RIP $YAM live code review session result

• @gnidan from Truffle team did the cool demo of stepping through the rebase transactions. He also demoed how to debug failed transactions so that you can easily identify what the problem was (which is notoriously difficult when coding in Solidity).
• Wil Barnes from MakerDAO guided through his analysis of the actual bug on rebasing based on his blog post.
• Mariano Conti from MakerDAO explained which part of the code he reviewed to make the decision to YOLO (and he didn’t lose his deposit)

Here are some observations of the codebase.

• Many people looked into YAM***Pool.sol contracts where the deposits were stored as the primary concern for most of us were not to lose our own deposit.
• The copied contracts from Compound (TimeLock.sol and YAMGovernorAlpha.sol) actually had a good amount of comments detailing where it was copied from as well as exactly where the authors changed

• However, YAM.sol which contained the fatal bug had no comment and none of the attendees of our session reviewed the part before they YOLOed-in as we thought we would have less risk as long as our collaterals are SAFU.

And we also talked about the followings.

• Was it possible to add some sort of restriction to protect users?
• Did rebase bring more harm than benefit? If the future version of YAM take out the rebase feature, would it still add some value?
• YAM brought significant volume to COMPOUND (then crash after the bug) because it had incentive to bring more asset into less pooled assets. Can we use these similar incentives for different purposes (ie: personal token minters form a consortium to incentivise yield farming as collective. Incentive to mass migrate to specific l2 environment).

It is undeniable that many of us including developers YOLOed hard on $YAM (and probably many of us already moved into next YOLO) but it is important to gain as many learning as possible from this experience. If you want to get into more detail of our discussion, please watch this YouTube video

As I mentioned towards the end of the video, this is my attempt to reproduce London Ethereum Codeup which I have been running since 2016, the place where developers talk about code having an actual face to face conversation and make new friends. If you want to organise something similar, let us know!