Finance Redefined is Cointelegraph’s weekly DeFi newsletter sent to subscribers every Wednesday.
Saturday, We saw one of the most complex smart contract hacks that has hit Pickle Finance to date, a performance tuning protocol very similar to Yearn, an important point for later.
PeckShield provided a technical explanation for this, but I think only Solidity developers can really understand it.
The high-level conclusion is: The hacker found two examples of manuals on code vulnerabilities in the ‘pickle jars’., the runtime of the protocol for Performance strategy contracts. Someone was the failure to check that the “glass” is really compatiblewhich led to the hacker’s deployment a “malicious glass” that the system believed was legitimate. The other mistake was a “remote” code execution vulnerability This enabled the hacking contract to call functions as if it were Pickle’s administrator contract.
The hacker basically alone instructed the wise contract to give him all the money he had. The booty is affected the entire glass of dai, for a value of around $ 20 million.
Some developers, including Banteg, a core member of Yearn’s team, They helped Pickle’s team assess the vulnerability. There wasn’t so much that could be done The money was gone and this hacker was not so kind as to return the money to the “nurses” affected by the hack.
But this was perhaps the first high-profile use of DeFi insurance. Coverage report, which provided coverage of such catastrophic events to some of Pickle’s users, paid the $ 320,000 in claims in full after a five day consultation.
The first merger, or should we say vassals?
Fast forward to Tuesday if Andre Cronje, the founder of Yearn, publishes a plan on how Pickle Finance and Yearn will now have a “symbiotic relationship”.
Essentially, Pickle’s yield breeding strategies become Yearns. Your developers will publish them on the Yearn platform and receive the reward of 10% performance fee, just like any other strategy builder. Overall, the Pickle team will benefit from the technical know-how of the Yearn team.
For Yearn users This symbiosis has some monetary and governance advantages. They can put their vault tokens, which represent their portion of an Income Agriculture Strategy Fund, into a pickle indicator. This is how they earn DILL, Pickle’s newly established voting mark. More rewards from Pickle are also plannedWhile users affected by the hack will eventually be reimbursed through a scheme with a different token called CORNICHON.
If any of you have ever played Crusader Kings 2 (a strategy game where you run a state in the Middle Ages) it would be very similar to the strategy of Volunteer to become a vassal of a great empire for protection from a larger enemy.
The two ecosystems will effectively merge and Longing users get a share of Pickle, but not the other way around. However, Some members of the Yearn community expressed their disagreement via a unilateral decision by the development team to include a different protocol.
At first glance, This seems to be exactly what token holders should have their say. In response, another senior Yearn member, Tracheopteryx, raised an important point about the process: (almost) no action required by Yearn.
The vaults are already “permissionless” so Pickle’s team could have developed a strategy in Yearn at any time. All additional tokens and counters are implemented on the pickle side;; again they could have done it themselves.
Even so, I would hope this will at least take away some resources from Yearn for integration and testing. However, the owners have delegated the most important operational decisions to the core team in an earlier vote.
The ease of fusion is a strong testament to this Compositing ability and freedom from DeFi, perhaps the “good example” compared to the birth of SushiSwap as a parasite of Uniswap. But we also have to be aware of the performance dynamics of all of this: I don’t want DeFi to look like my Crusader Kings games.