10 Sep 2020 · 2 min read

Uniswap DeFi Trader Tells a Story Of Exploiting A Bug and Making USD 270k

An alleged trader on the Uniswap decentralized exchange claims she/he made close to USD 270,000 in profits after exploiting a bug with the rebase functionality of the recently listed token Soft Yearn (SYFI).

Source: Adobe/Nuthawut

The claim was made through an anonymous Twitter account called Amplify on Monday this week, with the person claiming that she/he is “the person who sold SYFI on [Uniswap] at the same time as the Rebase.”

SYFI is a token designed to be “soft pegged” to the price of yearn.finance (YFI) through a built-in “rebase” mechanism that automatically adjusts the token supply. In addition to SYFI, rebasing as a tool to control price has also been used on projects like Yam Finance (YAM) and Ampleforth (AMPL).

According to Amplify, it was a bug with the rebase mechanism of SYFI, which she/he said was released with “unaudited code,” that in the early morning of September 3 allowed him to instantly turn an initial investment of ETH 0.5 (USD 182) into ETH 740 (USD 270,000).

“Minutes before the Rebase I decided to buy back into SYFI with my initial investment of [0.5 ETH], I already made 1.5ETH. I had nothing to lose, right?,” Amplify said before she/he went on to explain what happened next:

“I am staring at the [Uniswap] UI with bated breath when the 2 SYFI turns into 15,551, and subsequently the price quote for these tokens being over 740ETH. My immediate thought is: This is a UI bug, it's going to bait me into sending a transaction I know will fail because of insufficient output amount.”

However, on second thought, Amplify decided to go ahead with the transaction: “Seeing what I saw, don't tell me you wouldn't,” the person wrote.

And as we now know, the trade paid off, making Amplify, who described herself/himself as having “a small trading account,” close to USD 270,000 as the rebase happened by giving ETH to her/him and taking it away from other SYFI holders.

“I am not justifying my actions as being a betterment to society, however; I am condemning the actions of the developers for having the balls to ask for a PRESALE for a forked coin and pushing it with unaudited code,” Amplify said.

The exploit led to the collapse of the Soft Yearn project, with SYFI’s token price on September 4 falling from close to USD 100 to USD 0.002, and trading volume on Uniswap largely evaporating.
___
Learn more:
Safety Second: Top DeFi Projects By Highest Audit Scores
The DeFi Sector Is Breaking The Law - It’s Time to Act