Security

Yearn Legacy yETH Pool Drained by Infinite Token Minting Flaw

A stale storage cache in a legacy stableswap contract enabled an infinite minting attack, leading to $9M in asset loss and systemic LST imbalance.
December 6, 20253 min

A highly detailed close-up reveals a sleek, metallic blue and silver mechanical device, featuring a prominent lens-like component and intricate internal structures. White, frothy foam actively surrounds and interacts with the central mechanism, suggesting a dynamic operational process within the unit
A pristine white sphere, resembling a valuable digital asset, is suspended within a vibrant, translucent blue structure. This structure, reminiscent of frozen liquid or crystalline data, is partially adorned with white, textured frost along its edges, creating a sense of depth and complexity

Briefing

The Yearn Finance yETH stableswap pool was compromised via a critical logic flaw in its legacy smart contract, resulting in a total loss and systemic imbalance across the Liquid Staking Token (LST) ecosystem. The primary consequence is the immediate and unrecoverable draining of assets from the pool, impacting users and creating volatility for related LSTs. The attack leveraged a stale storage cache to enable an infinite token mint, a highly capital-efficient exploit that netted the attacker approximately $9 million in total economic damage.

A white, rectangular, modular device with visible ports and connections extends into a vibrant, glowing blue crystalline structure, which is composed of numerous small, luminous spheres and interspersed with frosty textures. The background shows a blurred continuation of similar blue and white elements, suggesting a complex digital environment

Context

The prevailing risk factor was the continued operational reliance on legacy smart contracts that predated modern auditing standards and security best practices. Specifically, the yETH pool utilized a stableswap design that employed a cached value for gas optimization, a known anti-pattern that introduces significant state-management risk if the reset function is not rigorously enforced. This architecture created an unaddressed attack surface for state manipulation exploits, which was eventually leveraged.

A snow-covered mass, resembling an iceberg, floats in serene blue water, hosting a textured white sphere and interacting with a metallic, faceted object. From this interaction, a vivid blue liquid cascades into the water, creating white splashes

Analysis

The attacker exploited a flaw where the pool’s internal accounting variable, a cached value intended to optimize gas costs, was not correctly cleared or updated after the pool was fully emptied. By depositing a minimal amount (16 wei) into the contract, the attacker triggered the minting function, which incorrectly referenced the stale, high-value cached state. This allowed the malicious actor to mint an astronomical quantity of yETH tokens, which were then immediately redeemed for the pool’s underlying assets, effectively draining the entire liquidity. The use of self-destructing smart contracts further obfuscated the on-chain forensic trail, demonstrating a high level of threat actor sophistication.

A prominent textured sphere, resembling a moon, is securely nestled within a sophisticated metallic blue and silver geometric structure. This intricate assembly is partially covered with white frosty particles, creating a visual metaphor for robust digital asset security

Parameters

  • Total Economic Loss → $9,000,000 – The estimated total financial impact and asset loss from the exploited pool.
  • Attack VectorInfinite Token Minting – The specific smart contract logic flaw enabling the creation of 235 septillion tokens from minimal input.
  • Stolen Assets Laundered → 1,000 ETH – The approximate value of assets immediately transferred to a mixing service (Tornado Cash) for obfuscation.
  • Vulnerable Component → Legacy Stableswap Contract – The specific, older version of the yETH liquidity pool logic containing the unreset cache flaw.

The image displays vibrant blue crystalline formations, partially covered in white, snow-like granular material, intersected by polished silver rods. Several transparent, reflective spheres float around these structures, some resting on the white substance

Outlook

Immediate mitigation for users involved with similar legacy pools is to withdraw assets and revoke all token approvals until a full contract audit and redeployment is completed. The contagion risk is moderate, primarily affecting other protocols utilizing similar older stableswap contract forks or those relying on the compromised pool’s liquidity as an internal price feed. This incident mandates a new security best practice → the immediate deprecation and migration of all legacy contracts using gas-optimization patterns that rely on state-caching without formal verification of reset mechanisms.

A large, deep blue, translucent faceted object, resembling a gemstone, is depicted resting at an angle on a reflective, rippled surface. White, textured, cloud-like formations are positioned around and partially on top of the blue object, with one larger mass on the right and smaller ones on the left

Verdict

This exploit serves as a definitive operational mandate that all legacy DeFi infrastructure must be retired immediately, as the technical debt of outdated smart contract logic is now an unacceptable systemic risk to capital.

Smart contract exploit, infinite token minting, DeFi accounting flaw, stableswap pool, liquidity pool drain, stale storage cache, on-chain forensic analysis, self-destructing contract, asset loss, Ethereum LST, governance token, yield aggregator, smart contract logic, token valuation, protocol risk, flash loan attack, reentrancy vector, cross-chain bridge, oracle manipulation Signal Acquired from → thehackernews.com

Micro Crypto News Feeds

stableswap pool

Definition ∞ A stableswap pool is a type of liquidity pool in decentralized finance (DeFi) specifically designed to facilitate efficient exchanges between pegged assets, such as stablecoins or wrapped tokens.

yeth pool

Definition ∞ A yETH Pool refers to a specific liquidity pool within the Yearn Finance ecosystem, typically designed to optimize yield for wrapped Ethereum (wETH) or other ETH-derived assets.

on-chain forensic

Definition ∞ On-chain forensic refers to the specialized investigation and analysis of transactions and activities recorded directly on a blockchain ledger to trace digital asset movements and identify associated entities.

asset loss

Definition ∞ Asset Loss denotes the depletion of value or disappearance of digital or physical assets.

infinite token minting

Definition ∞ Infinite token minting is a critical vulnerability in a digital asset's smart contract that allows an attacker or unauthorized entity to create an unlimited supply of new tokens.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

liquidity pool

Liquidity Pool ∞ is a collection of cryptocurrency tokens locked in a smart contract, typically used to facilitate decentralized trading.

liquidity

Definition ∞ Liquidity refers to the degree to which an asset can be quickly converted into cash or another asset without significantly affecting its market price.

smart contract logic

Definition ∞ Smart contract logic refers to the predefined, self-executing code embedded within a smart contract that dictates its behavior and conditions for execution.

Tags:

Tags: