GM 🫡💜
Web3 is the next big phase of the internet 🌐
Don't forget that!
Yearn v1 was exploited for over null,500,000 a few hours ago. One of their Smart Contracts was misconfigured, for over 3 years...
How? 🧵
One of the underlying assets of yearn yUSDT token should be Fulcrum iUSDT, but instead is setup to be iUSDC
Contract: etherscan.io/address/0x83f798e925BcD4017Eb265844FDDAbb448f1707D
AFAIK this was first noticed by @samczsun.lens
Why can this be exploited?🤔
yUSDT is a yield-generating version of USDT, holding different interest-bearing tokens as its underlying assets, like aUSDT (aave) or iUSDT (bZx/Fulcrum) but because it's actually holding an USDC instead of USDT token, it can be exploited
The attacker repaid aUSDT loans to set the borrow rate to 0, minted yUSDT and iUSDC and took advantage of wrong pool ratio and forced the pool to switch providers, which made USDC to be withdrew instead of USDT, so attacker minted more yUSDT and dumped on a pool for profit
More details: twitter.com/junorouse/status/1646424901602123776
Attacker: etherscan.io/address/0x5bac20beef31d0eccb369a33514831ed8e9cdfe0
To the best of my knowledge Yearn v2 is SAFU
twitter.com/storming0x/status/1646408774477922305
Happy Sunday Lens Frens ☀️
We hope you all had a great weekend - ours was spent working on the newest Lentil release that should come to your phones in a few minutes 😍 This release features the brand new @xmtplabs.lens iOS SDK 💬
Of course we couldn't have done it without regularly having some cakes in between 🍰🫡
Reeeeeee. I wanna win one of these. LFG