Summary
The most critical subjects covered in our audit are rewards accumulation, the minting and redeeming of Gauge tokens, the calculation of the YFI discounted price and, the precision of the calculations and the access control. The security of all aforementioned subjects is high as only low to medium severity issues were uncovered. All the issues have been resolved in the second iteration of the codebase.
The general subjects covered are upgradeability, documentation, testing. The documentation provided to us was limited. The security regarding the rest of subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn – oYfi
Yearn implements an incentive mechanism for users to hold the yvTokens. In particular, users can stake these tokens and mint Gauge tokens (ygTokens). With these tokens users can claim Option-Yfi (oYFI) which allows them to buy YFI tokens on discount.
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”