In brief
- Yam Finance has discovered a bug in their smart contracts, impacting the rebase events that change the token supply over time.
- Yam is just a few days old and was upfront about not having audits performed on its code.
- Hundreds of millions of dollars have already been locked in Yam.
There’s a bug in the Yam Finance protocol, the day-old yield farming mash-up project delivering the latest astronomical annualized returns in the booming DeFi industry.
Yam Finance tweeted the discovery earlier today, alerting users to an error leading to unintended token supply growth that would benefit the governance-controlled reserve. The extra tokens accumulated would capture an increasing amount of the overall Yam market cap, reducing the value of all other user’s tokens over time.
In response, developers are asking early adopters to put their governing power to use implementing a temporary fix, requiring at least 175,000 votes to activate the proposal. It’s another early stress test of the power of distributed governance, and an example of developers working together with a community that has taken root literally overnight.
The bug involves the issuance of Yams during “rebase” events, when the total supply of the token is changed in a mechanism designed to keep the price stable over time. Notably, Yam developers were clear up front that while Yam was constructed largely using well known, previously audited smart contracts, the specific Yam design had not itself been put to an audit.
Yam was launched yesterday via a Medium blog post and has already attracted close to $400 million in locked value, according to analytics platform Nansen. The protocol combines elements of yEarn.finance and Synthetix smart contracts and an elastic supply inspired by Ampleforth in an experiment in cutting edge DeFi paradigms. The value of Yams is pegged to $1 USD, which means the total supply of Yam tokens will increase or decrease in response to prices higher or lower than one dollar in “rebase” events.
If Yams are trading for more than a dollar, the twice-daily rebase event will increase the supply of tokens proportionally across each user’s Yam balance; increasing the supply, in theory, lowers the value of each individual token. This is because the total value of the supply, as measured by the token’s market cap, is distributed among a greater total number of tokens.
If Yams are trading for less than a dollar, rebase events will reduce the supply of Yams to increase the price. Rebase events are limited to changing the supply by 10% at a time, so extra Yam generated would automatically be contributed to the community governance pool.
In response to the bug, Yam holders are being asked to vote via the Etherscan contract interface. The fix will halt the rebase function until developers are able to construct a more permanent fix, and will burn all Yam tokens currently in the governance reserve. Two votes will be required to activate the fix. The first will require 35,000 Yams to bring the proposal for a vote, while the second will require 140,000 Yams to activate the new code after a 12.5 hour waiting period.
Hundreds of millions of dollars are at stake within Yam Finance, but more important might be the test of whether the brand new community can pull together and follow its developers lead.
Disclaimer
The views and opinions expressed by the author are for informational purposes only and do not constitute financial, investment, or other advice.
Want to be a crypto expert? Get the best of Decrypt straight to your inbox.
Get the biggest crypto news stories + weekly roundups and more!
