yearn.finance(YFI) Smart Contract Audit

 Project Background

Website Details

  • Yearn is a decentralized suite of products helping individuals, DAOs, and other protocols earn yield on their digital assets.
  • Yearn is a decentralized finance (DeFi) platform offering various yield-generating products for individuals, DAOs, and protocols. Users can stake, invest, and earn yields on their digital assets. Key features include Vaults V2 for token deposits, veYFI for governance participation, yCRV for optimal CRV yields, yETH for liquid staking yield, and yPrisma for additional yield opportunities.

Website: yearn.fi

Code Details

This Solidity code defines an ERC20 token that is mintable and burnable via a bridge contract, specifically designed to work with the Optimism Layer 2 solution. Here’s an overview of the key components and functionalities:

Core Contract:

  • Semver: Handles semantic versioning with `MAJOR_VERSION`, `MINOR_VERSION`, and `PATCH_VERSION`.
  • ERC20:
        • Implements the standard ERC20 functionality with additional internal functions to handle minting, burning, allowances, and token transfers.
        • Functions include `name`, `symbol`, `decimals`, `totalSupply`, `balanceOf`, `transfer`, `allowance`, `approve`, `transferFrom`, `increaseAllowance`, `decreaseAllowance`, `_transfer`, `_mint`, `_burn`, `_approve`, `_spendAllowance`, `_beforeTokenTransfer`, and `_afterTokenTransfer`.
  • OptimismMintableERC20:
      • Extends `ERC20` and `Semver` to create a mintable and burnable token for use with the Optimism bridge.
      • The constructor takes parameters for the bridge address, remote token address, token name, and symbol.
      • The `mint` and `burn` functions can only be called by the bridge contract.
      • Implements `supportsInterface` for interface detection.
  • This structure ensures that the token adheres to the ERC20 standard while adding the necessary functionalities for integration with the Optimism Layer 2 solution, specifically for minting and burning tokens via a designated bridge contract.

Audit Summary

  • We observed  2 Informational issues in the smart contracts. but those are not critical.
  • The security state of the reviewed smart contract, based on standard audit procedure scope, is “Secured”.

Executive Audit Summary

  • According to the standard audit assessment, the Customer`s solidity smart contracts are “Secured”. This token contract does not have any ownership control, hence it is 100% decentralized.
  • We used various tools like Slither, Solhint and Remix IDE. At the same time this finding is based on critical analysis of the manual audit.

Audit Report in PDF


pdf

Audit Report Flip book

Please wait while flipbook is loading. For more related info, FAQs and issues please refer to DearFlip WordPress Flipbook Plugin Help documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *

four + 8 =