Today I am going to take a look at the first version of the Yam protocol, which, due to some nasty software bugs, managed to have a meteoric rise and fall over a span of just a couple of days. It’s sometimes important to take a look at the failures in the crypto space, as much as the successes, to help remember that risk factors involved, plus they make for some good stories.

Please note I am on vacation the week of August 8–13 and no articles will be coming out that week.

For the usual disclosure, I am not a financial advisor, I don’t even work in finance at all. My day job is as a telecommunications software engineer. Treat everything you read here as some educational resources and not financial advice.

The Yam Protocol

As a note, this article is focused just one the first version of the protocol, and does not explore the newer V2 token or any of the existing offerings. I will likely explore the new version in a later article. The Yam protocol was first conceived as an experiment in digital money, and combined a number of interesting features from different existing currencies and protocols.

I’m also not providing as many links within the article as I normally would, despite the project being resurrected, as a rule when I explore a “dead” project, I don’t provide links as I don’t want to send the wrong message or provide additional traffic to their sites.

It utilized an elastic supply mechanism to maintain it’s peg, much like how Ampleforth does. I won’t get too deep into this mechanic here, if you’re interested in learning more, I recommend my article linked there, but basically this means that the total supply of the token, plus each holders balance, can change on a daily basis due to a rebase mechanism.

If the price is above the target price, the rebase will increase the supply, and each holder’s balance is adjusted upwards proportionally, which should in theory drive the price back down towards it’s peg by leveraging supply/demand and market players. Likewise, if the price is down, the supply should contract, and drive the price back up by restricting the available supply to be sold.

The Yam protocol also employed on-chain governance mechanics as well as a treasury that was to be controlled by the community by the governance. It was basically a lightweight Decentralized Autonomous Organization (DAO), with the community needing to have quorum for any changes to be made.

The protocol also approached things in a fair launch, so there was no allocation made to the founders or development team, and all the tokens were handed out through liquidity mining pools. All of this sounds very good, but due to a couple of major software defects in some of the most critical functionality, it all resulted in the protocol essentially being doomed before it launched.

It’s important to note that the protocol did not go through any formal audits, which was not a big secret. The developers very clearly stated on the website that they did their best to be bug free, but no audits were done, and that the risks were higher than normal. While not an immediate deal breaker, any project of this size should probably have a good audit done of their code, especially when it comes down to governance and the ability to fix problems that may come up in the future.

The Timeline

I think the best way to see how this all unfolded is to walk through the timeline of events directly. It occurred over just two days, so it’s a pretty brisk walk through what all went on.

On 11 August 2020, the Yam protocol was launched after only 10 days of development, which is pretty quick. They forked a lot of their code from existing projects, so they did start with a leg up in that regards, but 10 days for an extensive protocol is a bit on the fast side.

As a developer that knows Solidity, with all the advanced features that were being tied together into this one, that is a bit of a red flag, especially combined with the lack of an audit, but the developers were very open about this, they positioned it as an experiment, so really, no fault can fall on the developers for any issues. People need to understand the risks of what they are putting their money when it comes to Decentralized Finance (DeFi).

The initial supply of the Yam token was distributed over a number of staking pools, in order to incentivize people to lock up their tokens on the protocol. These were all pretty standard single asset pools, but also included a pool for people to stake their ETH/AMPL Uniswap V2 tokens as well.

Once launched, money started rolling in, and the community got about doing their own audit of the smart contracts that managed the protocol. Nobody found any bugs within the main staking contracts, and the Total Locked Value (TLV) of the protocol hit over $170 million dollars in the first six hours.

After the initial launch, a Uniswap pool was created to pair YAM with YCRV for the rebase operation to exchange the YAM that was generated for the treasury into YCRV as well as leverage the Uniswap price oracle to get the data for the rebase operation itself.

12 August rolled around and they hype was still rolling, and the price of the YAM token managed to get as high as $160, with some exchanges showing as high as $200. The locked value kept rising and managed to break the $500 million dollar mark. Now, it’s important to note here, everything so far has happened before the first rebase operation for the protocol has kicked in.

At this point, the first critical bug was identified. This one was in the rebase operation, and would affect all except the first rebase operation. This bug would cause the number of YAM tokens to be minted for the treasury to be way too high. These tokens would then be sold to the liquidity pool, and not be owned by a given person.

This would be a real problem, and not just because of the effects it would have on the supply and potential price impacts, but also on the governance aspect of the protocol. This influx of tokens would actually make it impossible for the community to generate enough votes on a proposal to achieve the necessary quorum to enact any changes. It would also mean all of the funds that would be owned by the treasury, would be basically burned and inaccessible, as it requires a governance vote to release.

A proposal was quickly drafted to make changes to the rebase mechanism and save the protocol, but there was a very short window to be able to do it, as it had to go into effect before the second rebase operation fired and made it impossible to pull off.

The community mobilized and votes for the proposal started rolling in. As a precaution, providers of the YAM-YCRV pool also pulled their liquidity to avoid the impermanent loss of having their YCRV turned into YAM, if the plan failed and the token price crashed.

Now we get to 13 August 2020, just one hour before the second rebase operation would be firing, and the required number of votes was hit. The corks were popped, champagne was had, and the day was saved. Queue the record scratch sound, because it was at this point a second critical bug was found.

This bug was in the governance mechanism that made it so no proposals could be executed at all, so all the efforts of the community was in vain, the second rebase fired off, and the protocol became essentially unmanageable from a perfect storm of defects.

This of course crashed the price of Yam, and that second rebase wrecked the liquidity providers that had not pulled out from the pool before the crash. People that were just holding their funds in the regular staking contracts could still pull out their funds of course, but their gains from the Yam token itself were wiped out in a matter of minutes.

The team behind Yam has since launched a second version of the protocol, this time having their code audited and by all accounts, it’s a much better one, but exploring that is for another article, so stay tuned.


As we can see from this case study, it’s very easy for even a well intentioned development team to inadvertently cause major problems. Nobody got rug pulled, the developers didn’t run off with sacks with dollar signs written on them, it was in no way a scam, but it still managed to fall under it’s own weight. It also could have been a lot worse for a lot more users if nobody had discovered these bugs, or if people hadn’t had the opportunity to withdraw their liquidity.

Crypto is a risky space, it’s still a baby in the grand scheme of the financial and technology sectors, and mistakes are going to happen. You always need to research projects you want to put any of your hard earned dollars into, and you need to diversify to ensure your risks are as mitigated as possible. There is money to be made and lost, and which side of that line you fall on comes down to the amount of effort you put in to make sure you’re putting your money into relatively smart and safe places.

Socials And Other Links

Find me on social media on Twitter, Facebook, Instagram, Telegram and noise.cash.

If you enjoyed this content, you can check me out every weekday. My posts start at my website, but you can also find them cross posted at Publish0x, LeoFinancial, Hive, and read.cash.

You can also sign up for my newsletter which I send out every Friday with news and whatnot from the crypto space, delivered right to your inbox!

You can also find links to resources such as research and news sites over at this link.

Want some more content right now? Check out some of my previous posts:

Next Level Swaps: SwapSpaceExplained

Uniswap V3
Polygon Commit Chain
Why Is DeFi Expensive

A few referral links, in case you are interested in the service, and it also helps me out.

Binance — large centralized exchange — referral link saves you 10% on trading fees
Coinbase — basic crypto exchange — referral link gets you bonus crypto on first deposit
Cointiply — very good crypto faucet and earning site — no bonus for you on this referral unfortunately

Originally Posed On My Website: https://ninjawingnut.xyz/2021/08/03/yam/



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store