YAM Incident: Root Cause Analysis



totalSupply & initSupply

Figure 2: State Changes in the First Rebase
Figure 3: State Changes in the Second Rebase
Figure 4: YAMToken::rebase() Creates an Abnormal totalSupply
Figure 5: YAMRebaser::rebase() Propagates the Wrong totalSuppy to initSupply

Why can’t we execute the bug-fix proposal before the second rebase?

Figure 6: GovernorAlpha::queue() Sets the ETA of the Proposal

Why not executing the proposal after the second rebase?

Figure 7: GovernorAlpha::execute() Reverts b/c of the State of the Proposal
Figure 8: GovernorAlpha::state() Returns ProposalState.Defeated b/c of quorumVotes()
Figure 9: GovernorAlpha::quorumVotes() Returns a Huge Number b/c of the Abnormal initSupply


Figure 10: Timeline of SAVE YAM!

2020–08–14 Update

About Us




A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Step by step process of what happens when we execute the command ls *.c in the terminal

gRPC-gateway as a KrakenD plugin

Springboot + Cucumber + Gradle

Testing Helm Chart Install Reliability

Get Prometheus Metrics from a Express.js app

How To Fix BLU G5 Plus Not Charging [Troubleshooting Guide]

Learning How to Code Won’t Make You More Technical. Here’s why and what to do instead.

Demystifying Clean Architecture

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


A Blockchain Security Company (https://peckshield.com)

More from Medium

Multiple Protocol’s Highly Advanced Products Enable Unlocking the Next Phase of DeFi!

Bridges to Fuse

Announcing StarshipDAO Short Term Objectives, Long Term Visions & Current Updates

A brief history of DEX #2 — Impermanent losses