Exploit discovered on Andre Cronje’s latest project yCredit
An exploit has been discovered on yCredit, only a day after the protocol was launched, according to sources.
Launched by Yearn Finance Founder – Andre Cronje, the newly created DeFi protocol was intended to give users ‘tokenized yield credit’, wherein whenever a user makes a deposit, he/she will receive 99.5% of it as a credit line.
However, a disclaimer in the medium article shared by Cronje states,
“ yCredit is experimental. yCredit is not a speculative token. yCredit can be economically exploited.”
The last line, in particular, seems to have been proven, as a developer took to Twitter to claim that he has discovered an exploit of the contract and advised any users that had deposited funds into the contract to withdraw or sell it immediately.
The developer, Nour Haridy, reportedly shared the exploit with other developers who tested the exploit themselves and confirmed the veracity of his claim.
In fact, more recently, according to developer Ivan Martinez, someone used a different attack vendor on yCredit than the one originally discovered by Haridy.
Amidst these developments, data from Etherscan suggests that people continued to buy in more, despite the imminent warnings about a confirmed exploit.
Many have raised alarms as to why the contract was deployed without being finished and tested. One user expressed his concern on Twitter stating,
“This is why you guys should only release fully finished products – for the sake of yearn, its holders, and not least for your own reputations sake.”
While Yearn Finance was not directly involved in yCredit, this isn’t the first time its founder Andre Cronje has been in the spotlight for ‘untrustworthy’ projects. It is unclear how Yearn’s reputation and price will be affected by these developments.
OhNoCrypto
via https://www.ohnocrypto.com
Samyuktha Sriram, @KhareemSudlow