November 10 2020 • 4 minutes
Yield farming provides asset-holders with the opportunity to earn tokens through locking into smart contracts for a certain duration. But it also raises the possibility of loss of funds, due to smart contract error or impermanent loss when liquidity pooling, which can occur as a result of dramatic price movement or operator malfeasance. As a result, it’s vital that farmers inspect the code of any project they’re considering staking in.
Performing some basic checks to the integrity of the code can potentially save thousands in losses, not to mention the time wasted on staking in futile projects, when the capital could have been better used elsewhere. De.Fi.info periodically inspects the code of new yield farms to detect anomalies and provide feedback to the community and project team on underlying risks.
Recently, I audited the YFFS project and published the post on the 6th of November.
De.Fi 👨🌾🚜 on Twitter: “1/ Today on my surgeon’s table: @…
archived 9 Nov 2020 16:15:36 UTC
In essence, the project raised lots of questions. Primarily because its implementation could not be called decentralized.
The trouble was that the owner had a lot of permissions to manipulate the staking process and users’ staced assets, which, consequently, jeopardized users’ funds. For instance, there was a function called YFFSDeflationStake that stopped staking and transferred all staked tokens to the hardcoded EOA address 0x489B689850999F751760a38d03693Bd979C4A690.
De.Fi 👨🌾🚜 on Twitter: “2/ There is a function that stops…
archived 9 Nov 2020 16:19:47 UTC
These alarming facts made me rate the scam probability as high.
The team’s answer was as follows:
I failed to locate any such article addressing this matter.
Also, they tried to deflect and whitewash themself by providing doubtful theses.
However, I couldn’t resist responding and suggested that the YFFS team perform some vital changes for the project to become safer. I proposed adding either a timelock or governance to prevent centralized project control.
De.Fi 👨🌾🚜 on Twitter: “3. That’s could be much better an…
archived 9 Nov 2020 16:48:01 UTC
My next suggestion was about how to implement the necessary changes to renounce contract ownership.
De.Fi 👨🌾🚜 on Twitter: “You can solve this issue asap, ju…
archived 9 Nov 2020 16:54:03 UTC
Consequently, the YFFS team answered, stating that the changes would take place the same day.
A bit later, the YFFS team informed the community that the Admin key had been burnt. Indeed, they called the transferOwnerShip & setGovernanceAddress functions and specified the 0x000 address as a parameter to transfer the YFFSDeflationStake’s contract ownership to. This way they completely got rid of the ability to invoke these functions.
On November 8, the YYFS team posted a tweet thanking De.Fi.info for auditing its code.
Conclusion
To summarize, I revealed unacceptable functionality in the YYFS finance project, outlined that in the report, and informed the community along with the YFFS team. In its turn, after hot discussions with the YFFS team and providing irrefutable facts, the team decided to implement the changes I recommended. This transformed the project for the better.
One more project has improved and become much more trustable, safe, and decentralized. That’s exactly what the community wants.
Together we are heading in the right direction to refine yield farming.
Don’t trust: verify. Always.
Eventually, YFFS rug pulled.
The team tried to seem pretty cooperative as they agreed to edit the problematic code as I insisted.
But this step was just a part of the deception. The intentions to steal the user funds did not disappear. The team just pretended being disturbed and interested in security improvements. YFFS made changes to the code only for demonstrative purposes. In fact, the scammers continued to pursue their initial strategy and managed to steal the funds through interactions with FECORE and YFFC tokens.
Check out other articles from the Saga series:
Solana Network Ultimate Yield Farming Guide [Infographics]
Fantom Network Ultimate Yield Farming Guide [Infographics]
Huobi ECO Chain Ultimate Guide for Yield Farming
Polygon Network Ultimate Guide for Yield Farming
Binance Chain Ultimate Guide for Yield Farming
November 10 • 4 minutes
As an investor in DeFi, keeping track of digital assets across various platforms and blockchains can be a daunting task.
April 5 • 8 minutes
As the crypto bull market heats up, more investors seek to navigate the burgeoning world of decentralized finance (DeFi).
March 8 • 20 minutes
When engaging with decentralized finance (DeFi), investors often face the challenge of managing investments, tracking yields, and ensuring they keep all their assets safe.
February 15 • 15 minutes
January 2024 was an incredibly important month for us. We achieved significant results and made remarkable progress.
February 6 • 4 minutes
With new crypto ecosystems popping up on a regular basis, the integration of different blockchain networks with popular wallets is a key narrative moving into the next crypto cycle.
January 26 • 6 minutes
This month, we are proud to announce that De.Fi has secured investments from the first BTC ETF provider. We're seeing a huge spike in mentions and social interest in De.Fi and $DEFI token right before the listing.
January 18 • 6 minutes
© De.Fi. All rights reserved.
