Summary
The most critical subjects covered in our audit are access control and functional correctness. All raised issues have been addressed accordingly. The most critical issue found in the assessment was related to incorrectly counted votes in InclusionVote (see Blank Votes Not Counted).
In summary, we find that the codebase now provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yETH Governance
Yearn implements an on-chain governance system for yETH and the new contracts. They allow st-yETH holders to vote for generic proposals and Pool parameter changes.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”