Security

Yearn Legacy yETH Pool Drained by Infinite Token Minting Flaw

A stale storage cache in a legacy stableswap contract enabled an infinite minting attack, leading to $9M in asset loss and systemic LST imbalance.
December 6, 20253 min

The image displays a 3D rendering of a complex molecular structure, predominantly in translucent blue. It features numerous spherical nodes connected by rod-like links, with a central, irregular, liquid-like mass dynamically forming
A sophisticated cryptographic chip is prominently featured, partially encased in a block of translucent blue ice, set against a dark, blurred background of abstract, organic shapes. The chip's metallic components and numerous pins are clearly visible, signifying advanced hardware

Briefing

The Yearn Finance yETH stableswap pool was compromised via a critical logic flaw in its legacy smart contract, resulting in a total loss and systemic imbalance across the Liquid Staking Token (LST) ecosystem. The primary consequence is the immediate and unrecoverable draining of assets from the pool, impacting users and creating volatility for related LSTs. The attack leveraged a stale storage cache to enable an infinite token mint, a highly capital-efficient exploit that netted the attacker approximately $9 million in total economic damage.

The image displays a partially opened spherical object, revealing an inner core and surrounding elements. Its outer shell is white and segmented, fractured to expose a vibrant blue granular substance mixed with clear, cubic crystals

Context

The prevailing risk factor was the continued operational reliance on legacy smart contracts that predated modern auditing standards and security best practices. Specifically, the yETH pool utilized a stableswap design that employed a cached value for gas optimization, a known anti-pattern that introduces significant state-management risk if the reset function is not rigorously enforced. This architecture created an unaddressed attack surface for state manipulation exploits, which was eventually leveraged.

A luminous, translucent blue-grey amorphous structure elegantly envelops a vibrant, solid blue sphere, set against a subtle gradient background. The flowing, organic forms create a sense of depth and protection around the central element

Analysis

The attacker exploited a flaw where the pool’s internal accounting variable, a cached value intended to optimize gas costs, was not correctly cleared or updated after the pool was fully emptied. By depositing a minimal amount (16 wei) into the contract, the attacker triggered the minting function, which incorrectly referenced the stale, high-value cached state. This allowed the malicious actor to mint an astronomical quantity of yETH tokens, which were then immediately redeemed for the pool’s underlying assets, effectively draining the entire liquidity. The use of self-destructing smart contracts further obfuscated the on-chain forensic trail, demonstrating a high level of threat actor sophistication.

The image displays an abstract composition featuring textured blue and white cloud-like forms, transparent geometric objects, and a detailed moon-like sphere. These elements float within a digital-looking environment, creating a sense of depth and complexity

Parameters

  • Total Economic Loss → $9,000,000 – The estimated total financial impact and asset loss from the exploited pool.
  • Attack VectorInfinite Token Minting – The specific smart contract logic flaw enabling the creation of 235 septillion tokens from minimal input.
  • Stolen Assets Laundered → 1,000 ETH – The approximate value of assets immediately transferred to a mixing service (Tornado Cash) for obfuscation.
  • Vulnerable Component → Legacy Stableswap Contract – The specific, older version of the yETH liquidity pool logic containing the unreset cache flaw.

A striking blue and white frosted structure, resembling a dynamic splash, stands prominently on a reflective surface, surrounded by scattered granular particles. A small, clear, textured sphere is positioned in the foreground, with a larger, blurred metallic sphere in the background

Outlook

Immediate mitigation for users involved with similar legacy pools is to withdraw assets and revoke all token approvals until a full contract audit and redeployment is completed. The contagion risk is moderate, primarily affecting other protocols utilizing similar older stableswap contract forks or those relying on the compromised pool’s liquidity as an internal price feed. This incident mandates a new security best practice → the immediate deprecation and migration of all legacy contracts using gas-optimization patterns that rely on state-caching without formal verification of reset mechanisms.

A dark blue, spherical digital asset is partially enveloped by a translucent, light blue, flowing material. This enveloping layer is speckled with numerous tiny white particles, creating a dynamic, abstract composition against a soft grey background

Verdict

This exploit serves as a definitive operational mandate that all legacy DeFi infrastructure must be retired immediately, as the technical debt of outdated smart contract logic is now an unacceptable systemic risk to capital.

Smart contract exploit, infinite token minting, DeFi accounting flaw, stableswap pool, liquidity pool drain, stale storage cache, on-chain forensic analysis, self-destructing contract, asset loss, Ethereum LST, governance token, yield aggregator, smart contract logic, token valuation, protocol risk, flash loan attack, reentrancy vector, cross-chain bridge, oracle manipulation Signal Acquired from → thehackernews.com

Micro Crypto News Feeds

stableswap pool

Definition ∞ A stableswap pool is a type of liquidity pool in decentralized finance (DeFi) specifically designed to facilitate efficient exchanges between pegged assets, such as stablecoins or wrapped tokens.

yeth pool

Definition ∞ A yETH Pool refers to a specific liquidity pool within the Yearn Finance ecosystem, typically designed to optimize yield for wrapped Ethereum (wETH) or other ETH-derived assets.

on-chain forensic

Definition ∞ On-chain forensic refers to the specialized investigation and analysis of transactions and activities recorded directly on a blockchain ledger to trace digital asset movements and identify associated entities.

asset loss

Definition ∞ Asset Loss denotes the depletion of value or disappearance of digital or physical assets.

infinite token minting

Definition ∞ Infinite token minting is a critical vulnerability in a digital asset's smart contract that allows an attacker or unauthorized entity to create an unlimited supply of new tokens.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

liquidity pool

Liquidity Pool ∞ is a collection of cryptocurrency tokens locked in a smart contract, typically used to facilitate decentralized trading.

liquidity

Definition ∞ Liquidity refers to the degree to which an asset can be quickly converted into cash or another asset without significantly affecting its market price.

smart contract logic

Definition ∞ Smart contract logic refers to the predefined, self-executing code embedded within a smart contract that dictates its behavior and conditions for execution.

Tags:

Tags: