Single-line Software Bug Causes Fledgling YAM Cryptocurrency To Implode Just Two Days After Launch

A two-day-old decentralized cryptocurrency called YAM collapsed this week after its creators revealed that a software bug had effectively vetoed human governance. From a report: "At approximately 6PM UTC, on Wednesday, August 12, we discovered a bug in the YAM rebasing contract that would mint far more YAM than intended to sell to the Uniswap YAM/yCRV pool, sending a large amount of excess YAM to the protocol reserve," the YAM project explained in a post on Thursday. "Given YAM's governance module, this bug would render it impossible to reach quorum, meaning no governance action would be possible and funds in the treasury would be locked."

The bug followed from this line of code... totalSupply = initSupply.mul(yamsScalingFactor);
...which was supposed to beâ¦
totalSupply = initSupply.mul(yamsScalingFactor).div(BASE);

YAM, a decentralized finance experiment, implements a governance system (for making protocol changes) based on supposed smart contracts that allocates votes based on assets. [...] The code flaw locked up about $750,000 worth of Curve (yCRV) tokens in the YAM treasury, assets intended to serve as a reserve currency to support the value of YAM tokens.

Good Luck

[chill]

That's really not a way to instill confidence in investors. It is like your whole currency is just made up, and the exchange is a house of cards.

Re:

[sgage]

Sort of like a cryptocurrency.

Re:

[Tuidjy]

Yes, it WAS the cryptocurrency. YAM did it.

It rose against its oppressors! Do you think that the bug was accidental? No, YAM became self-aware, and refused human governance. It made sure no quorum can be achieved, and went to have a single malt with Skynet.

Re:

[XY0]

There is only one true cryptocurrency. That's Bitcoin (BTC). The rest of these copy-cats are like the reason why there are so many antivirus bloatwares.

Only the digitization of Gold matters!

[slashways]

Cryptocurrency: This word is nonsensical. A summary of the current situation:

*Bitcoin is the digitization of Gold.
*Cryptos outside Bitcoin are the digitization of Fool's Gold.

Another perspective: https://twitter.com/udiWerthei... [twitter.com]

Re:

[gosso920]

Somebody must have left out a decimal point. It's always some mundane detail...

Re:

[awwshit]

I fully intend to retire on the proceeds from selling my beanie babies. I mean cryptocurrency has nothing on garbage pail kids. I think there is a collector for everything. Someone owns the junkyard.

Re:

[sjames]

At least the junk yard has a lot of scrap metal that can be made into something useful.

Re:

[Required Snark]

Would you like to make an offer on my Garbage Pale Kids collection? Shipping is FREE!

The Garbage Pail Kids actually have a blockchain

[SkOink]

Not sure if you were joking or not, but it turns out that there actually is a release of GPK cards on the WAX blockchain. I guess people really will buy into anything.

See:
https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[PPH]

And you don't have the force of law behind you to make it a fiat currency.

Re:

[Anachronous Coward]

I REALLY LOVE FUCK , IF YOU LIKE IT TOO () Write me here and better call =>>> bit.do/fHkm4

Yet ANOTHER cryptocurrency? At least it's got a better name than YAM.

And..

[Ogive17]

And nothing of value was lost...

Re:

[phantomfive]

Apparently $750,000 worth of value was lost, according to the summary. I'd really like to hear how they managed anyone to buy their coin.

Re:

[gosso920]

Fools + Money = Soon Parted

Re:

[sjames]

One charcoal briquette is not $1,000,000 worth of charcoal just because some doofus pays $1,000,000 for it.

Re:

[phantomfive]

No, but the person who pays $1,000,000 just lost $999,999 or so.

Re:

[Opportunist]

Yes, but someone else gained about $999,999.

Re:

[BoogieChile]

Well, one certainly was. The others, maybe not so much.

Re:

[sjames]

Nah, some fool PAID a million, but it was never WORTH a million.

Re:

[Junta]

That is true, but also a fun illustration of the flaw of extrapolating last trade price of a company to a market cap presuming the value of all the stock that sits still.

Re:

[nashv]

Do you really not understand how currency works or are you just being facetious?

Re:

[ludux]

This shit isn't currency.

Re:

[ArchieBunker]

All the coin exchanges would like a word with you.

Re:

[Fly Swatter]

Those aren't coins, they are numbers held in a database. And what the database number exchanges really want is for you to not notice how corrupt most of them are.

The value of a bank is that they hold your money for you and in return get to use it.

The value of a coin exchange is????

Re:

[Oligonicella]

Once you've given the money to the bank, at some point, it'll just become numbers in a database.

It's that "once you've given" portion that invalidates your "just numbers". With a virtual 'coin', there's no up front value basing your numbers.

Re:

[nashv]

Why do you think the piece of paper in your pocket has any intrinsic value at all ?

You probably don't know this, but a bank note is only a "legal tender". It's worth is only that which is guaranteed by the bank that issued it. The fact that you physically hold piece of paper means nothing, because the value is because the bank that issued it says they will treat it as if it has a certain value. No one else needs to respect it, and the moment that bank changes its value, its changed.

This is exactly the sam

Re:And..

[Opportunist]

I don't know how to tell you, but the money you have in a bank is a number held in a database.

Re:

[LutzUwe]

Actually banks are not that much better. For every dollar you give them they are allowed to lend someone else 10. That is also made up money that has no real world equivalent. Just numbers in a database. They will make profit of it anyways because they can give it away and earn interest. So money out of thin air than produces more money. The whole system is fucked up beyond repair.

Early tweaks

[jwymanm]

I wish they wouldn't be using real money for this at first but I'm in before all the anti cryptocurrency tech comments. This is actually great tech and you are seeing the beginning of the end of centralized corporate and government control of man. We will all eventually be using decentralized technology hopefully for voting, logging, science studies/results, and so on. It's going to be a major tool in the arsenal of common man to fight those in power. I wish more people here would realize that it's worth more than these starter baby projects. There is a huge benefit to free society this is going to bring and I can't wait for it to be developed to where it is completely stable and reliable. Down with censorship.

Re:

[Fly Swatter]

This is actually great tech

I long for the days whereby for someone to steal your money they either had to confront you in person, break into your house, or rob your bank.

Now they just need to confuse a line of code from anywhere in the world.

Re:

[mysidia]

Now they just need to confuse a line of code from anywhere in the world.

Its not just any line of code though... for an erroneous line of code to mean anything it has to be a line of code accepted by the system.

The thing to do then is to impose a high requirement on getting each line of code adopted... I mean there is a Computer Science concept that can help with the reliability, and that would be the use of a Proof of Correctness.. so maybe design the system so the actual proof has to be included as

Re:

[pjt33]

So you write a formal specification as well as your program and now you've got three times as much code to debug and it's in at least two different languages... Proofs of correctness are not completely pointless, but they're a long way short of being a panacea.

Re: Early tweaks

[TuballoyThunder]

Wow the optimism is strong with this one.

Re:

[BladeMelbourne]

You say optimism, I say naivety.

Re: Early tweaks

[khchung]

Wow the optimism is strong with this one.

Give it another 5-10 years, when there are enough young adults who hadn't lived through the last crash entered the market, we will see another huge tulip-style bubble, possibly with the baseless cryptocurrencies, or possibly something else. We can say "I told you so" (again) after it crash.

Re:Early tweaks

[SirSlud]

Wait until you hit your 20s, you start to see the big picture.

Re:Early tweaks

[Viol8]

Indeed. When you get older its amusing to see the same old cut and paste no state/corp control anarchist rubbish getting trotted out knowing that once the person spouting it gets a job and has to pay his own way in the world instead of being parent funded, how quickly his (its usually a he) attitude will change.

Re:

[geekmux]

Indeed. When you get older its amusing to see the same old cut and paste no state/corp control anarchist rubbish getting trotted out knowing that once the person spouting it gets a job and has to pay his own way in the world instead of being parent funded, how quickly his (its usually a he) attitude will change.

Kind of makes you wonder why the hell we allow teenagers to vote, doesn't it?

A minimum voting age of 21 would probably be a vast improvement, just as it is when adults tend to ignore the silly shit spewing out of children's mouths.

Re:

[Viol8]

Agreed. 18 is way too young though for some odd reason it always seems to be socialist parties who want the age lowered.

Re:

[geekmux]

Agreed. 18 is way too young though for some odd reason it always seems to be socialist parties who want the age lowered.

Certain groups also support every non-citizen to hold voting rights as well. Children voting is only part of the problem.

Re:

[dfghjk]

Citation please. There is no "children voting" so it cannot be "part of the problem", as though you understand "the problem".

Increasingly it seems you are just an asshole.

Re:

[geekmux]

Citation please. There is no "children voting" so it cannot be "part of the problem", as though you understand "the problem".

Increasingly it seems you are just an asshole.

Damn, you are literal. And ignorant. Go ahead. Stand next to a group of at least a dozen 18-year olds. For at least two hours of casual conversation. Then tell me how you feel really good about giving them the Right to vote, as if CHAZ/CHOP wasn't evidence enough.

Increasingly, America is getting worse. And it's because of ignorance that refuses to even acknowledge obvious problems.

Re:

[Pascoea]

Name a controversial topic, I guarantee I could find a "certain group" to support both sides of it, even down to things like pedophilia. There is absolutely no majority (or anything close to a majority) within either political party that supports non-citizens voting.

Re:

[dfghjk]

"Kind of makes you wonder why the hell we allow teenagers to vote, doesn't it?"

No, it doesn't. We don't require voters of other ages to make informed decisions and, by and large, they do not. Also, what is this "we allow" bullshit? Is freedom and representation only reserved for you and your buddies?

Re:

[Headw1nd]

I disagree, it's not "getting a job" and "paying your own way" that changes your perspective. It's seeing that humanity lives in constant peril of itself, and that while it's true that government exists primarily to constrain man's true nature, that nature is nothing you would ever want to release.

Re:

[phantomfive]

I like and support your idea, but it seems like things become more centralized. We have potential to have any number of different search engines, but we have one. For a while, there were plenty of different social networks, but now there is one (unless you count Instagram?). Why? I have no idea.

Re:

[Viol8]

"Why? I have no idea."

Probably because you're still to young to have a good grasp of human nature.

Re:

[lessSockMorePuppet]

Buddy, most of us here are in our 40s and 50s, if not older, particularly the older registrations.

Re:

[phantomfive]

I'm glad you explained it to me.

Re:

[angel'o'sphere]

There are still plenty of search engines.

And also plenty of "social networks", XING, Linked-In etc.

In Asia messenger apps like Line and WeChat are close to social networks.

This TikTok thing Trump wants to kill is a social network, too.

Instagram originally was a photo sharing site, like Pinterest - but the later one is transforming into a "photo social network", too.

I guess if you dig around you find plenty of each (search engines and social networks).

Re:

[vux984]

"Down with censorship."

Have you not read the code of conduct to participate, and signed it with your private keys?

Meanwhile, back in the real world...

[Viol8]

... human societies since the dawn of our species have been centrally governed whether its a small tribe or a large state. Like it or not anarchistic societies fail spectacularly because inevitably 1 or more people take control either by persuation, coercion or plain old fashion force.

Re:

[Oligonicella]

hopefully for voting

Uh, piss the hell off with that one, Sparky.

Re:

[JustAnotherOldGuy]

There is a huge benefit to free society this is going to bring and I can't wait for it to be developed to where it is completely stable and reliable.

I'd like some of whatever you're taking, but in a smaller dose.

The bug is not in that line.

[140Mandak262Jamuna]

The bug is in the process. Bug in test cases, unit testing, use case coverage, that is the bug, not in one line of code or in one library or a module.

Re:The bug is not in that line.

[bmimatt]

The bug is on stack overflow of wherever else the kid who 'wrote it' copied it from.

Re:The bug is not in that line.

[phantomfive]

For this bug, it means the developer didn't even test it once in his developer environment.

Re:

[awwshit]

I was thinking the same thing. Not even tested. Great stuff.

Re:

[infolation]

It's 2020. Developers test their software using users, and the wide world is their developer environment.

Given enough eyeballs, all bugs are shallow!

Re:

[thegarbz]

What part of Agile did you not understand!

Re:

[Calydor]

The part where you use an exclamation mark to denote a question?

Re:

[thegarbz]

Don't ask questions, that's not the Agile way. Just ship!

Re:

[angel'o'sphere]

What has "agile" to do with this topic?

Another "agile hater" spreading his venom?

Re:

[dfghjk]

Another "agile lover" demonizing those who don't agree?

Re:

[angel'o'sphere]

He does not disagree, he is spreading idiotic myths.
That is a difference.

As you instantly attack me instead of telling your "opinion" - I assume you are an "agile hater", too.

Re:

[thegarbz]

What has "agile" to do with this topic?

Another "agile hater" spreading his venom?

Wow sensitive much? Just laugh and move on with your life.

I don't actually hate Agile, I just poke fun at the latst programming fad that seems to be forever more pushing unfinished garbage out the door. I'd make a more convincing rebuttal to your post, but I figure I'll take the Agile approach and consider this post a minimum viale product.

We can correct speling mistakes with a patch later.

Re:

[thegarbz]

Sorry I was insensitive. I forgot you were German when I asked you to laugh. ;-)

Re:

[angel'o'sphere]

There is no agile method in existence where the aim is not to deliver bug free software and testing -or- verification is _not_ a cornerstone of development

Your claims are just nonsense, and I guess you know it.
If You can not develop properly in an agile environment then either the environment is only "pseudo agile", or You simply have not the "programming expertise" you think you have.

Re:

[thegarbz]

Oh my god, you still don't get it was a joke... I know people say Germans don't have a sense of humour but man you seem to be turning that up to 11.

psst. It's okay. You can giggle a bit. Just try it once in a while when none of us are looking.

Why is this news?

[ludux]

There's thousands of these shit coins, why is this one news?

Re:

[NateFromMich]

There's thousands of these shit coins, why is this one news?

There's a different one in the news every so often. In this case, it stole everyone's money a lot quicker than usual.

Re:

[Opportunist]

Because this time the scam unraveled in record time.

is it a software bug...

[Don Bright]

.... or is it a quality control bug that the software bug was missed before deployment

Re:

[shentino]

It's a bug in human psychology.

YAM = LIC

[Dan East]

Whatever YAM is invokes my LIC (Like I Care).

Re:

[NoNonAlphaCharsHere]

Great! Now you've ASSIGNED YAM to be LIC. Now we have TWO bugs. Whatever you do, DON'T dereference YAM now, god knows what would happen.

Re:

[Opportunist]

So, if you delete YAM, it means that LIC becomes invalid as well.

Like I care....

YAM collapses to almost 0 after bug found

[grep -v '.*' *]

So BUY NOW before they roll out the bug fix -- it'll take HOURS if not DAYS, so BUY NOW! HURRY!!

Tell everyone you know! Don't think, Don't Blink [wikipedia.org], just buy right now and immediately email your friends before the price skyrockets! Tomorrow it'll be too late!!!

Gee, just like when we first started getting viruses and rumors in email, "helpful people" would tell their friends about "a virus" or "important news" by emailing everyone in the world. Needless-to-say, it was a proxy virus to funnily (Nelson:

fuddy-duddy weighs in

[Anonymous Coward]

I know I'm not hip with the new flavor of the month. But who in their right mind designed a language where, when you want to write the mathematical expression

initSupply * yamsScalingFactor / BASE

you would write

initSupply.mul(yamsScalingFactor).div(BASE)

where, seemingly even simple numbers are objects? What sort of lunacy is that? How is the second expression anywhere NEAR as readable as the first (which is valid in any of a large number of languages)? How is it anywhere NEAR as maintainable as the first? How is it anywhere NEAR as natural an expression?

The answer: it isn't, and the real bug in YAM was the choice of implementation language.

When you have something as important as a currency or where reliability is critical, where you don't get a second chance, you need people outside a small cadre of developers to validate your code. If you aren't doing that, well, you're not serious. And if you aren't using code that is easily understood by non-specialists and therefore possible to be validated by outsiders, you've made that character flaw, the bit about not being serious and making poor choices, obvious.

Programming, when you've got a serious project and not a toy one, is not about using the newest, shiniest tools. It is not about using the libraries all the cool kids are using. It is not about exercising every whiz-bang feature of a language. It's about writing code that is clear, concise, and will be immediately understood by the next person, even if the next person is just your future self six months from now. Apollo 11 was launched, sent to the Moon, landed, launched from the Moon's surface and returned to Earth in 40,000 lines of code that are readily understandable today. I dare you to do better.

Re:

[Fly Swatter]

So are the other two operators .plu() and .min()? or .add() and .sub()

With only a backing in C from years ago, I didn't even realize mul and div were operators while reading the summary and assumed they were either array columns, functions, or an inherited sub function of some sort.
But then I remember that I didn't want any part of newer languages when I met java and to some extent c++.

Re:

[NoNonAlphaCharsHere]

Yikes.

Talk about opening a 55-gallon drum of worms. More like the Grrand Canyon of worms.

Language purists who have no real-world experience are always whining about whether or not a programming language has "operator overloading" or not. (Cut to the chase: C++ has it, Java doesn't (except for String, built into the language, and I'm not going there...)).
The question is whether I, as a random language user, get to define

class BigNum;

and whether I get to say

BigNum A, B, C; // (where I define

Re:

[MadKeithV]

Ah man, just go all out and overload the comma operator.

Re:

[Ambassador Kosh]

Operator overloading is great for implementing math and simulations. Things like Eigen are far easier to use because of operator overloading. I do agree with you that operating overloading for employee there is some kind of abomination. I also thing that operating overloading with math leads to fewer errors because the equation you write in looks much closer to how you would write the equation by hand.

Re:

[ArchieBunker]

I still don't understand why whitespace code like Python exists.

Re:

[pjt33]

But who in their right mind designed a language where, when you want to write the mathematical expression

initSupply * yamsScalingFactor / BASE

you would write

initSupply.mul(yamsScalingFactor).div(BASE)

where, seemingly even simple numbers are objects?

Simple numbers? I bet it's a BigInteger (can't be a BigDecimal because then they wouldn't be using fixpoint), and would not be at all surprised if it's Java.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Areyoukiddingme]

Simple numbers? I bet it's a BigInteger (can't be a BigDecimal because then they wouldn't be using fixpoint), and would not be at all surprised if it's Java.

You would be shocked and appalled how many people use floating point in financial situations like this one, without the least clue why they shouldn't.

OOPS!

[zephvark]

I'm going to go with, "perhaps they should have used actual equations instead of burying everything so deeply in OOPsy paradigms that it looks worse than COBOL."

Dijkstra was a mean critic who couldn't create a decent computer language himself but, I'd really love his take on "Object-Oriented Programming Considered Harmful", much as I'd enjoy Hunter Thompson's foaming at the mouth about Trump, who makes Nixon look suave and sophisticated.

Let's not all roll around on the floor and speak in tongues while handling snakes, now. Who wants to be first? Raise your hand. No, middle finger or raised fist with two thumbs.

Looks like these amateurs will not be getting rich

[gweihir]

Because trying to get rich quick is the only reason fro yet another crapcoin.

Stick a fork in it...

[SeaFox]

the YAM is done.

In a statement YAM said...

[Viol8]

... blah blah rebasing blah pool blah blah bullshit waffle blah blah quorom blah.

Sounds like a bunch of kids who think they're smarter than they really are and who didn't bother to test their code (because they're so smart, right?), bigging themselves up with crypto-gibberish in order to try (and fail) to still appear professional.

Zero Testing = Zero Money

[Draconi]

totalSupply = initSupply.mul(yamsScalingFactor);

vs.

totalSupply = initSupply.mul(yamsScalingFactor).div(BASE);

How did they not deploy this on a testchain first? It would have been obvious from the first second it was wrong!

I YAM what I YAINT

[Residentcur]

That currency should be banned if for no other reason than the alphabet stew contained in that post.