v4-patch Governance upgrades Proposed changes: https://git.tornado.ws/AlienTornadosaurusHex/tornado-governance/src/branch/main/contracts/v4-patch/GovernancePatchUpgrade.sol function execute(uint256 proposalId) function _propose( address proposer, address target,

Summary Eleven.finance, a yield aggregator on Binance Smart Chain (BSC) and Polygon (MATIC) was exploited for a total of est. $4,5M worth in user-deposited assets. Root cause was a function called emergencyBurn() in the intermediary vault used to track anySwap / Nerve-bridged assets nrvBTC, nrvETH and nrvFUSDT in the Eleven "MasterMind" farming contract. The attacker first took a Flashloan of each asset's underlying token balance in the "MasterMind" contract (Binance-pegged BTC, ETH and USDT) to convert these into nrvBTC, nrvETH and nrvFUSDT respectively. Nerve 3Pool and PancakeSwap BUSD - NRV liquidity provider positions were also affected. A vulnerable function emergencyBurn() in the intermediate vault contract allowed the attacker to withdraw the deposited balance without having the withdrawal being accounted for internally.

List of EOA involved Fake Token Deployer 0x30e346181de2809ef8286d2e49c65afb8a3b065d Yearn: Deployer 0x2D407dDb06311396fE14D4b49da5F0471447d45C List of fake Tokens

TL,DR; About Moving fast People have for decades been indoctrinated by agile development evangelists to move fast, fail quickly and go for minimum viable products. These ideas don’t seem to fit the bill when building in a hostile environment. Failing quickly in DeFi comes at the expense of 10s or 100s of million dollar equivalents. We may not simply need another methodology. We need a paradigm shift allowing for rapid iteration while reducing the likelihood of getting rekt at the same time. Let’s eliminate the idea that a proper audit is somehow a guarantee for safety. It is — most of the time — a snapshot of checklist-style security measures applied to moving targets that have often long evolved into something else shortly after a project hits mainnet. Expect the greatest teams in the future of finance to well be those capable of handling the trade-offs between shipping fast and shipping safely, continuously auditing and rigorously testing their composable money robots like they live and breathe it.