An unaudited Code resulted in $15M loss- Was the founder of Yearn Finance in a Hurry?

by ImmuneBytes

Yet again we have come across an incident that shows the DeFi community’s ravenous greed to relish unaudited code, resulting in the loss of millions.

Eminence, an unfinished NFT gaming ecosystem of Yearn Finance being developed by Andre Cronje was discovered by DeFi speculators on the night of September 28 when he retweeted several pictures of the venture on his Twitter. As the FOMO took over, traders rushed to farm EMN, estimating roughly to $15M

Although soon enough, the EMN protocol was exploited and the hacker stole $15M. However, he refunded 50% of the money i.e. $8M back into Andre Cronje’s Yearn: deployer account, unprompted

The Attack

The degens began minting ENM tokens manually using Etherscan and paying through DAI. The attacker was able to quickly find the vulnerability in the model and dumped the ENM tokens via its Smart Contact on a tight curve, all of it using flash loans, consequently siphoning $15M DAI.

As explained by Cronje himself, the attack was pretty simple – mint a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN.

Luckily for the people, the hacker has refunded half the money back, no one knows why though.

When the news got out about this debacle, Cronje refunded the $8M to the Yearn treasury. From there on the money will be returned to the ENM holders, equating to approximately 50% refund.

More to know

Cronje, in his tweets, explained that Eminence was ~3 weeks away from its official release and the code surely had some bugs. Also saying that the contracts he deployed were solely for him to engage with. 

Furthermore, he asked people to not use random contracts he deploys and wait for official announcements.  Andre Cronje on Twitter: “Given some of the responses, let me be clear, do not use random contracts I deploy unless…

Conclusion

We see that companies are still ignorant about the fact that Smart Contract auditing is an extremely important part of programmable finance if they want to attract a large number of investors, ensuring that their Smart Contracts are safe and can’t be hacked. All things considered, it is recommended that you perform a Smart Contract Audit to avoid any backlash. 

We are happy to help you get an audit for your Smart Contract.

Reach out to us!

Spread the love

You may also like