Restoring the Yield Protocol
Introduction
On March 13th, Euler Finance was hacked. This impacted the Yield Protocol because some of the funds in Yield’s liquidity provider system were deposited with Euler to increase yields. This article describes the impact of the hack, the dev team’s work on restoring the protocol, and the return of funds to impacted users.
The Hack and the Wait
Yield’s liquidity provider system is built around an automated market maker called YieldSpace. Liquidity providers deposit funds into “strategy” contracts that further manage the deposit of liquidity funds into YieldSpace pools.
YieldSpace is akin to Uniswap v2, but with its formula tailored to trade tokens in interest rates rather than prices. The system’s efficiency, like other on-chain automated market makers, is dependent on the liquidity provided. To encourage liquidity by enhancing returns, Yield Protocol integrated with Euler, starting with the YieldSpace-TV release.
When Euler was compromised in the hacking incident, Yield Protocol’s liquidity system became completely frozen due to the immobilization of eTokens it held. As a precautionary measure, we paused the entire Yield Protocol to prevent further damage. While we waited for the hack’s resolution, work continued on unaffected Yield Protocol features, but several potential solutions hinged on the hack’s outcome.
When Euler recovered most of the money and put forth a plan to return it to users, the dev team realized that we could completely restore the protocol by coordinating with Euler to receive the returned funds and have them deposited into Yield.
The Restoration Process
Once the hacked funds were returned to Yield Protocol, the dev team set to work to restore the protocol. The restoration process involved many complex steps. Because the hack impacted Yield Protocol maturities that were in different phases of their lifecycles, each maturity required a separate recovery plan.
Creating a new June series identical to the old one, minus the Euler integration, was straightforward. The YieldSpace pools were restored by initializing them with a small amount, then performing a small trade to set the pools to the same interest rate as the hacked ones.
For the now matured March series, moved to a new September series, the process was more complex. We used the recovered assets to provide liquidity, simulating a redemption of the March fyToken, and minting new September fyTokens. This convoluted process required the creation of a flash-loan based contract with fyToken minting permissions.
Throughout the process, precise calculations were necessary to ensure the pools’ value remained consistent pre and post-restoration. A custom contract was also needed to transfer all debt from the broken June series to the new one.
With a governance proposal in place, we aimed to deploy 26 new contracts, execute about 300 permissioned calls on the system, and move all the recovered assets to their final destinations. This process was meticulously developed, drawing upon our governance experience and leveraging a substantial amount of existing code.
A multi-layered approach was used to test the proposal. After careful analysis, adjustments, and multiple test-runs, the protocol was successfully restored. We also liaised with liquidation bot operators to ensure no issues were present upon restarting and reviewed and restored any automated alerts. The protocol is now functioning again, with all recovered assets in the pools in the right proportions.
Returning Assets to Users
The final piece of the restoration puzzle is to return the assets to the affected users. This will be accomplished by having users swap impacted liquidity provider tokens for new liquidity provider tokens.
In order to facilitate the swap, we developed a custom Merkle Root Distributor. This contract allows affected users to exchange the broken tokens they held at the time of the hack for the new tokens minted during the protocol restoration process.
While the value of tokens users received will remain the same, the number of tokens might differ due to the differing exchange rates. All of these operations have to be meticulously coded, tested, and audited to ensure accuracy and security.
A Thank You to Our Community
We are fortunate that the outcome of this hack will not result in losses to the Yield community. Nevertheless, it has been a very long journey back to full protocol restoration.
We understand the inconvenience and uncertainty caused by the hack and subsequent disruption, and we appreciate your patience as the dev team navigated through the complexities of restoring the protocol.
We would like to express our heartfelt gratitude to users who have encouraged us during this process. Your support and understanding have been invaluable to us. Thank you.
