The team behind Yam Finance battled a malicious governance attack and protected its treasury worth millions.
A starlet of the DeFi summer back in 2020, Yam Finance attracted over $400 million in funds from yield farmers on its first day. The project eventually collapsed, however, after a bug in its unaudited smart contract inflated the number of YAM tokens by 10x, rendering any governance decisions impossible.
The project now lives on in a newer form after receiving $115,000 in donations to execute a security audit.
The latest governance attack has now put the project back in the spotlight.
“Earlier today, there was a governance attack on the DAO that has been thwarted,” tweeted Yam Finance on July 9.
According to a report published by the team, the attackerissued a malicious governance proposal with a spam description with the intent to gain control of the project’s treasury.
“Contributors comps for May, backpay for VDM, settling synths tokens and success tokens, sending settled rewards tokens to reserves, sending and withdrawing test Uma and claiming sushi for reserves,” read the garbled description, per Etherscan.
Shortly after the proposal was created, the attacker then voted on the proposal using 224,739 YAM tokens (a sum sufficient to reach a quorum).
YAM, the native token of Yam Finance, currently token trades at $0.11 down 2.5% over the past 24 hours, according to data from CoinMarketCap.
Before execution, however, the team was able to cancel the proposal through their privileges, blocking the malicious attack. The proposal was canceled…