Yam Finance Identifies Possible Exploit, YAM Crashes, Again

  • Although YAM has crashed again, the issue at hand doesn’t seem as problematic as the bug discovered in August was.
  • A proposal with a temporary fix has been submitted, which, if passed, will be active until a solution is implemented.

Illustration from Freepik

In mid-August, Yam Finance was the hottest project on the DeFi scene. Close to $600 million were locked on the platform less than 24 hours after it launched. It all came to a sudden stop, though, when a bug was discovered. YAM, the project’s governance token, collapsed in valuation, dropping from its $160 peak to less than a dollar.

Despite most marked the time of death of the project, it did endure. A plan of migration was presented where the code would be audited, preparing the project for an unexpected resurgence. As news of the migration spread, YAM made a miraculous recovery.

A little more than a week ago Yam Finance launched again. At launch, the YAM token stabilized in price around $25. Sadly, an exploit was identified by a Yam founder on September 22, which brought the project down to its knees again. It is important to note that this time the problem is not a bug, but a possible scenario in which a malicious actor could “take control of the protocol, including the treasury”.

In essence, think of it as someone having more financial incentive to control the entire protocol than to participate in governance, even if they hold a large portion of YAM tokens. The problem resides in the fact that YAM locked in the Uniswap pool is not eligible to be used for voting. Yam noted in the announcemet:

“In the current design, the strong incentives to provide liquidity to Uniswap are at odds with the ability to ensure robust participation in governance.”

To guard against this, a proposal has been submitted that, if passed, will allow the YAM Deployer contract to cancel proposals that are identified as malicious. The Yam team notes that this will only be temporary, “until a fix can be implemented, audited, deployed, approved by the community, and activated”.

Three potential solutions have been proposed to the issue, two of which aim to solve the issue with YAM tokens locked in liquidity pools not being able to be used for voting, while the third one aims to introduce a new contract (Guardian) to “address potential future attacks”.

In the announcement, the Yam team urges community members to discuss the situation on the governance forum.

Compared to the bug that was discovered in August, this exploit seems like a lesser issue. Still, YAM has crashed once again from a stable price of around $20 to about $1.3, as soon as the announcement was made.

Related Coverage
Yam Finance is Launching uSTONKS to Track r/WallStreetBets
  • uSTONKS will be launched as a monthly token, with the basket of WSB tickers rotating quarterly.
  • The bullishness will be measured by the number of positive comments on the WallStreetBets subreddit.
March 9, 2021, 11:08 AM
Wallstreetbets Reddit community web page seen on the tablet screen surrounded by US dollars

Wallstreetbets Reddit community web page seen on the tablet screen surrounded by US dollars. Shutterstock

Yam Finance Is Ready To Launch, Again
  • Starting 18 September, users will finally be able to swap their YAMv2 to YAMv3 on a 1:1 basis, with no deadline.
  • This time the protocol will be released after it underwent a full audit, conducted by blockchain security and data analytics company PeckShield.
Yam Finance Prepares For Version 3 Launch, YAM Recovers In Price
  • YAM, the platform’s governance token, has made a phenomenal recovery and is now trading around the $50 mark.
  • Auditing of the version 3 smart contracts will take a “few weeks” so deployment is expected in mid-to-late September.