The $9M yETH Exploit How 16 Wei Became Infinite Tokens #1629
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
Author
🔗 Additional ContextOriginal Blog Post: https://research.checkpoint.com/2025/16-wei/ Content Categories: Based on the analysis, this content was categorized under "Blockchain & Crypto -> New page such as "DeFi AMM Accounting Bugs & Virtual Balance Cache Exploitation" (covering cached virtual balances on supply==0, rounding-residual state poisoning, and flash-loan-based manipulation)". Repository Maintenance:
Review Notes:
Bot Version: HackTricks News Bot v1.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 Automated Content Update
This PR was automatically generated by the HackTricks News Bot based on a technical blog post.
📝 Source Information
🎯 Content Summary
This blog post dissects a critical accounting vulnerability in Yearn Finance’s yETH pool on Ethereum that allowed an attacker to steal ~9M USD by minting ~235 septillion yETH LP tokens in exchange for only 16 wei (~4.5×10⁻¹⁷ USD). The bug arises from cached virtual-balance storage (
packed_vbs[]) not being reset when the pool’s total LP token supply becomes zero, enabling a “phantom liquidity” condition and catastrophic LP over-minting.Protocol Architecture an...
🔧 Technical Details
Trick 1 – Exploiting Cached Virtual Balances That Aren’t Reset on
supply == 0The core technique is to abuse AMM implementations that cache derived state (such as virtual balances) for gas savings but fail to reset these caches when total LP supply reaches zero. In such designs, each asset’s virtual balance is computed as
vb_i = balance_i × rate_i / PRECISIONand stored in an array likepacked_vbs[]. When liquidity is removed, the code decrements these cached values proportionally. If the implementation never explicitly setspacked_vbs[i] = 0when all LP tokens are burned, a state can arise wheresupply == 0yetpacked_vbs[] > 0. Any logic that interpretsprev_supply == 0as a pristine “first deposit” and reuses cached values instead of recomputing from actual balances is then exploitable: a tiny dust deposit can trigger minting of LP tokens calibrated against historic ...🤖 Agent Actions
Summary:
packed_vbs[], how rounding residues plus a missing reset onsupply == 0enabled the 16-wei/235-septillion LP over-mint, the flash-loan driven poisoning workflow, generalized exploitation preconditions, and concrete engineering/monitoring defenses.Files Touched:
src/blockchain/blockchain-and-crypto-currencies/defi-amm-virtual-balance-cache-exploitation.mdsrc/blockchain/blockchain-and-crypto-currencies/README.mdThis PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.