On Saturday, we saw one of the most sophisticated smart contract breaches still affecting Pickle Finance, a revenue optimization protocol similar to Yearn – an important moment for the future.
PeckShield gave a technical explanation for this, but I think only Solidity developers can figure this out.
The high level is that a hacker found two case studies of code vulnerabilities in tin cans – a protocol term for return strategy contracts. It was not possible to verify if the case was actually supported, resulting in the hacker using a “sinister bowl” that the system deemed valid. The second flaw was an “external” vulnerability in code execution that allowed the hacker node to be called, as if it were the Pickle admin contract.
At first, the hacker only requested a smart contract to give them all the money they had. Liu is a wholly damaged Dai bank, with an estimated value of $ 20 million.
Several developers, including Banteg, a key member of the Yearn team, helped the Pickle team test the vulnerability. Not that there was anything that could be done – the money was wasted, and this hacker wasn’t kind enough to return the money to the “nurses” who experienced the hack.
This was perhaps the first high-profile use of DeFi’s lockdown. Cover Protocol, which provided some Pickle users with insurance against such catastrophic events, paid out up to $ 320,000 in claims five days after discussion.
The first merger or dependency?
Fast forward to Tuesday when André Cronier, founder of Yearn, released a blueprint for how Pickle Finance and Yearn now have a “symbiotic relationship.”
Basically, Pickle’s return strategy will be aligned with Yearn’s strategy. Its developers will publish it on the Yearn platform and will receive a 10% performance bonus just like any other strategic developer. Generally speaking, the Pickle team will benefit from the technical expertise of the Yearn team.
For Yearn users, this symbiosis offers some benefits in terms of money and management. They will be able to place their Treasury scores, which are their share of the ROI Strategy Fund, in Pickle Scale. By doing so, they would win DILL, the newly created Pickle voting code. Additional bonuses are also planned from Pickle, and users affected by the hack will eventually be compensated for their costs through a different token called CORNICHON.
If any of you have ever played Crusader Kings 2 (a strategy game in which you lead a country in the Middle Ages), this is very similar to the strategy of wanting to become a vassal of a great empire in order to gain protection from the main enemy.
The two ecosystems come together effectively and Yearn users get a stake in Pickle, but not the other way around. However, some members of the Yearn community expressed opposition to the one-sided development team’s decision to adopt a different protocol.
At first glance, this would look like the kind that token holders are supposed to post. In response, another member of the Yearn nucleus, Tracheopteryx, argued an important point in the process: (roughly) no length is required.
Lockers are no longer licensed, so the Pickle team can strategize Yearn at any time. Additional icons and counters will be implemented on the Pickle side – again, they could have done this on their own before.
I still expected this to bring at least some resources from Yearn for integration and audit, but the owners delegated key operational decisions to the core team in the previous survey.
Simple amalgamation is irrefutable evidence of DeFi’s compatibility and freedom, and is perhaps a “good example” compared to the birth of SushiSwap as a Uniswap parasite. But we also need to be aware of the dynamics of all of that – I don’t want DeFi to look like my Crusader Kings games.
Further development this week
Money on Chain TEX has launched, a unique development of the concept of decentralized exchange inspired by the gold markets.
Mooniswap and 1inch pledge to launch NEAR’s AMM protocol to take advantage of the severed blockchain.
DHedge receives $ 1.1 million in capital to run the Decentralized Hedge Fund.