The price says it all. Yam is a big X following an unfixable inflationary bug that prevents even governance votes from addressing it.
“We submitted a governance proposal and cast a vote with what we originally believed were sufficient votes to be able to enact it.
Shortly thereafter, with help from security experts, we concluded that the rebaser bug would interact with the governance module and prevent this proposal from succeeding,” the Yam team said.
It’s unclear who discovered this bug, and so quickly, preventing what could have been a far bigger catastrophe as this project out of no where was hyped to the sky despite it proudly proclaiming ‘audits: none.’
We suspect it was the Cornell boys as this bug was discovered just hours after Emin Gün Sirer said he was going to have a look.
Thankfully it seems only $750,000 has been lost with these being Curve y tokens locked in the governance.
“The rebase bug led to the minting of decillions of YAM to the governance vault. This YAM exists and does not vote. This means that no votes can pass, because they can never reach a quorum,” says developer James Prestwich.
“I’m sorry everyone. I’ve failed,” Brock Elmore of Yam said following the realization governance can’t fix this.
“Reckless,” was the one word summary of these events by Péter Szilágyi, the Geth maintainer.
All are now asked to ‘exit Yam,’ with this being an unaudited contract by what looks like a young team, but there seems to be adults as well.
Who exactly thought it’s a great idea to meme no audits, is not clear, but it may be a blessing in disguise as all now know just what the cost of lack of security can be.
Plenty learned it long ago during the DAO hack at the collective cost of about $200 million and a very icy bear winter for 2016 eth.
Here, the hype thankfully was stopped right at the beginning, but it is somewhat incredible that the VC funded The Block did not stop with some shock at the attempt to meme ‘no audit’ before unleashing the hype with their Yam article.
The Block guys are newcomers though, so hopefully they’ve learned the number one rule in this space: security is not a joke.
That said, this episode seems to have ended just as quickly as it began, with little lost, and something gained as clearly some people thought even audits can be played with.
Now, we did expect even before but we double expect all projects that want other people’s money to ensure the highest level of security and to try and grow slowly as bugs can be inevitable.
Many of the defi projects that have grown have been tested for years. The same should be expected for new projects as little slips in this space can lead to the loss of a lot of money.