On February 4, 2021, banteg disclosed a hack of the Yearn DAI v1 vault. The attacker caused a loss of $11 million to the vault, and the attacker made a profit of $2.8 million.
The impact of the attack was limited by the quick response of the Yearn security team and multi-sig wallet signers. By responding within eleven minutes, the team was able to protect the remaining $24 million stored in the vault from the attacker.
Exchange Rates and Decentralized Exchanges
Before digging into the details of the Yearn hack, it is important to understand how decentralized exchanges work. A decentralized exchange (DEX) is a smart contract-based equivalent of a traditional currency exchange. The DEX stores a collection of cryptocurrency and allows users to deposit and withdraw different types of currency.
An important concept in any currency exchange is that of the exchange rate. This sets the amount of one type of currency that a user can receive in exchange for an amount of another currency. In a traditional exchange, this value is set by the exchange (often significantly to their benefit).
On a decentralized exchange, there is no central authority to set exchange rates for cryptocurrency. Instead, the exchange rate is set based upon the laws of supply and demand. For a deposit, you’ll get a better rate if the DEX currently has a low quantity of that particular currency. A withdrawal is the exact opposite, where a particular currency is “cheaper” if the exchange has a surplus of it.
Inside the Yearn Hack
The Yearn hacker took advantage of the exchange rates within the Curve 3pool. The attack started with the attacker making some deposits and withdrawals from the pool:
- Deposit 123 million USDC
- Deposit 36 million DAI
- Withdraw 165 million USDT
The effect of these actions is that the pool has a massive amount of USDC and DAI compared to its store of USDT. This imbalance has a significant impact on the exchange rate for these currencies. Additionally, the two deposits create 3crv shares that the attacker can use later in their attack.
The attacker then took advantage of this imbalance by performing a series of steps. The following example is from this transaction:
- Deposit 93 million DAI into yDAI Vault. This deposit causes the yDAI vault to deposit DAI into 3pool. Due to the attacker’s earlier actions, the exchange rate for a DAI deposit is currently unfavorable, so the yDAI pool doesn’t receive fair value for its deposit.
- Deposit 165 million USDT into yDAI Vault. This is the reverse of the withdrawal made during the setup phase of the attack. By doing this, the attacker removes the imbalance that causes the unfavorable exchange rates in 3pool.
- Withdraw DAI from yDAI Vault: Since the exchange rate has shifted between the deposit in step 1 and this withdrawal, the yDAI vault only receives 92.3 million DAI back from its initial deposit. The remaining 0.7 million DAI remains with 3pool.
- Withdraw 165 million USDT from yDAI Vault: This withdrawal recreates the initial imbalance with the same effect on the exchange rate.
The attacker repeats this process over multiple different iterations using decreasing amounts of DAI in steps 1 and 3. The result of this is that a significant amount of the yDAI Vault’s DAI remains in 3pool.
This remaining DAI is useful to the attacker because they minted 3crv shares in the setup phase of the attack. When redeeming these shares, the attacker is able to withdraw their original 134 million USDC and 36 million DAI plus an additional 2.9 million DAI (due to the slippage). This is the source of the profits from the attack.
3 Factors that Led to the Yearn Hack
This attack is another example of an attacker taking advantage of slippage to exploit a DeFi protocol. In this particular case, the attack was made possible by three factors:
- Misconfigured Slippage Protection: The potential for slippage - the crazy exchange rates created by these attacks - is well known, and many DeFi protocols have built-in protections. In this case, the slippage protection of the yDAI Vault was set to 1%, which was large enough that the attack was still possible.
- No Withdraw Fee: The targeted vault was version 1, and the creators wanted to allow users to transition to version 2 without a fee. For this reason, the normal 0.5% withdraw fee was set to 0%, making the attack cheaper to perform.
- Access to Earn(): As a v2 vault, the earn() function in the vault was freely accessible. This allowed the attacker to deposit into the Vault’s strategy without restrictions.
This combination of factors demonstrates the complexity of DeFi protocols and the potential for multiple different factors to combine to render a system exploitable. Protecting against these types of attacks requires a comprehensive security audit that takes these kinds of factors and the interactions between them into account.