Harvest Finance Hacked: Flash Loans and How to Mitigate Risk of Loss

Harvest Hacked and how to protect against losses

Weekly Analyst Thoughts

This past weekend, Harvest Finance, a Defi yield farming protocol, was hacked using a Defi transaction mechanism called a flash loan. A flash loan is a specific type of transaction where the borrower must repay the loan in the same blockchain transaction. If the borrower does not repay the full loan (principal + interest), the transaction reverts, so as to seem like the flash loan never happened. Like Harvest, Aave also supports flash loan transactions and credits much of its meteoric 2020 price rise to this feature.

The Harvest Finance attack was executed through the Curve Finance Y pool with a flash loan. As seen below, Harvest’s near $3 billion in volume and over 170% APY raised concerns that there was irregular activity in the Curve Finance pool.

Source: Curve.fi

The takeaway from this clever arbitrage on Harvest Finance is that even if a yield farming protocol has multiple layers of audits (as Harvest did), it can still be vulnerable to attacks. So, don’t let the fact that a protocol is audited give a false sense of security when investing in Defi yield farming protocols. Instead, it is safer to diversify risk by investing with several reputable yield farming platforms (Ex: Uniswap, Balancer) to mitigate the risk of lost funds through sophisticated flash loan attacks.

By Jacob Stelter

Multi-Platform Yield Farming With Curve’s CRV Token

Weekly Analyst Thoughts

Curve Dao Token- CRV

In the Defi ecosystem, three major decentralized exchanges, Dexes, are used. These Dexes are Uniswap, Balancer, and Curve.

Balancer’s BAL token incentivizes Defi users to become liquidity providers within their Balancer pools to earn BAL tokens, while Uniswap has the network effect of being one of the first Dexes to have liquidity pools. Curve, on the other hand, is known as the stablecoin Dex where users can seamlessly exchange stablecoins like sUSD, DAI, USDC, and USDT, making them one of the most popular Dexes in the ecosystem. To add to their fervor, Curve has released their own CRV token to incentivize Defi users to contribute to their liquidity pools.

The rewards for CRV tokens are between 57-150% for contributing to a Curve liquidity pool. I would recommend that Defi users combine Compound liquidity rewards with CRV liquidity rewards to maximize their yield farming earnings.

Example Yield Farming Scenario:

  1. Supply $10,000 of USDC to Compound Protocol: Estimated Interest Revenue: $671, Compound Liquidity Earnings: $817
  2. Supply $10,000 cUSDC tokens received from supplying to Compound Protocol: Estimated Interest Revenue: $822, CRV Liquidity Earnings: $6,056

Estimated Yield Farming APY: 83.66%

In summary, with the addition of new yield farming tokens, there is new opportunity to combine different Defi protocols and earn higher than normal APY, all while helping other Defi users trade seamlessly between different Ethereum ERC-20 tokens.

By Jacob Stelter