Full Report
Yearn Finance is a suite of products to yearn yield on digital assets. This includes staking tokens to earn interest and selling/buying votes. For the yield-bearing assets, users can put positions into Aave, Compound, DYDX and BzX's Fulcrum. The bad contract was the legacy iEarn USDT token contract. What was wrong with it? There is no inherit security issue with the code; it was a misconfiguration of the pools being used. In particular, the contract used the Fulcrum USDC address instead of the USDT address. Why is this bad? This leads to manipulation on the pool being possible. From my basic understanding, the attacker needed to hit the code path for this misconfiguration. This was done by rebalancing the protocol to use Fulcrum instead of AAVE and Compound. To make the hack as financially profitable as possible, they forced all of the funds to be sent back to the contract instead of be in the pools. Finally, to exploit the misconfiguration, they sent a single USDT token to the pool. Since it didn't have any USDT, the USDT amount (which was really USDC amount) was divided by the real amount of yUSDT, which is 1 from our donation. This leads to 1.2 quadrillion of yUSDT being minted when it shouldn't have been. Yikes! The attacker trades these funds to other locations in the Yearn Finance ecosystem in order to profit heavily from the issue. This dumb copy-and-paste issue had a complex manipulation occur in order to exploit this, which is pretty wild. Overall, good read but hard to follow without understanding the codebase.
Analysis Summary
# Incident Report: Yearn Finance Legacy yUSDT Contract Misconfiguration Exploit
## Executive Summary
On April 13, 2023, an attacker exploited a long-standing misconfiguration in the legacy Yearn Finance (formerly iEarn) yUSDT token contract, resulting in the minting of approximately 1.2 quadrillion yUSDT tokens and subsequent losses exceeding $10 million. The vulnerability stemmed from using the incorrect USDC contract address in the underlying Fulcrum pool configuration, which the attacker manipulated by forcing a protocol rebalance and minting tokens based on the incorrect underlying asset price ratio.
## Incident Details
- **Discovery Date:** April 13, 2023 (Date of exploit execution)
- **Incident Date:** April 13, 2023
- **Affected Organization:** Yearn Finance (Specifically the deprecated legacy iEarn yUSDT contract)
- **Sector:** Decentralized Finance (DeFi) / Cryptocurrency Yield Protocol
- **Geography:** On-chain (Ethereum Blockchain)
## Timeline of Events
### Initial Access
- **Date/Time:** Unknown, implied prior to the execution date, as the configuration error existed since deployment (over three years prior).
- **Vector:** Exploitation of a pre-existing, persistent contract misconfiguration.
- **Details:** The legacy yUSDT contract utilized the Fulcrum **USDC** address in its configuration instead of the Fulcrum **USDT** contract address.
### Lateral Movement
- **Date/Time:** During the attack transaction (e.g., [0xd55e43c1…]).
- **Vector:** On-chain contract interaction.
- **Details:** The attacker first rebalanced the protocol's underlying assets to force the use of the vulnerable Fulcrum pool path. They then forced deposited funds back into the contract and sent a single USDT token to the pool. Because the pool incorrectly registered the incoming USDT as USDC (due to the address mismatch), the token price ratio was severely skewed, leading to massive yUSDT minting (1.2 quadrillion tokens for 10k USDT input).
### Data Exfiltration/Impact
- **Date/Time:** Immediately following the minting event.
- **Vector:** Swapping minted tokens for stablecoins.
- **Details:** The attacker swapped the newly minted yUSDT tokens for other stablecoins, realizing over **$11.4 million** in profits. Funds were moved across multiple exploiter addresses and eventually laundered via Tornado Cash.
### Detection & Response
- **Date/Time:** April 13, 2023 (Attack publicized on Rekt News).
- **Vector:** Public reporting and on-chain analysis.
- **Details:** A Yearn team member confirmed the attack while noting that current, active vault contracts were unaffected. Response actions, such as freezing assets or reversing transactions, are not detailed in the source, implying mitigation focused on post-exploitation tracing and disclosure.
## Attack Methodology
- **Initial Access:** Exploitation of a pre-existing *configuration vulnerability* (a "copy-paste error") in the immutable contract code, which directed the USDT balance tracking to the USDC pool address on Fulcrum.
- **Persistence:** Not applicable; this was a single-transaction exploit maximizing immediate profit.
- **Privilege Escalation:** Not applicable; focused on token price manipulation rather than credential theft.
- **Defense Evasion:** The attack involved complex on-chain logic, hitting a path only possible after specifically forcing a protocol rebalance to the vulnerable Fulcrum implementation. Funds were laundered via Tornado Cash post-exploit.
- **Credential Access:** Not applicable.
- **Discovery:** Not applicable to the attacker’s side; they discovered the flaw in the legacy code.
- **Lateral Movement:** The minted yUSDT was swapped across the Yearn ecosystem to acquire other stable assets ($11.4M total).
- **Collection:** Collection was the minting of 1.2 quadrillion yUSDT tokens, vastly overstating the underlying asset value.
- **Exfiltration:** Swapping the ill-gotten yUSDT for fungible stable assets.
- **Impact:** Financial loss/theft of $11.4M+ via token minting exploit.
## Impact Assessment
- **Financial:** Loss exceeding **$10 million** (specifically $11.4M in swapped proceeds).
- **Data Breach:** None. This was a direct asset drain via smart contract logic failure.
- **Operational:** Minimal, as the affected contract was a legacy and deprecated strategy, not impacting the current Total Value Locked (TVL) of $450M in active Yearn strategies.
- **Reputational:** Significant, as Yearn Finance is considered a pillar of DeFi security, and the vulnerability persisted for over 1,156 days.
## Indicators of Compromise
- **Network Indicators (Defanged):**
- Funding source via Tornado Cash (e.g., connecting to address `0x…`)
- Redeposit of 1000 ETH from exploiter address `0x16af29b7efbf019ef30aae9023a5140c012374a5` to `0xd90e2f925da726b50c4ed8d0fb90ad053324f31b`.
- **File Indicators:** N/A (on-chain exploit).
- **Behavioral Indicators:**
- Execution of transaction `0xd55e43c1…` involving drastic manipulation of yUSDT share price via interaction with the legacy Fulcrum integration path.
- Minting of an unusually large quantity of yUSDT (1.2 quadrillion).
## Response Actions
- **Containment measures:** Confirmed that current, production Yearn contracts were unaffected by the exploit against the legacy code.
- ****Eradication steps:** Not specified, likely involved waiting for the funds to settle or isolating the legacy contract if possible (though immutable contracts cannot be patched).
- **Recovery actions:** Not detailed, though the analysis shows remaining attacker funds ($1.5M in two wallets, $7.4M DAI in the third).
## Lessons Learned
- **Configuration is Critical:** Even seemingly minor copy-paste errors (using the USDC address instead of the USDT address) in immutable smart contracts can lead to catastrophic, long-term vulnerabilities when a specific execution path is hit.
- **Audit Coverage Gaps:** A 2020 audit by CertiK apparently only investigated the yDAI contract, missing the critical flaw in the yUSDT contract configuration.
- **Danger of Legacy Code:** Years-old, deprecated protocols can continue to hold significant funds and harbor critical flaws if they remain active or immutable.
- **"Test in Prod" Risk:** The incident highlights the dangers of deploying complex, unreinforced code paths, reflecting a historical development pattern within early DeFi.
## Recommendations
- Implement rigorous, automated checks to verify the integrity of configuration parameters (e.g., token addresses) against expected values, especially during initial deployment and subsequent code reviews.
- Conduct comprehensive audits spanning all components and related configurations of complex DeFi systems, not just primary focus areas.
- Establish clear timelines and procedures for sunsetting and/or migrating user funds from old, immutable contracts to newer, patched versions to reduce the attack surface.