple.

2/22 Image
The reverse can happen too. 1 $IRON can be exchanged for $0.75 USD and $0.25 worth of $TITAN anytime. The $USDC will be extracted from the vault and $0.25 worth of $TITAN will be minted which you can sell to get $1 back in total. Are the rules clear?

3/22
Read 19 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @FinGeekCo has new unrolls!

Check out other threads from @FinGeekCo!

Read all threads by @FinGeekCo

:(