November 10 2020 • 4 minutes
Yield farming provides asset-holders with the opportunity to earn tokens through locking into smart contracts for a certain duration. But it also raises the possibility of loss of funds, due to smart contract error or impermanent loss when liquidity pooling, which can occur as a result of dramatic price movement or operator malfeasance. As a result, it’s vital that farmers inspect the code of any project they’re considering staking in.
Performing some basic checks to the integrity of the code can potentially save thousands in losses, not to mention the time wasted on staking in futile projects, when the capital could have been better used elsewhere. De.Fi.info periodically inspects the code of new yield farms to detect anomalies and provide feedback to the community and project team on underlying risks.
Recently, I audited the YFFS project and published the post on the 6th of November.
De.Fi 👨🌾🚜 on Twitter: “1/ Today on my surgeon’s table: @…
archived 9 Nov 2020 16:15:36 UTC
In essence, the project raised lots of questions. Primarily because its implementation could not be called decentralized.
The trouble was that the owner had a lot of permissions to manipulate the staking process and users’ staced assets, which, consequently, jeopardized users’ funds. For instance, there was a function called YFFSDeflationStake that stopped staking and transferred all staked tokens to the hardcoded EOA address 0x489B689850999F751760a38d03693Bd979C4A690.
De.Fi 👨🌾🚜 on Twitter: “2/ There is a function that stops…
archived 9 Nov 2020 16:19:47 UTC
These alarming facts made me rate the scam probability as high.
The team’s answer was as follows:
I failed to locate any such article addressing this matter.
Also, they tried to deflect and whitewash themself by providing doubtful theses.
However, I couldn’t resist responding and suggested that the YFFS team perform some vital changes for the project to become safer. I proposed adding either a timelock or governance to prevent centralized project control.
De.Fi 👨🌾🚜 on Twitter: “3. That’s could be much better an…
archived 9 Nov 2020 16:48:01 UTC
My next suggestion was about how to implement the necessary changes to renounce contract ownership.
De.Fi 👨🌾🚜 on Twitter: “You can solve this issue asap, ju…
archived 9 Nov 2020 16:54:03 UTC
Consequently, the YFFS team answered, stating that the changes would take place the same day.
A bit later, the YFFS team informed the community that the Admin key had been burnt. Indeed, they called the transferOwnerShip & setGovernanceAddress functions and specified the 0x000 address as a parameter to transfer the YFFSDeflationStake’s contract ownership to. This way they completely got rid of the ability to invoke these functions.
On November 8, the YYFS team posted a tweet thanking De.Fi.info for auditing its code.
Conclusion
To summarize, I revealed unacceptable functionality in the YYFS finance project, outlined that in the report, and informed the community along with the YFFS team. In its turn, after hot discussions with the YFFS team and providing irrefutable facts, the team decided to implement the changes I recommended. This transformed the project for the better.
One more project has improved and become much more trustable, safe, and decentralized. That’s exactly what the community wants.
Together we are heading in the right direction to refine yield farming.
Don’t trust: verify. Always.
Eventually, YFFS rug pulled.
The team tried to seem pretty cooperative as they agreed to edit the problematic code as I insisted.
But this step was just a part of the deception. The intentions to steal the user funds did not disappear. The team just pretended being disturbed and interested in security improvements. YFFS made changes to the code only for demonstrative purposes. In fact, the scammers continued to pursue their initial strategy and managed to steal the funds through interactions with FECORE and YFFC tokens.
Check out other articles from the Saga series:
Solana Network Ultimate Yield Farming Guide [Infographics]
Fantom Network Ultimate Yield Farming Guide [Infographics]
Huobi ECO Chain Ultimate Guide for Yield Farming
Polygon Network Ultimate Guide for Yield Farming
Binance Chain Ultimate Guide for Yield Farming
November 10 • 4 minutes
The first weeks of November were action-packed as we...
November 15 • 3 minutes
As October draws to a close, we take a look back at...
October 31 • 4 minutes
With a large prize pool of $50,000...
October 22 • 5 minutes
As we move further into October, we’re excited to...
October 21 • 4 minutes
Fundamental analysis is an essential part of life for anyone navigating the digital currency market. For years, CoinGecko has been a reputable place for this, known for its rich data and user-friendly interface. Until recently, it has been unrivaled in terms of convenience.
October 16 • 9 minutes
Managing assets across multiple wallets and blockchains can quickly become overwhelming in the fast-evolving world of crypto. Whether you’re an investor, trader, or DeFi enthusiast, you likely hold assets across various chains, platforms, and wallets. This is where effective crypto wallet tracking becomes essential.
October 8 • 10 minutes
© De.Fi. All rights reserved.
