Yearn.Finance Security Review, July 2022

Yearn.Finance Security Review, July 2022

Yearn Finance is a DeFi protocol that offers yield generation and lending aggregation. It’s one of the most successful pioneers of DeFI with a unique mission of automating crypto investment to achieve the highest APY. Yearn is multi-chain and currently supports Ethereum, Fantom, and Arbitrum. YFI holders govern Yearn’s protocol. 

YFI characteristics, according to CoinGecko

Price (2 August 2022): $11,732

All-time high: $90,786

Market cap: $368.8M

Circulating supply: 31,581

Total supply: 36,666

Yearn is traded on all major exchanges, including

  • Binance
  • Coinbase Exchange
  • Kraken
  • Crypto.com Exchange
  • FTX

There are close to 150 pairs with Yearn on dozens of popular crypto exchanges.

Competitive advantages

The most important competitive advantages of Yearn Finance are robust community and focus on decentralization. Everything revolves around YFI holders. Almost everything is available to the public. Anyone can make a proposal and gather 50%+1 votes to enact it in the code. Yearn smart contracts run on Balancer and Curve. Thus, YFI holders can receive a yield on their locked funds from fees earned by Yearn services. On top of that, the YFI is much lower than other cryptocurrencies with similar market capitalization, which is often viewed as a strength.

Risks

Despite all its important merits, Yearn Finance is a high-risk investment with high volatility. YFI traded for more than $80k at some point, and now the price is $5K. Although it’s backed by Yearn.Finance core products, YFI price mainly depends on community trust and hype. According to Yearn, they have “No papers of incorporation, no headquarters, nor even a list of names and locations for its contributors.” With no barriers to entry, this is indeed a radical experiment in decentralization. While anonymity is much-valued in crypto, trustless DeFi creates the risk of rug pulls and scam extortion.

Security analysis

According to CER.live, there are four basic security standards to be followed by crypto projects: token audit, platform audit, bug bounty, and insurance. 

Yearn Finance essential security characteristics:

  • Token audit (No)
  • Platform audit (Yes, CryptoManiacs, TrailofBits, MixBytes, Quantstamp, CertiK)
  • Bug bounty (Yes, Immunefi)
  • Insurance (Yes, Nexus)

Audit coverage: 100%, meaning that an auditor has assessed all related systems in terms of security. Notably, Yearn underwent security audits by five different companies in the past two years. Most vulnerabilities were low and medium in severity, and Yearn Governance addressed them. Yearn finance has an active bug bounty from Immunefi but received 6 of 10 because rewards for critical findings do not exceed $500k. Since its launch, Yearn Finance has been hacked for $11m. Yearn Finance holds 85th spot in the DeFi category and 203rd place among all 1,500 cryptocurrencies analyzed by CER.live.

More articles