Security

Yearn Finance StableSwap Pool Drained by Infinite Token Minting Flaw

Unchecked arithmetic in a custom yETH contract enabled a token supply inflation attack, leading to a $9 million liquidity drain.
December 3, 20253 min

The image features a central, textured white sphere encompassed by an array of vibrant blue crystalline structures, all set within an intricate, metallic hexagonal framework. This complex visual represents the core elements of a sophisticated blockchain ecosystem, where the central sphere could symbolize a foundational digital asset or a unique non-fungible token NFT residing within a distributed ledger
A gleaming metallic circular component, resembling a precision engineered mechanism, is partially submerged and surrounded by dynamic blue liquid and frothy white foam. In the background, blurred blue lines extend across a dark surface, suggesting intricate digital pathways and data flows within a sophisticated technological environment

Briefing

The Yearn Finance yETH StableSwap pool was compromised via a critical arithmetic flaw in a custom token contract, resulting in a loss of approximately $9 million in liquid staking tokens. This attack leveraged an unchecked calculation bug to mint an astronomical number of yETH tokens, thereby manipulating the token’s share price and draining the pool’s underlying assets. The immediate consequence is a significant capital loss for users of the affected pool, with the total financial impact quantified at $9 million, of which $2.4 million has been recovered.

A sleek, blue and silver mechanical device with intricate metallic components is centered, featuring a raised Ethereum logo on its upper surface. The device exhibits a high level of engineering detail, with various rods, plates, and fasteners forming a complex, integrated system

Context

The prevailing security posture for complex DeFi protocols, even those with multiple audits, includes an inherent risk from custom-coded components. This incident specifically leveraged a class of vulnerability → arithmetic errors in token accounting logic → that is often missed by standard security reviews focused on known attack patterns like reentrancy. The reliance on custom StableSwap pool logic, rather than fully battle-tested, standard components, created a novel and exploitable attack surface.

The image displays a transparent, ring-like structure containing a textured, frothy blue substance. A white spherical object is suspended centrally, with a thin stream of clear liquid flowing over the blue substance and around the sphere

Analysis

The attacker executed the exploit by targeting an unchecked arithmetic function within the yETH token’s custom contract. This specific bug allowed the attacker to bypass normal supply constraints and mint an effectively infinite amount of the yETH receipt token. With the massively inflated token supply, the attacker was able to exchange the worthless, newly-minted tokens for a disproportionate amount of the underlying, valuable liquid staking tokens held in the StableSwap pool. This exchange successfully drained the pool’s liquidity before the protocol’s automated systems could halt the transaction.

A large, textured sphere, resembling a celestial body, partially submerges in dark blue liquid, generating dynamic splashes. Smaller white spheres interact with the fluid

Parameters

  • Total Loss → $9 Million – The estimated total value of liquid staking tokens and ETH drained from the StableSwap pool.
  • Vulnerability Type → Unchecked Arithmetic Flaw – The specific code error that enabled the infinite token minting exploit.
  • Recovered Funds → $2.4 Million – The amount of stolen assets successfully recovered through coordinated efforts with DeFi partners.
  • Affected Asset → yETH Token – The receipt token whose custom contract logic contained the exploitable minting bug.

A prominent blue faceted object, resembling a polished crystal, is situated within a foamy, dark blue liquid on a dark display screen. The screen beneath illuminates with bright blue data visualizations, depicting graphs and grid lines, all resting on a sleek, multi-tiered metallic base

Outlook

Immediate mitigation for users of similar protocols requires the temporary pausing of deposits and withdrawals on any custom, unaudited, or newly deployed token contracts. The second-order effect is a heightened scrutiny on all custom arithmetic logic within DeFi protocols, particularly those involving share price calculation and token minting, which will likely establish a new, stricter standard for formal verification of token contract mathematics. Protocols must now prioritize immutable, battle-tested library functions over custom code for core financial operations to mitigate contagion risk.

A close-up view showcases a futuristic, metallic device with blue glowing elements, partially encased in a translucent, blue, gel-like substance. The device features intricate internal components, including what appear to be gears and circuits, suggesting advanced mechanical and digital functionality

Verdict

This breach confirms that custom arithmetic logic remains a critical, high-impact zero-day vector, demonstrating that even veteran protocols are not immune to fundamental smart contract design flaws.

smart contract vulnerability, arithmetic logic error, token supply inflation, decentralized finance exploit, liquidity pool drain, custom contract risk, unchecked calculations, DeFi security failure, asset manipulation, stable swap pool, on-chain forensics, protocol security, token minting flaw, code audit gap, liquid staking tokens, yield aggregator risk, digital asset theft, smart contract audit, security posture, risk mitigation Signal Acquired from → unchainedcrypto.com

Micro Crypto News Feeds

liquid staking tokens

Definition ∞ Liquid staking tokens are derivative digital assets that represent staked cryptocurrency, allowing users to retain liquidity while participating in Proof of Stake consensus.

security posture

Definition ∞ A security posture describes the overall state of an organization's cybersecurity defenses and its readiness to counter threats.

stableswap pool

Definition ∞ A stableswap pool is a type of liquidity pool in decentralized finance (DeFi) specifically designed to facilitate efficient exchanges between pegged assets, such as stablecoins or wrapped tokens.

liquid staking

Definition ∞ Liquid Staking is a DeFi mechanism that allows users to stake their cryptocurrency holdings while retaining liquidity.

infinite token minting

Definition ∞ Infinite token minting is a critical vulnerability in a digital asset's smart contract that allows an attacker or unauthorized entity to create an unlimited supply of new tokens.

amount

Definition ∞ Amount signifies a quantified measure of value, volume, or quantity, typically referring to digital assets or fiat currency within transactions.

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

defi protocols

Definition ∞ DeFi protocols are decentralized applications that provide financial services without traditional intermediaries.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

Tags:

Tags: