For many, yield farming has been a profitable activity: there have been stories of users turning small accounts into a large amount of capital, simply by swapping from projects like Yam Finance and SushiSwap.
But, for some, it’s been rather unprofitable.
Alex Manuskin, a researcher at crypto wallet startup ZenGo, recently noted that a user lost $140,000 worth of Uniswap’s UNI overnight due to a scam yield farm.Ethereum yield farmer loses $140,000 due to scammy contract: here’s what happened
This user stumbled across this new farm called UniCats a number of days ago. It looks somewhat legit: it has unique artwork and a user interface rather reminiscent of Yam or SushiSwap.Screenshot of the scam yield farm
MEOW, the native Ethereum-based token of this protocol, could be farmed with a number of tokens, including UNI.
So, this user, being somewhat of a UNI whale, decided to deposit some of his coins. In depositing his coins into Unicat, he was prompted with a “spend limit permission” window, to which he assigned an “unlimited” spend limit.
While he did cash out of the farm eventually, the unlimited spend limit allowed the sneaky developer behind UniCat to add a “backdoor to the farming contract,” to transfer the UNI in the addresses of users into an address controlled by this developer.
In total, the unfortunate user lost $140,000 in the Ethereum-based UNI.If you are not yet convinced that you should NOT be approving infinite tokens to some random smart contract/Dapp, here’s a story of how Jhon Doe lost $140K worth of UNI in their sleep.1/👇 pic.twitter.com/QltkevnzDY — Alex Manuskin (@amanusk_) October 5, 2020 The need for better education, especially in Ethereum DeFi
This user’s unfortunate loss of funds accentuates the need for better education in the crypto space, especially in a sector as esoteric and technologically advanced as decentralized finance and smart contracts.
The key issue here ...