SlowMist: The root cause of the yearn attack is unsafe mathematical operations in the Yearn yETH pool contract.
According to a report by Jinse Finance, monitored by SlowMist, on December 1, the decentralized finance protocol yearn suffered a hacker attack, resulting in a loss of approximately $9 million. The SlowMist security team analyzed the incident and confirmed the root cause as follows: The vulnerability originated from the logic of the _calc_supply function used to calculate supply in the Yearn yETH Weighted Stableswap Pool contract. Due to unsafe mathematical operations, this function allowed for overflow and rounding errors during calculations, causing significant deviations in the product calculation of the new supply and virtual balance. Attackers exploited this flaw to manipulate liquidity to specific values and excessively mint liquidity pool (LP) tokens, thereby making illegal profits. It is recommended to strengthen boundary scenario testing and adopt securely verified arithmetic mechanisms to prevent such high-risk vulnerabilities, such as overflows, in similar protocols.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
BlackRock had a net inflow of 4,172 BTC yesterday, worth $303 million.
Key financial data and events to watch today: Friday, March 6, 2026
Trending news
MoreAccording to sources familiar with the matter, shopping mall operator Whitestone REIT has hired an investment bank to advise on a potential sale, as private equity giants Blackstone and TPG are bidding for the company.
US Congressman French Hill says Trump advisors are pushing banks to compromise on bitcoin market structure
Crypto prices
More
