SlowMist: The root cause of the yearn attack is unsafe mathematical operations in the Yearn yETH pool contract.

According to a report by Jinse Finance, monitored by SlowMist, on December 1, the decentralized finance protocol yearn suffered a hacker attack, resulting in a loss of approximately $9 million. The SlowMist security team analyzed the incident and confirmed the root cause as follows: The vulnerability originated from the logic of the _calc_supply function used to calculate supply in the Yearn yETH Weighted Stableswap Pool contract. Due to unsafe mathematical operations, this function allowed for overflow and rounding errors during calculations, causing significant deviations in the product calculation of the new supply and virtual balance. Attackers exploited this flaw to manipulate liquidity to specific values and excessively mint liquidity pool (LP) tokens, thereby making illegal profits. It is recommended to strengthen boundary scenario testing and adopt securely verified arithmetic mechanisms to prevent such high-risk vulnerabilities, such as overflows, in similar protocols.