Certik — Yearnlab Final Audit and Security Report

Yearnlab is a second-generation yield farming protocol. Create your own token and staking pools.

Dear Community,

We understand that security is the main priority and most important concern in the DeFi industry. We do not want to put user’s funds at risk. Team Yearnlab have successfully stopped and corrected the issue before it made a big impact on the investors. Yearnlab bore all the costs of the unfortunate event.

Codebase

https://github.com/Yearn-Lab/Yearnlab-Contract/blob/main/YearnlabToken

https://bscscan.com/address/0xfb585322fbd121ce20b857e2ccd85a43ad496573#code

We have then moved to evaluate audit report, with some refactors to fix the issue. However, to ensure the new contract is safe for users. We have decided to proceed to an audit with Certik — the most popular and renowned Audit agency and we have already received a preliminary report.

As you can see in the attached file, there are no critical issues with the contract, but only a major vulnerability, a few minor redundant codes, and informational issues that won’t have any impact on the contract.

transferOwnership()
As our token utility is staking pools, having multiple staking pools we have to change ownership of main contract which has nothing to do with centralization risk.

Concerning the major vulnerability, we have implemented a system of governance for the $YLB token contract and Treasury contract which requires the owner to make a proposal in order to be able to change the most important components which has the right of $YLB community Yearnlab Governance: https://yearnlab.com/governance

$YLB token-holders can delegate their voting rights to themselves or an address of their choice. $YLB holders’ votes will count proportionately to their $YLB balance.

CertiK conducts its audits with the rigor of Formal Verification, which stands at the apex of source code validation. Rather than merely checking for bugs and vulnerabilities, Formal Verification leverages rigorous mathematical theorems to check whether the source code of a program meets its specification, computing all possible scenarios and proving that it is impossible for certain checked vulnerabilities to exist. CertiK has conducted audit reports for $YLB, and the report confirms that it has passed the audit requirements with over a 98% rating.

Malicious hackers have plagued the blockchain space and stifled the growth of many promising projects. By conducting Formal Verification audits on projects like Yearnlab, CertiK aims to guard against some of the most frequent and critical vulnerabilities that have been the source of these attacks. Together, both organizations envision a safer blockchain ecosystem with higher security standards that would prevent against many of the hacks of the past.

For detailed audit report please refer to audit page:

https://www.certik.com/projects/yearnlab#audit

About Yearnlab:

Yearnlab is a cross-chain protocol. Unlike its counter parts, Yearnlab’s aims to bring the most updated service of DeFi to its users. A smooth a reliable trading between heterogeneous and homogeneous blockchains is the top priority of Yearnlab.

Social Links:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store