[SlowMist: Yearn attacked due to mathematical calculation vulnerability in yETH stablecoin pool contract] The SlowMist security team monitored and analyzed the decentralized finance protocol Yearn being attacked by hackers on December 1, resulting in a loss of approximately $9 million. The root cause lies in the unsafe mathematical operations within the _calc_supply function logic of the Yearn yETH weighted stablecoin swap pool contract, leading to overflow and rounding errors during supply calculations. The attacker exploited this flaw to manipulate liquidity to specific values and excessively mint liquidity pool (LP) tokens for illegal profits. SlowMist recommends strengthening boundary scenario testing and adopting securely verified arithmetic mechanisms to prevent similar vulnerabilities.