Executive Summary

The decentralized finance (DeFi) protocol Yearn Finance experienced a significant security incident on November 30, 2025, resulting in the theft of approximately $9 million in assets. The attacker exploited a critical vulnerability in a legacy yETH stableswap smart contract, demonstrating remarkable capital efficiency by using a negligible amount of funds (16 wei) to trigger the exploit. The core of the vulnerability was the contract's improper handling of cached state variables, which were not cleared when liquidity was removed. This allowed the attacker to create a state where a tiny deposit was misinterpreted as a 'first deposit' into an empty pool with phantom liquidity, leading to the minting of a virtually infinite number of yETH tokens. The incident highlights the persistent dangers of latent bugs in older, complex smart contracts.

Vulnerability Details

The exploit targeted a flaw in how a legacy yETH smart contract managed its internal accounting, specifically its use of cached variables to save on gas fees.

• Vulnerability Type: Improper State Handling / Re-entrancy (Logical)
• Affected Contract: Legacy yETH stableswap contract
• Core Flaw: The contract used cached storage variables to track pool balances. When the pool's liquidity was completely withdrawn, the primary supply counter was correctly reset to zero. However, the cached variables holding previous balance information were not cleared. This created a discrepancy between the actual pool state (empty) and the cached state (containing residual values).

The Attack Chain

1. State Manipulation: The attacker used flash loans to perform a series of large deposits and withdrawals. These actions were carefully calculated to leave small, non-zero 'phantom' balances in the contract's cached storage variables.
2. Liquidity Drain: The attacker then withdrew all remaining actual liquidity from the pool. This action correctly set the totalSupply variable of the pool to 0.
3. Triggering the Mint: With the pool's actual supply at zero but cached balances still containing phantom values, the attacker made a final, tiny deposit of 16 wei.
4. Infinite Mint: The contract's logic, upon seeing totalSupply as 0, incorrectly interpreted this tiny deposit as the first ever deposit into the pool. Instead of calculating shares based on the 16 wei deposit, it read the stale, inflated values from the cache. This logical flaw caused the contract to mint an astronomical number of yETH tokens (235 septillion) to the attacker's wallet.
5. Asset Drain: Now in control of the vast majority of yETH tokens, the attacker redeemed them, draining the underlying assets from the associated Balancer pool, totaling around $9 million.
6. Money Laundering: Shortly after the exploit, approximately 1,000 ETH (worth ~$3 million) was observed being transferred through the Tornado Cash privacy mixer to obscure the trail of the stolen funds (T1657 - Financial Theft).

Impact Assessment

The exploit resulted in a direct financial loss of $9 million for liquidity providers in the specific legacy yETH pool. While Yearn Finance confirmed that its newer V2 and V3 vaults were unaffected, the incident has several negative impacts:

• Financial Loss: Liquidity providers in the targeted pool lost their entire investment.
• Reputational Damage: Although isolated, the exploit damages user trust in the Yearn Finance ecosystem and the broader DeFi space.
• Systemic Risk: The incident serves as a stark reminder that even well-regarded protocols can have latent vulnerabilities in older, unmaintained contracts, posing a risk to the interconnected DeFi ecosystem.
• Attacker Profit: The high capital efficiency of the attack (turning less than a cent into $9 million) makes this type of exploit highly attractive to other malicious actors, potentially inspiring copycat attacks on other protocols with similar flaws.

Detection Methods

Detecting such an exploit in real-time is extremely challenging, as it occurs within a single atomic transaction on the blockchain.

• On-Chain Monitoring: Services that monitor blockchain transactions for anomalous behavior could potentially flag this. Key indicators would include a transaction that results in a massive change in a token's total supply or a pool's liquidity for a very small input amount. This is a form of D3-NTA: Network Traffic Analysis applied to blockchain data.
• Contract State Analysis: Proactive detection involves static and dynamic analysis of smart contracts to identify logical flaws. Tools that can simulate different states and transaction orderings might uncover such vulnerabilities before they are exploited.
• Economic Modeling: Simulating the economic incentives and outcomes of complex contract interactions can help identify edge cases where the protocol's logic can be manipulated for profit.

Remediation and Mitigation

Immediate Remediation:

• Pool Shutdown: The primary remediation for such an incident is to pause or disable the vulnerable contract to prevent further losses, if such functionality exists.
• Community Communication: Transparently communicating the nature of the exploit, the scope of the impact, and the status of user funds is crucial for maintaining trust.

Long-Term Mitigation:

• Smart Contract Audits: All smart contracts, especially those handling financial assets, must undergo rigorous, independent security audits. This incident emphasizes the need for re-auditing contracts when their dependencies or typical usage patterns change. This is a form of D3-ACH: Application Configuration Hardening.
• Deprecate and Migrate: Protocols should have a clear lifecycle for their smart contracts. Old, legacy contracts should be formally deprecated, and liquidity should be actively migrated to newer, more secure versions.
• Adherence to Best Practices: Follow established secure development patterns, such as the Checks-Effects-Interactions pattern, and avoid reading from stale storage. Ensure that all relevant state variables are updated atomically within a transaction.
• Formal Verification: For critical financial infrastructure, use formal verification techniques to mathematically prove that the contract code behaves as intended under all possible conditions.