DeFi project, Yam Finance, which bills itself as a “minimally viable monetary experiment,” thwarted a malicious governance attack intended to change the admin of Yam reserves. Although the attacker made it challenging to detect, the platform detected and canceled the proposal.
According to preliminary reports, it all started on July 7th and was discovered by the Yam DAO on July 9th. The attacker submitted a governance proposal that included an unverified contract granting control of its reserves to an unknown third party.
The malicious contract interacted with the Yam Incentivizer contract and SushiSwap, and the attached proposal reached a quorum with 224,739 YAM. This indicates that the attacker attempted to mislead users into voting before being stopped by the Yam Finance team.
According to DeepDAO, if the attack had been successful, it would have been able to drain the Yam Finance treasury, which currently holds $3.1 million in crypto assets.
Yam Finance is currently in the midst of another governance vote. With a snapshot vote that recently passed to allow the redemption of assets in the YAM treasury with YAM tokens, 54 percent voted in favor of it, 46 percent voted against it. Thus, 410% of the quorum was met (2.05M YAM voting).
Some members of the community have proposed a new re-vote, claiming that the original process did not follow standard governance procedures.
Subscribe to the Crypto Times for more DeFi updates.
