Skip to content

Instantly share code, notes, and snippets.

What would you like to do?

We noticed an attack on governance (July 9th 2022)

Thanks to the ping from trent, samczsun and yambot.


Brief details

attacker uses multiple addresses

malicious contract (interacts with yam, yam gov, yam incentivizer, sushi lp)

200 eth in to their main address

1- normal activity (few days ago)


they get yam then add liquidity on sushiswap and stake

they get rewards

they exit stake and remove liquidity

they swap yam to eth

2- semi-normal activity (recently)


they get yam then add liquidity on sushiswap

they transfer the ownership of their stake to the contract

3- suspicious activity (recently)


creates malicious contract

they delegate to the contract

they deposit into lp and stake

while in the pool they propose the deployed malicious proposal

they vote on it with 224739 YAM quickly hitting quorum

they transfer the lp stake back to the actor address in 1- (who then exit swaping yam out to eth)

Attack Summary

  • the attack on governance went on around July 7th 2022
  • they propose a malicious proposal, trying to change the admin of yam reserves
  • they try to misguide users to vote with the description of the proposal
  • we cancelled the malicious proposal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment