{"id":120862,"date":"2020-11-26T15:28:05","date_gmt":"2020-11-26T12:28:05","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/finance-redefined-defi-gets-its-first-merger-after-a-devastating-hack-nov-18-25\/"},"modified":"2020-11-26T15:28:05","modified_gmt":"2020-11-26T12:28:05","slug":"finance-redefined-defi-gets-its-first-merger-after-a-devastating-hack-nov-18-25","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/finance-redefined-defi-gets-its-first-merger-after-a-devastating-hack-nov-18-25\/","title":{"rendered":"# Finance Redefined: DeFi gets its first merger after a devastating hack, Nov. 18-25"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a262472cdc21\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a262472cdc21\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/finance-redefined-defi-gets-its-first-merger-after-a-devastating-hack-nov-18-25\/#The_first_merger_or_should_we_say_vassalization\" >The first merger, or should we say vassalization?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/finance-redefined-defi-gets-its-first-merger-after-a-devastating-hack-nov-18-25\/#Further_developments_this_week\" >Further developments this week<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Finance Redefined: DeFi gets its first merger after a devastating hack, Nov. 18-25 <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjAtMTEvNjkzYzE0Y2MtOGVlYi00NzlmLWE1ODktMWMyNGVhM2Q0NTU2LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a><em>Finance Redefined is Cointelegraph&#8217;s weekly DeFi-centric <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>letter, delivered to subscribers every Wednesday.<\/em><\/p>\n<p>On Saturday, we saw one of the most complex smart contract hacks so far affecting Pickle Finance, a yield optimization protocol very similar to Yearn \u2014 an important point for later.<\/p>\n<p>PeckShield provided a technical <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/peckshield.medium.com\/pickle-incident-root-cause-analysis-5d73496ebc9f\">explanation<\/a> for it, but I think only Solidity developers can really understand it. <\/p>\n<p>The high-level take is that the hacker found two textbook examples of code vulnerabilities in the Pickle jars, the protocol\u2019s term for yield strategy contracts. One was failure to check if the jar is actually supported, which resulted in the hacker deploying an \u201cevil jar\u201d that the system believed to be legitimate. The other flaw was a \u201cremote\u201d code execution vulnerability that allowed the hacker\u2019s contract to call functions as if it were the Pickle administrator contract.<\/p>\n<p>The hacker basically just instructed the smart contract to give them all the money it held. The loot is the entirety of the affected Dai jar, worth about $20 million. <\/p>\n<p>A few developers including Banteg, a core Yearn team member, assisted the Pickle team in triaging the vulnerability. Not that there was much that could be done \u2014 the money was gone, and this hacker was not so gracious as to return money to \u201cnurses\u201d affected by the hack.<\/p>\n<p>But this was perhaps the first high-profile usage of DeFi insurance. Cover Protocol, which provided some of the Pickle users with coverage in case of disastrous events like this, paid out the $320,000 worth of claims in full after a five day deliberation.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/p>\n<h2><span class=\"ez-toc-section\" id=\"The_first_merger_or_should_we_say_vassalization\"><\/span>The first merger, or should we say vassalization?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Fast forward to Tuesday, when Andre Cronje, Yearn\u2019s founder, publishes a plan of how Pickle Finance and Yearn will now have a \u201csymbiotic relationship.\u201d<\/p>\n<p>In essence, Pickle\u2019s yield farming strategies are going to become Yearn\u2019s. Its developers will publish them on the Yearn platform and earn the 10% performance fee reward, just like any other strategy developer. In <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>, the Pickle team will benefit from the Yearn team\u2019s technical expertise. <\/p>\n<p>For Yearn users, this symbiosis brings with it some monetary and governance benefits. They will be able to put their vault tokens \u2014 which represent their share of a yield farming strategy fund \u2014 into a Pickle gauge. In doing so they will earn DILL, Pickle\u2019s newly established voting token. Further rewards coming from Pickle are also planned, while users affected by the hack will eventually be reimbursed through a scheme involving another token called CORNICHON.<\/p>\n<p>If any of you ever played Crusader Kings 2 (a strategy <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> where you lead a state in the Middle Ages), this would look very similar to the strategy of willingly becoming some large empire\u2019s vassal to receive protection from a bigger enemy.<\/p>\n<p>The two ecosystems will be effectively merged, with Yearn users receiving a stake in Pickle but not the other way around. Nonetheless, some Yearn community members expressed dissent over what seems like a unilateral decision by the development team to absorb another protocol. <\/p>\n<p>On the face of it, this would look like the exact type of thing token holders should have a say in. In response, another Yearn core member, Tracheopteryx, raised an important point about the process: There is (almost) no action required from Yearn.<\/p>\n<p>Vaults are already permissionless, so the Pickle team could\u2019ve developed strategies on Yearn at any point. The additional tokens and gauges are all going to be implemented on Pickle\u2019s side \u2014 again, they could\u2019ve done it themselves earlier. <\/p>\n<p>I would still expect this to at least subtract some resources from Yearn for integration and auditing, but the holders did delegate major operational decisions to the core team in an earlier vote.<\/p>\n<p>The ease of the merger is a powerful testament to the composability and freedom of DeFi, perhaps the \u201cgood example\u201d when compared to SushiSwap\u2019s birth as a Uniswap parasite. But we should also be aware of the power dynamics of it all \u2014 I wouldn\u2019t want DeFi to look like my Crusader Kings games.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Further_developments_this_week\"><\/span>Further developments this week<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>Money on Chain launches TEX, a unique twist on the concept of a decentralized exchange inspired by gold markets.<\/li>\n<li>Mooniswap and 1inch pledged to launch the AMM protocol on NEAR to take advantage of its sharded blockchain.<\/li>\n<li>dHedge receives $1.1 million capital injection to power its \u201cdecentralized hedge fund.\u201d<\/li>\n<\/ul>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more News articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener noreferrer\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/finance-redefined-defi-gets-its-first-merger-after-a-devastating-hack-nov-18-25\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Finance Redefined: DeFi gets its first merger after a devastating hack, Nov. 18-25 &#8221; Finance Redefined is Cointelegraph&#8217;s weekly DeFi-centric newsletter, delivered to subscribers every Wednesday. On Saturday, we saw one of the most complex smart contract hacks so far affecting Pickle Finance, a yield optimization protocol very similar to Yearn \u2014 an important&#8230;<\/p>\n","protected":false},"author":1,"featured_media":120863,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2020-11\/693c14cc-8eeb-479f-a589-1c24ea3d4556.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,74882,4965],"class_list":["post-120862","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-hacks","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/120862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=120862"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/120862\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/120863"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=120862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=120862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=120862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}