YAM Minting Incident Postmortem

What happened

On the morning of September 9th (EST) it was discovered that the most recent on-chain governance proposal had mistakenly minted 20 Billion YAM tokens and sent them to the YAM multi-sig address.

The part of the transaction that went wrong was related to YIP-79, which was an approved proposal to transfer YAM from the contributor compensation fund to the project multi-sig. There was a chain of errors that lead to this happening:

• The first error was that a mint function was mistakenly added to the transaction instead of the transfer specified by YIP-79.
• Then the second error occurred because Yam has a mintUnderlying and a mint function. The former takes Balance of Underlying (BoU) values (6 more decimal places, and / by 2.5), and the latter normal values. The functions were mixed up and BoU values were used in the mint function, which then turned the desired 50,000 into 20,000,000,000.
• The third error was that no one caught either of these mistakes when reviewing or voting on the proposal.

The Response

Once the erroneous mint was noticed, the multi-sig signers were alerted to try and burn the tokens. But due to the fact that the YAM token contract does not allow sends to the typical burn address, they cannot be burned directly from the multi-sig.

The solution was to send the 20B YAM to the DAO treasury, which is controlled by token holders, and burn them in the next on-chain governance proposal. This will secure these tokens from being used or distributed before they can be burned. There is another governance proposal that is currently being worked on and these tokens will be burned in that proposal, which is expected to happen early next week (week of Sept 13th).

In response to this incident, we are reviewing our internal and external processes to make sure this doesn’t happen again. We pride ourselves on the DAO working in a decentralized manner, but without community and team members reviewing and scrutinizing our on chain actions, this decentralization is brittle and gives an outsized amount of power to those writing transactions.

Internally, we will take the following actions going forward:

• Make sure that on chain proposal code is worked on and reviewed by 2 core contributors before submitting it.
• Improve our testing suites and checks for proposals.
• Improve the UI of our voting page to make it easier to understand what functions are being called and what the inputs are.

Externally, we need to increase awareness around how our on-chain transactions work and encourage community members to scrutinize the proposals.

We at YAM are committed to the vision of on-chain, decentralized governance and will continue to innovate to achieve that vision. As we have seen, there are often speed bumps along the way and we must all work to become better able to navigate around them.

Relevant Transactions

You can see the transaction that minted the 20B YAM here: https://etherscan.io/tx/0x4a8d7b41f11ea9ceb966075bf7b4c3717ca744957b0f0af03cb9c28adc4ab568

The above transaction was one of many that were part of the governance proposal submitted on September 8th. That transaction is here: https://etherscan.io/tx/0x8f0a543a7df0b56880b71f2b5c6dce145e5835c28dde42609e56fb05137fff11/advanced

Here is the transaction to send the 20B YAM from the multi-sig to the YAM treasury: https://etherscan.io/tx/0x561213a01ddefa95fde11f1aa5e3cfffe6a56ac05c98feacb9b7a4a46178bb0b