Back to Overview

yldr.com Security Audit

Summary

The most critical subjects covered in our audit are the bridging mechanism, the interactions with the external protocols, components such as oracles, and the accounting of the system. A critical issue was uncovered, regarding price manipulation by an attacker as well as some high-severity issues. A second critical issue was found in the second iteration which allowed a user to mint more shares than expected by the system. All issues have been addressed.

The general subjects covered are the functional correctness and the liveness of the system, the code complexity, the access control, the documentation, testing, and the gas efficiency. The functional correctness is high. Regarding liveness, we have detected many possible ways which can lead the system to block. A relevant issue has been acknowledged by the development team. However, funds of the protocol are not at risk as the admins are in full control of them. The complexity of the bridging mechanism is high. The documentation was limited especially at the beginning of the review as well as testing. As the system exchanges messages with other chains, interacting with it could be gas-consuming and the gas efficiency is overall improvable. The security, as far as access control is concerned, is high.

In summary, we find that the security of the system is satisfactory but there is room for improvement.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

About yldr.com

yldr.com implements a cross-chain yield aggregation system. Users can deposit assets on a master vault on the Ethereum network and then aggregate yield from different protocols in different chains.

ChainSecurity team exceeded our expectations!It's been a pleasure working with a team full of professionals. They didn't just look through the code but fully dive into the product. It felt like we'd been working together for years.I guess we've found a solid and reliable partner to have our contracts audited in the future
Ivan Roptanov, Product Manager @yldr.com