The most critical subjects covered in our audit are security, functional correctness and the proper accounting of the assets and shares. During the review, no critical or highly severe issues were uncovered. Two medium severity correctness issues have been found which have been resolved after the intermediate report.

The general subjects covered are adherence to the implemented standards, code complexity and gas efficiency. In summary, we find that the codebase provides a good level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

Yearn implements VaultsV3, an unopinionated ERC-4626 compliant system designed to distribute depositor funds into various strategies and manage accounting robustly. Depositors receive ERC-20 compliant shares that can be redeemed at any time.

Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”

Source: https://docs.yearn.finance/resources/defi-glossary