SlowMist: The root cause of the attack on Yearn was the insecure mathematical operations in the Yearn yETH pool contract.

According to SlowMist, the decentralized finance protocol yearn suffered a hacker attack on December 1st, resulting in a loss of approximately $9 million. The SlowMist security team analyzed the incident and confirmed the root cause as follows:

The vulnerability originates from the `_calc_supply` function logic used to calculate the supply in the Yearn yETH Weighted Stableswap Pool contract. Due to insecure mathematical operations, this function allows for overflow and rounding errors during calculation, leading to a significant deviation in the calculation of the product of the new supply and the virtual balance. Attackers can exploit this flaw to manipulate liquidity to a specific value and over-mint liquidity pool (LP) tokens, thereby illegally profiting.

It is recommended to strengthen boundary scenario testing and adopt a securely verified arithmetic operation mechanism to prevent high-risk vulnerabilities such as overflows in similar protocols.

Previously, Yearn issued a statement saying that its yETH stable pool was attacked at 21:11 UTC on November 30. The attacker minted a large amount of yETH through a custom contract, resulting in the loss of approximately $8 million in assets in the pool. Another $900,000 in losses came from the yETH-WETH pool on Curve.