Introduction

Yieldly is the first fully designed borderless interconnected DeFi platform developed on the Algorand network. Yieldly aims to empower upcoming users to easily acquire cryptocurrencies and exchange digital value, without friction, gas inefficiency or security risk.

Since its inception, Yieldly has gained widespread adoption within the Algorand system to become one of the most popular currencies among users. In fact, recent analysis has shown that Yieldly is one of the most widely used tokens in Algorand's DEX.

However, earlier this month, Yieldly announced a possible manipulation with one of its distribution pools that was allegedly being handled by a bot in order to acquire more rewards.

First of all, I have calculated the amount of transactions and the active users by type of action during the first week of March. The first image shows the number of daily transactions by each type of action. As seen, the amount of transactions started to increase suddenly during March 4th and 5th. In fact, from around 600 transactions on March 3rd, the number increased to more than 50k transactions on march 5th. During March 6th, the amount of transactions continued to be higher than usual but in March 7th, the numbers were normal again.

In terms of actions exectued, it is clear that all of them increased: staking, withdrawing as well as withdrawing all. However, the percentage of withdrawings increased during that days.

Finally, in terms of active users, it can be seen in the second chart how the number also started to increased on March 4th. In fact, the days when more users were active was the March 4th rather than 5th. In this case, if we divided the users by actions done, we can see how the major of them executed a "withdraw all" transactions. In this case, we can see how the behaviiour of the users changed during those days, passing from around 90% of the actions being staking to around 80% of them being withdrawals.

In the tweet above, the Yieldly team announced that they had done an analysis of the bug code and that it appeared that a bot had been using the timing parameters around bounty claiming to mess up the contract for one of the distribution pools, namely HDL Teal 5. As a result, the bot had been able to claim a disproportionate share of the HDL bounties.

So they concluded that this was not a security exploit, but rather a manipulation of the code to trick the smart contract.

In this analysis, we will find out who benefited from it analyzing wallets that demosntrate odd behavior during the exploit phase. We will investigate as well any pattern related to the user actions when did it.

Methodology

To be able to obtain suspicious wallets, we need to detect distinct wallets by using algoran.application_call_transaction on Flipside Crypto database, and try to see if any suspicious movements were detected during the exploit (March 4-5th). To detect the actions on HDL pool, we need to call for actions with app_id='596947890' and decoding the following string to get the action: try_base64_decode_string(tx_message:txn:apaa[0]::string).

In this analysis, I have selected users who did more than 10 transactions during these 2 days because of I think it is a high number of transactions.

Results

Finally, for this last part, I have taken into account those users who did more than 10 transactions over the march 4th and 5th days. In this case, it seems that users uses the pool staking and withdrawing a lot of times, taking part of the rewards each time they forces the staking. It can be seen as well that there were 2 wallets with oer 750 transactions, 3 others with around 200 transactions executed and the rest below 60 transactions.

Conclusions

In this dashboard, we have analyzed the Yieldly HDL Distribution Pool Exploit by some users (maybe robots), that tried to get more rewards as usual from the staking mechanism. From that point, it has been analyzed the number of transactions and active users during the week of the exploit, showing a huge increase in both metrics. As well, it has been analzed the activity of the users during that days and more withdrawals were done than usual. FInally, it has been detected possible users who use the sitiuation to acquire more rewards. A total of 10 users were found.