Curve Finance Shuts Down yv2 Pool After Finding Vulnerability

Decentralized stablecoin exchange Curve Finance reported a vulnerability this morning that affects a new trading pool involving yield aggregator project Yearn Finance. The exploited pool was quickly shut down to prevent an incident.

Curve allows users to swap between US dollar-pegged stablecoins (such as USDC, DAI, and USDT) with extremely low fees and slippage. The liquidity, or the amount of funds in Curve, is wholly supplied by users who earn yields on an annual basis in return—from the interest charged to borrowers of stablecoins from Curve.

Since its launch in 2020, the project has been stable with no major technical issues so far. But that record was tainted today. “We have discovered an issue with the new yVault2 (Yearn Finance) pool. The pool has been killed in order to protect LPs. All funds are safe,” the project said.

It added that all locked up funds would be returned to the liquidity providers (the addresses which supplied the funds) automatically.

Yearn Finance (YFI) is a yield aggregator, meaning it automatically supplies user funds to other yield-generating protocols, exchanges, and wallets, cutting out the need for a user to individually manage the complexity of the so-termed decentralized finance (DeFi) space.

All users locking up their funds on Yearn get a “y” branded token in return—a tokenized representation of their locked up asset. For example, a user depositing USDT into Yearn gets yUSDT in return, which can further be used on other protocols to earn yields (based on Yearn’s own strategy) or swapped for another cryptocurrency.

Yearn.finance Preps a New Stablecoin-based DeFi Protocol

Oh, look, a new DeFi protocol. But this one, announced today by the creator of the popular yearn.finance platform, goes against the grain, getting away from the governance token craze that’s currently driving digital asset lending protocols. That seems like a deliberate break from the landscape of DeFi, which creator Andre Cronje recently referred to as "degenerate finance." At first glance, StableCredit seems to take many of the best decentralized-finance buzzwords, put them in a blender, and p...

Such an arrangement is called a “vault,” with a “v1” and a “v2” token (based on the two vaults that charge different fees and use different strategies) given out to users based on the assets they deposited. 

Today’s issue on Curve saw the “v2” pool get exploited, with the team confirming that the issue was not a fundamental problem, but instead a technical one. The team told Decrypt that there would be a forthcoming post-mortem.

$11 Million Gone in Yearn Finance Exploit

DeFi yield farming project Yearn Finance has been hit by an exploit that has affected a DAI lending pool, according to its Twitter account. The tweet, posted at around 5 PM Eastern US time, states: "We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow." Yearn developer banteg, one of the administrators of the DeFi project's website, followed with a few more details: "Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, th...

Meanwhile, the issue was the second recent involving Yearn. Last week saw the “v1 yDAI vault” exploited by a sophisticated hacker, resulting in the DAI vault losing over $11 million. The attacker made away with $2.8 million, and YFI fell over $4,000 minutes after the news.