As communicated by the team of YFV protocol, a fork of yearn finance, one of the pools of the DeFi project has been badly configured and this has created great concern in the community.
For this reason, the team is working with Arcadia Group to audit the code and eliminate the present anomalies that could also lead to a loss of funds.
YFValue is working with The Arcadia Group on Professional Audit. Result will be announced within a week.
— yfv.finance (@FinanceYfv) August 24, 2020
What is the YFV protocol
The project was launched just a week ago. It is similar to yearn finance, but introduces a system of governance, to make autonomous yield farming, adding tokens and burning the supply if needed.
Considering that this platform is a DeFi aggregator, it foresees the creation of several pools. For each pool, it is possible to participate and receive the YFV governance token in return. For example, there is Pool 0 where it is possible to deposit USDT, USDC, TUSD and DAI and it pays 3% of the total YFV that is 21 million, so about 630 thousand, or there are other pools that have a 98/2 ratio that can give even 10% of the YFV.
It was precisely Pool 0 that had a configuration problem because the developers were wrong to confirm a transaction to remove control of the pool, so the team could still control the pool and the rewards that could be blocked at any time.
Despite this problem, which led to the creation of Pool v2 and the burning of the team’s tokens, some users continued to use this pool. And this is where the team had to make the drastic decision to destroy the minter key and then lock the pool’s funds.
But the problems did not end there, because due to an exploit it would still be possible to recover the minter key and allow the team to recover the users’ funds that were locked.
So, the team decided to split these keys into a multi-signature in order to share the risk and to have at least the majority of signatures to access these keys and perform the token recovery transaction.
The team proposed a 10 or 11 multi-signature system and the community provided some names that should sign this system.
- Michael from Boxmining;
- Vitalik Buterin from Ethereum;
- Loi Luu CEO from Kyber Network;
- Andre Cronje from YFI;
- Taiyang Zhang CEO from REN;
- Fernando Martinelli CEO from Balancer Labs;
- Brendan Eich CEO from BAT;
- Sergey Nazarov CEO from Chainlink;
- Reuben Yap COO from Zcoin.
Unfortunately, increasingly often the new DeFi protocols that are coming out every day in this period have the bad habit of being on the mainnet before code tests and audits, which is why they are very dangerous.
For example, it is worth mentioning the case of the YAM project that, due to an error in the code, lost its governance and the price of its token dropped from 157$ to only 0,04$.