Yearn Finance · DeFi Risk

DeploymentsEthereum · $128.3M

Risk profile at a glance

0 red · 5 yellow · 7 green

Categories & evidence

184 factors · 13 categories

Code & audits Yellow 25 25 of 25

RD-F-009 red Formal verification coverage No evidence of Certora, Kani, Halmos, or equivalent formal verification specifications in yearn-vaults-v3 or yearn-vaults-v2 repositories. Audits are traditional code reviews. No FV coverage declared in Yearn docs or audit reports. Zero formal verification coverage. RD-F-001 yellow Audit scope mismatch Three V3-core audits confirmed (ChainSecurity v3.0.0, Statemind v3.0.0, yAcademy v3.0.1) and two V2 audits (Trail of Bits v0.4.2, MixBytes v0.2.1). V3 canonical impl 0xd8063123BBA3B480569244AE66BFE72B6c84b00d is Etherscan-verified as Vyper 0.3.7 Exact Match. Specific commit SHAs inside audit PDFs are not publicly accessible without PDF internals — SHA-to-deployed-bytecode match is partially inferred from version labels, not confirmed SHA-by-SHA. V2 vaults show version-increment drift across API versions (0.2.8 to 0.3.3) between audit and deploy. Partial traceability. RD-F-002 yellow Audit recency Most recent V3 audit: yAcademy (yAudit) covering v3.0.1, directory-dated 2024-06-01. Days from 2024-06-01 to 2026-05-16 is approximately 716 days, placing it within the yellow band (366–730 days) by approximately 14 days. V2 most recent audit: MixBytes multi-strategy audits through 2023-10. RD-F-003 yellow Resolved-without-proof findings ChainSecurity V3 audit states two medium severity correctness issues were found and resolved after the intermediate report. The resolution commits are stated but not publicly linked to specific fix commits or bytecode diffs from available external sources. Cannot verify specific fix commits without PDF internals. V2 ToB audit resolutions addressed in 0.4.x series without per-finding commit mapping accessible externally. RD-F-005 yellow Audit firm tier Trail of Bits (Tier-1) audited V2 vault core (v0.4.2, 2021). V3 core is covered by ChainSecurity (Tier-2), Statemind (Tier-2), yAcademy (Tier-2) only — no Tier-1 audit of V3. The forward-looking operative V3 surface lacks a Tier-1 audit. V2 Tier-1 (ToB) coverage is of a different code generation. Split result — yellow as the primary active development surface (V3) has only Tier-2 coverage. RD-F-006 yellow Audit-to-deploy gap V3 mainnet launched 2024-03-20. ChainSecurity audit signed off 2024-05-02 (43 days after deploy). yAcademy audit 2024-06-01 (73 days after deploy). Audits were completed AFTER mainnet launch — an inverted timeline compared to the factor's intended direction. This represents an audit-after-deploy scenario rather than pre-deploy validation, which is yellow at minimum. RD-F-007 yellow Bug bounty presence & max payout Active Immunefi program 'yearnfinance' confirmed. Max payout $200,000 for critical smart contract vulnerabilities. Tiers: Critical $20K–$200K, High $5K–$20K, Medium $1K–$5K. Active since 2021-07-01. 41 assets in scope. Max payout $200K is below the $500K green threshold; within the $50K–$499K yellow band. RD-F-012 yellow delegatecall with user-controlled target V3 TokenizedStrategy uses delegatecall in the BaseStrategy pattern to a hardcoded, immutable implementation address (TOKENIZED_STRATEGY constant) — not user-supplied. No user-controlled delegatecall identified in vault core or strategy architecture documentation. Cannot fully confirm without Slither on Solidity periphery. Graded yellow (partial evidence, cannot rule out edge cases in all periphery contracts). RD-F-013 yellow Arbitrary call with user-controlled target No evidence of arbitrary external call with user-controlled target in V3 vault core (Vyper). Strategies call fixed external protocols with addresses set by authorized roles. Cannot fully confirm for all periphery without Slither. Graded yellow on partial evidence. RD-F-014 yellow Reentrancy guard on external-calling functions V3 VaultV3.vy: @nonreentrant('lock') confirmed on update_debt() function per yAudit search results. Vyper 0.3.7 is OUTSIDE the reentrancy-affected range (0.2.15, 0.2.16, 0.3.0 only). V2 Vault.vy: @nonreentrant('withdraw') on deposit confirmed from source. V2 deployed Vyper versions (0.2.8, 0.2.12, 0.3.3) all outside the affected range. Partial confidence because exhaustive coverage of all state-mutating external calls across all strategy contracts is not confirmed from available sources. RD-F-022 yellow Public initialize() without initializer modifier V3 VaultV3.vy exposes initialize() as an external function with a Vyper-native guard: assert self.asset == empty(address), 'initialized'. The __init__() constructor sets self.asset = self as a sentinel, preventing re-initialization. This is architecturally sound for Vyper but is not an OZ initializer modifier — Slither cannot detect it as protected. ChainSecurity audit confirmed no critical findings on initialization. Guard is confirmed from VaultV3.vy source inspection. Graded yellow because (a) Vyper-compiler-level bugs affecting initialization correctness cannot be ruled out without FV, and (b) the equivalence argument for the Vyper guard as an OZ initializer substitute relies on curator judgment. RD-F-024 yellow Code complexity vs audit coverage V3 core: single ~1600 LOC Vyper contract reviewed by 3 firms (ChainSecurity, Statemind, yAcademy). yAudit V3 report: 25-day review, 2 auditors (June 3–28, 2023 per report). Audit coverage relative to code size appears adequate for the core vault. However, dozens of strategy contracts have individual audits by various firms — not all strategy combinations have been co-audited together. Complexity relative to the strategy ecosystem introduces residual gap. RD-F-183 yellow Bug bounty scope gap on highest-TVL contracts Active Immunefi program with 41 in-scope assets confirmed. Named in-scope chains from Immunefi page: Ethereum, Arbitrum, Fantom, Optimism. Katana chain (chainID 747474, ~25.1% of TVL, ~$44.7M) is NOT explicitly listed as confirmed in-scope on the Immunefi page. V3 vaults on Katana represent the second-largest chain allocation. The scope gap ambiguity for the Katana deployment (25% of TVL) warrants yellow under F183 criteria (scope ambiguous or partially covers high-TVL contracts). RD-F-010 gray Static-analyzer high-severity count Slither does not parse Vyper. V3 core VaultV3.vy and V2 Vault.vy cannot be analyzed by Slither, Mythril, or Semgrep. Solidity periphery (TokenizedStrategy.sol) could in principle be analyzed but no published tool run is available. Static analysis gap is structural and unresolvable without Vyper-compatible tooling. RD-F-011 gray SELFDESTRUCT reachable from non-admin path Cannot assess Vyper core via Slither (SELFDESTRUCT detector). Vyper contracts do not natively expose SELFDESTRUCT opcode but static analysis is required for confirmation. Solidity periphery not assessed via tool run. RD-F-016 gray Divide-before-multiply pattern Cannot assess via Slither divide-before-multiply detector on Vyper core. No published analysis identifies this pattern in VaultV3.vy or Vault.vy. Static analysis gap is structural. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned Yearn V3 does not use UUPS proxy pattern. VaultFactory deploys minimal proxies with immutable implementations per version. No _authorizeUpgrade function exists. V2 vaults are also not UUPS. Factor is architecturally not applicable for Vyper-based non-UUPS vault systems. RD-F-023 n/a Constructor calls _disableInitializers() OZ _disableInitializers() is a Solidity UUPS/Transparent proxy construct. Yearn V3 is Vyper with a sentinel-value initialization lock (self.asset = self in __init__). V2 vaults are not proxied implementations. The OZ-specific Solidity mechanism is architecturally inapplicable to Vyper-based vaults.

RD-F-004 green Audit count V3 core: ChainSecurity, Statemind, yAcademy — 3 distinct firms. V2 core: Trail of Bits, MixBytes. Strategy-level: PeckShield, Dedaub, Optimum, Decurity, additional MixBytes. Total 11 distinct audit firms across the yearn-security/audits directory. Easily satisfies the ≥2 distinct firms green threshold.

RD-F-008 green Ignored bounty disclosure Four historical incidents documented; none show a case where a disclosed vulnerability was reported to Yearn and then ignored pre-exploit. The 2021 yDAI incident was discovered at execution time. The 2023 Fulcrum misconfiguration exploits involved legacy immutable contracts where no advance disclosure is documented. No evidence of ignored bounty disclosure pattern.

RD-F-015 green ERC-777/1155/721 hook without reentrancy guard V3 vault interacts with ERC-20 asset tokens only (ERC-4626 standard). No ERC-777 callback pattern identified in VaultV3.vy. V2 core vault is also asset-ERC20 only. No evidence of unguarded ERC-777/1155/721 hooks in core vault contracts.

RD-F-017 green Mixed-decimals math without explicit scaling V3 vault is per-asset (single asset per ERC-4626 vault) — no cross-decimal arithmetic within a single vault. V2 similarly is single-asset per vault. No cross-decimal accounting at the vault core level. Strategy-level multi-token arithmetic (Curve pools) is strategy-specific and not in-scope for vault core assessment.

RD-F-018 green Signed/unsigned arithmetic confusion Vyper 0.3.7 (V3) and Vyper 0.2.x/0.3.3 (V2) enforce strict integer types at the language level and do not permit implicit signed/unsigned mixing. Risk is architecturally lower than Solidity by language design. No published audit finding of signed/unsigned confusion in V2 or V3.

RD-F-019 green ecrecover zero-address return unchecked V3 VaultV3.vy and V2 Vault.vy do not use ecrecover in core vault logic — ERC-4626 with no meta-transaction in core. Solidity periphery uses OZ 4.9.5 SafeERC20 which handles ecrecover correctly. No ecrecover calls without address(0) guard identified.

RD-F-020 green EIP-712 domain separator missing chainId V3 VaultV3.vy implements ERC-4626 permit with Vyper's built-in EIP-712 domain separator which includes CHAIN_ID. V2 core Vault.vy similarly includes chain_id in domain separator per Vyper EIP-712 implementation. ChainSecurity audit did not flag domain separator issues. No evidence of missing chainId.

Governance & admin Green 10 24 of 24

RD-F-029 yellow Multisig signers co-hosted Signers publicly identified from diverse DeFi teams across multiple countries and projects (MakerDAO, Curve, DefiLlama, Rotki, Inverse Finance, Katana, C.R.E.A.M., Yearn). Organizational diversity suggests independent infrastructure. However, ASN-level co-hosting analysis not performed. Yellow: evidence suggests independence but not independently verified at infrastructure level. RD-F-033 yellow Timelock on sensitive actions TimelockController (7d) covers protocol-level governance changes. However, V3 individual vault role assignments (who gets EMERGENCY_MANAGER, DEBT_MANAGER etc.) are set by role_manager (ychad-controlled) without per-action timelocking. V2 vaults are immutable — no relevant sensitive actions possible. Not all 5 sensitive action types (mint/pause/rescue/setOracle/upgrade) uniformly timelocked at vault level; 2-3 of 5 timelocked at protocol level. RD-F-034 yellow Guardian/pause-keeper distinct from upgrader EMERGENCY_MANAGER (shutdown trigger) and role_manager/upgrader (role authority) are distinct roles in V3 architecture. However, ychad multisig controls both via role_manager — not fully independent. Different function/purpose but same root authority. Structurally separated at the role level, converge at ychad. RD-F-041 yellow Rescue/emergencyWithdraw without timelock No classic rescue()/emergencyWithdraw() function in V3 VaultV3.vy. EMERGENCY_MANAGER role triggers vault shutdown (withdrawal-only mode — strategies return funds gradually; cannot instantly drain). This role is assigned by role_manager (ychad-controlled) without individual vault-level timelocking. V2 vaults: immutable, no rescue path. Not a direct drain vector but no timelock gates the role assignment enabling shutdown. Yellow rather than green because role assignment is not timelocked. RD-F-042 yellow Admin has mint() with unlimited max YFI token (0x0bc529c00C6401aef6D220BE8C6Ea1667F6Ad93e) has mint(address, uint256). Supply cap: 36,666 YFI (enforced in contract). Minting controlled by minters mapping gated by governance address (currently ychad-controlled). Not unlimited: supply cap enforced on-chain. Minter additions require governance action. Yellow: mint exists, multisig-governed, cap enforced but not timelocked at the minter-add level. RD-F-167 yellow Deprecated contract paused but pause reversible by live admin V1 vaults (yDAI, yUSDT, yTUSD etc.) are deprecated and fully immutable in Vyper — no pause mechanism exists, so admin cannot reverse a pause (there is no pause to reverse). Deprecated contracts hold residual user funds (confirmed by 2023 exploits of legacy V1 contracts). The F167 concern (admin-reversible pause over deprecated surface) is moot since immutable Vyper has no pause capability. Yellow because residual funds remain in legacy immutable contracts with no admin control over them (cannot pause but also cannot protect users proactively). RD-F-030 gray Hot-wallet signer flag Behavioral on-chain heuristics for hardware vs. hot-wallet signing pattern not assessed. Signer addresses published via yearn-security repo but nonce velocity and gas-price jitter analysis not available from current pipeline or assessment methods. RD-F-044 gray Admin wallet interacts with flagged addresses Chainalysis/TRM cluster feed not available for this assessment. No evidence of flagged interactions from available OSINT. Cannot confirm or deny. RD-F-045 gray Constructor args match governance proposal Constructor args for V3 core contracts (TimelockController, Role Manager) not individually verified against specific governance proposals in this assessment. V3 VaultFactory uses create2 with documented salt derivation. Core contract addresses match official docs. Individual constructor arg verification against proposal text not performed. RD-F-047 gray Governance token concentration (Gini) veYFI (governance token) holder distribution Gini coefficient not computed. YFI total supply ~35,716 circulating / 36,666 max. On-chain holder distribution data not retrieved. Pipeline did not provide concentration analysis.

RD-F-025 green Admin key custody type ychad multisig (0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52) is 6-of-9 Gnosis Safe 1.3.0 + OZ TimelockController (7d delay at 0x88Ba032be87d5EF1fbE87336B7090767F367BF73). Admin key custody type: multisig+timelock. V3 vault role_manager adds a second layer of distributed role assignment.

RD-F-026 green Upgrade multisig signer configuration (M/N) ychad: 6-of-9 (primary governance). Strategist: 3-of-8. Dev: 2-of-8. Primary governance multisig threshold (6/9) is appropriate for $178M TVL. Cache pipeline-verified from Safe Transaction Service API.

RD-F-027 green Single admin EOA Admin role held by ychad 6-of-9 Gnosis Safe multisig (0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52), not an EOA. eth_getCode on that address returns non-zero (it is a contract). No EOA holds effective upgrade or owner role.

RD-F-028 green Low-threshold multisig vs TVL 6-of-9 threshold for $178M TVL is at or above peer norm (protocols ≥$100M commonly use 5-of-9 or 6-of-9). 9 signers are publicly attested DeFi community figures from independent teams (Curve, DefiLlama, Rotki, Inverse, Katana, CREAM, Sky, Yearn). Not abnormally low.

RD-F-031 green Signer rotation recency YIP-84 (April 2025) replaced Monoloco with Ephy and updated Lumberg address (routine rotation, no threshold reduction). YIP-89 (December 2025) replaced Daryl Lau with Omnifient (routine rotation, no threshold reduction). No precursor pattern (threshold reduction within 14d of timelock removal).

RD-F-032 green Timelock duration on upgrades U3 RESOLVED: OZ TimelockController (0x88Ba032be87d5EF1fbE87336B7090767F367BF73) getMinDelay() = 604800 seconds (7 days). Etherscan readContract confirms 604800. Cache value 604800 is correct. Profiler's conflicting '0 seconds' reading was a pipeline fetch error. 7d >> 48h green threshold.

RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle V3 uses 14 distinct roles assignable independently: ACCOUNTANT_MANAGER (fee), DEBT_MANAGER, ADD_STRATEGY_MANAGER, EMERGENCY_MANAGER. No single address must hold all three (upgrade/fee/oracle). Yearn is a yield aggregator — no single 'oracle config' role; upgrade = new VaultFactory deployment. Role separation is structurally enforced by design.

RD-F-036 green Flash-loanable voting weight Governance voting via Snapshot space veyfi.eth uses veYFI which is non-transferable locked YFI (1-week to 4-year lock, Curve veCRV-class). Non-transferable = not flash-loanable by construction. Voting power decays linearly with remaining lock time. Cannot be acquired in a single block.

RD-F-037 green Quorum achievable via single-entity flash loan veYFI is non-transferable and locked; flash-loan-based quorum attack is impossible by construction (cannot acquire voting power in one block). No on-chain quorum parameter. Snapshot off-chain voting with locked-token weight.

RD-F-038 green Proposal execution delay < 24h Full governance path: Snapshot vote (multiple days off-chain) → ychad multisig execution → TimelockController 7-day delay → execution. Total delay >> 48h by any path. No fast-track execution path without bypassing timelock observed.

RD-F-039 green delegatecall/call in proposal execution without allowlist No on-chain Governor contract (cache governor_address: null). Governance: Snapshot off-chain + ychad multisig + TimelockController. OZ TimelockController does not accept proposal-supplied arbitrary delegatecall/call targets; it executes pre-specified calldata queued by authorized proposers. No unconstrained delegatecall execution path.

RD-F-040 green Emergency-veto multisig present ychad 6-of-9 multisig serves as Protocol Guardian per YIP-81: 'with the ability to nullify a proposal or governance decision but cannot make proposals.' Cancel/veto role held by separate multisig (ychad) distinct from the proposer role. 6-of-9 threshold qualifies as ≥3-of-N.

RD-F-043 green Admin = deployer EOA after 7 days Admin role held by ychad 6-of-9 multisig. Not a deployer EOA. V3 vault factory deploys vaults with role_manager set at initialization (ychad-controlled Role Manager). Cache deployer address is null (unresolved) but historical Yearn deployer (Banteg/Andre Cronje) transferred admin long ago. Protocol has operated under multisig governance since YFI launch (2020).

RD-F-046 green Contract unverified on Etherscan/Sourcify All core contracts verified on Etherscan: TimelockController (0x88Ba032be87d5EF1fbE87336B7090767F367BF73 — Solidity 0.8.18, OZ standard, verified), VaultV3 original/impl (0xd8063123BBA3B480569244AE66BFE72B6c84b00d — Vyper 0.3.7, verified), VaultFactory (0x770D0d1Fb036483Ed4AbB6d53c1C88fb277D812F — verified), TokenizedStrategy (0xD377919FA87120584B21279a491F82D5265A139c — verified), Role Manager (0xb3bd6b2e61753c311efbcf0111f75d29706d9a41 — verified). Factory-cloned vault instances inherit code from verified VAULT_ORIGINAL.

Oracle & external dependencies Yellow 24 17 of 17

RD-F-049 yellow Oracle role per asset Oracle role breakdown: (1) Vault pricePerShare: no oracle — internal accounting only. (2) Strategy-level Chainlink feeds: primary price source for yield-source token accounting per strategy; no documented secondary/fallback per asset at framework level. (3) AprOracle (0x1981AD9F44F2EA9aDd2dC4AD7D075c102C70aF92): APY estimation only, not used in pricePerShare or any settlement path. (4) baseFeeOracle in V2 BaseStrategy: harvest gating (gas cost check), not asset pricing. Yellow: each asset has a primary only, no fallback documented at strategy framework level. RD-F-050 yellow Dependency graph (protocols depended upon) External protocol dependencies: V2 strategies — Aave v1/v2, Compound v2, Curve (3pool/yPool/sETH), Convex, dYdX (deprecated), Uniswap v2/v3. V3 strategies — Morpho, Aave v3, Curve/Convex, Sushi, Katana DEX. Yearn docs explicitly document failure modes per protocol type: lending (governance risk, smart contract vuln, liquidation failures, incorrect price feed causing liquidation), AMMs (liquidity shortages, impermanent loss), leverage (oracle-driven liquidation failures). Multi-protocol diversification reduces single-point risk. Prior incidents show Curve manipulation (2021 yDAI) and Fulcrum misconfiguration (2023 yUSDT/TUSD) as realized dependency failures. Yellow: major dependencies, known failure modes, prior realized risk, no single critical unredundant dependency. RD-F-051 yellow Fallback behavior on oracle failure Vault core (V2 + V3): no oracle to fail; fallback not applicable to vault pricePerShare. Strategy-level: V3 TECH_SPEC confirms no staleness checks or fallback oracle mechanism at spec level. Strategy writing guide warns about oracle manipulation risk but does not mandate fallback behavior. V2 BaseStrategy baseFeeOracle failure: harvest reverts until admin updates via setBaseFeeOracle(). No documented fallback to secondary oracle or last-known-price at strategy framework level. Individual strategies may implement their own fallbacks, but this is not systematically verified. Yellow: no uniform fallback; vault core unaffected; strategy-level is undefined at framework level. RD-F-052 yellow Breakage analysis per dependency Yearn's official protocol risk documentation (docs.yearn.fi/developers/security/risks/protocol-risks) documents per-protocol-type failure modes for all major dependencies: lending (liquidation failures, oracle errors, smart contract risk), AMMs (liquidity shortages, impermanent loss, fee reduction), leverage protocols (collateralization failures, oracle-driven liquidation). However, the analysis is category-level, not per-strategy or per-dependency severity matrix. Historical incidents (2021 Curve manipulation yDAI, 2023 Fulcrum misconfiguration yUSDT) confirm that breakage analysis was insufficient pre-incident. Current documentation is substantially improved. Yellow: documented at category level but not structured as per-dependency severity map. RD-F-057 yellow Circuit breaker on price deviation No circuit breaker at vault core level — none needed because no external oracle in the vault pricePerShare path. At strategy level, V3 strategy framework offers an optional HealthCheck contract to prevent inaccurate loss/profit reporting, but this is not mandatory per framework design. Docs state: a health check can prevent automated reports from reporting losses/excessive profits that may not be accurate. No systematic deviation circuit breaker across all strategies. Yellow: optional protection available, not uniformly enforced. RD-F-059 yellow Oracle staleness check present Vault core (V2 + V3): no oracle consumed — staleness check not applicable to vault pricePerShare. Strategy-level: cache identifies Chainlink feeds with heartbeats ranging from 3600s (ETH/USD, BTC/USD, COMP/USD) to 86400s (USDT/USD, AVAX/USD). USDC/USD heartbeat 82800s (23h). Whether individual strategies check updatedAt > block.timestamp - maxStaleness is strategy-specific and not verified at framework level. V2 BaseStrategy.sol and V3 BaseStrategy.sol impose no staleness check requirement. TECH_SPEC.md confirms no staleness checks at spec level. Yellow: strategy-level staleness check not mandated; feeds with 24h heartbeats (USDT/USD, AVAX/USD) are at higher staleness risk if strategies rely on them without checks. RD-F-061 yellow LP token balanceOf used for pricing Vault core: V2/V3 pricePerShare does NOT use balanceOf of LP tokens in price path. V3 _total_assets() = total_idle + total_debt; total_debt represents strategy debt values reported through _harvestAndReport(), not raw LP balanceOf reads. However, individual strategies holding LP positions (Curve, Convex strategies) report their totalAssets through _harvestAndReport() — Yearn strategy writing guide explicitly warns 'care should be taken when relying on oracle values, LP prices etc. that have the potential to be manipulated.' The framework does not prevent LP balanceOf-based pricing in individual strategy implementations. Yellow: vault core clean; individual strategy LP pricing not audited at framework level; historical precedent (2021 yDAI Curve pool manipulation) confirms real exposure. RD-F-062 yellow External keeper/relayer not redundant V3 TokenizedStrategy uses a single-keeper model: one keeper address stored in StrategyData struct, updatable by management via setKeeper(). report() restricted to management or keeper (onlyKeepers modifier) — only two entities can call report. If keeper fails and management is unresponsive, strategy cannot harvest. Gelato/Chainlink Automation/Keep3r can be set as keeper but only one at a time. REPORTING_MANAGER permissionless Keeper at vault level for process_report does not substitute for per-strategy keeper for TokenizedStrategy report(). Protocol can function (degraded — no harvest, yield stalls) but users face opportunity cost. V2 strategies historically used Keep3r network for harvest automation. Yellow: single keeper per strategy with no built-in redundancy, though management can update keeper and protocol is not fully halted without it. RD-F-054 n/a TWAP window duration Yearn vaults use no DEX-TWAP oracle for vault pricing. V2 and V3 pricePerShare is internal accounting (totalIdle + totalDebt / totalSupply). The UniswapV3Swapper in strategy periphery uses Uniswap V3 router exactInputSingle/exactInput with minAmountOut slippage protection only — not a TWAP for vault valuation. No TWAP window to measure. RD-F-055 n/a Oracle pool depth (USD) No DEX-TWAP oracle used in vault pricePerShare. Pool depth measurement not applicable. Strategy-level DEX swappers use router-mediated execution, not pool spot price for vault valuation. RD-F-056 n/a Single-pool oracle (no medianization) No DEX pool oracle used in vault pricePerShare. Single-pool medianization question not applicable. Strategy-level Chainlink feeds (if used) are decentralized push-oracles with multiple nodes, not single DEX pool reads. RD-F-058 gray Max-deviation threshold (bps) No circuit breaker at vault core level. At strategy level, HealthCheck circuit breaker is optional per strategy design. No uniform bps threshold configurable across all strategies. Individual strategy circuit breaker thresholds are not assessable without per-strategy source inspection of the full deployed strategy set. RD-F-060 gray Chainlink aggregator min/max bound misconfig Vault core: no Chainlink aggregator consumed directly. Strategy-level: individual strategies may consume Chainlink feeds; min/max bound configuration is strategy-specific and not verified at framework level. Identified feeds (ETH/USD, BTC/USD, USDC/USD, USDT/USD) are established major-pair Chainlink feeds. Per-strategy min/max bound verification requires inspection of each deployed strategy contract. RD-F-181 n/a Permissionless-pool lending oracle Yearn Finance is a yield aggregator, not a lending protocol. It does not accept collateral, issue loans, or maintain lending markets. The permissionless-pool lending oracle factor (accepting spot prices from permissionlessly-created DEX pools as lending collateral without TWAP/liquidity-floor/token-age minimum) has no architectural surface in Yearn. Vaults do not list collateral assets or perform oracle-based collateral valuation for loan issuance.

RD-F-048 green Oracle providers used Vault core (V2 + V3): no external oracle provider. V2 pricePerShare = totalIdle + totalDebt / totalSupply (internal accounting, Vault.vy _shareValue). V3 pricePerShare() calls _convert_to_assets() using _total_assets() = self.total_idle + self.total_debt — fully oracle-free. Strategy-level: cache identifies 19 Chainlink feeds (advisory, pipeline-matched); confirmed feeds include ETH/USD (0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419, 1h), BTC/USD (0xF4030086522a5bEEa4988F8cA5B36dbC97BeE88c, 1h), USDC/USD (0x8fFfFfd4AfB6115b954Bd326cbe7B4BA576818f6, 23h). On Katana chain: Chainlink ETH/USD (0x7BdB...8eEE), USDC/USD (0xbe5C...9606), BTC/USD (0x41Dd...d162) confirmed at 0.5% deviation threshold. No Pyth, no Uniswap-TWAP, no in-house market price oracle at vault level.

RD-F-053 green Oracle source = spot DEX pool (no TWAP) CRITICAL CHECK PASSED. V2 Vault.vy: pricePerShare derived from _shareValue(shares) = shares * freeFunds / totalSupply where freeFunds = token.balanceOf(self) + totalDebt - lockedProfit(). No DEX pool read, no slot0(), no getReserves(), no latestAnswer(). V3 VaultV3.vy: pricePerShare() returns _convert_to_assets(10**decimals, ROUND_DOWN) where _total_assets() = self.total_idle + self.total_debt. Confirmed oracle-free by raw source inspection. Strategy-level Chainlink feeds are inputs to strategy profit/loss accounting (not vault pricePerShare). No spot DEX price in vault share-price path.

RD-F-180 green Immutable oracle address No oracle address is stored as immutable in any assessed Yearn contract. V2 BaseStrategy.sol: baseFeeOracle declared as mutable public state variable (address public baseFeeOracle), updateable via setBaseFeeOracle(address _baseFeeOracle) external onlyVaultManagers — admin-settable, not immutable. V3 BaseStrategy.sol (tokenized-strategy repo): only immutables are asset (ERC-20 token address) and tokenizedStrategyAddress (implementation contract pointer — not an oracle). No oracle address exists in V3 base strategy. V3 AprOracle: uses mapping(address => address) public oracles — admin-settable via setOracle(address _strategy, address _oracle) external, gated by governance or strategy management. Vault core (V2 + V3) has no oracle address at all. NOTE FOR ORCHESTRATOR: F180 is promoted ★ under rubric v1.4 (T-14 2026-04-22) but held as critical-CANDIDATE for counting per T-12 PD-017. Score is green so has no grade impact.

Economic risk Yellow 33 13 of 13

RD-F-063 yellow TVL (current + 30d trend) TVL $178.03M (2026-05-16; DefiLlama). 30-day change -12.57% (declining). 90-day mean $224.05M (CoV 0.172); current $178M is well below mean — sustained downtrend from ~$800M Oct-2025 peak. Meets the ≥$100M absolute green threshold, but the -12.57% 30d trend and Katana chain concentration (25.1% of TVL on a chain launched June 2025, ~11 months old) push to yellow. Ethereum holds 72.08%; two chains (ETH + Katana) account for 97.18% of TVL. RD-F-064 yellow TVL concentration (top-10 wallet share) Chain-level concentration: Ethereum 72.08% + Katana 25.10% = 97.18% of TVL on two chains; Katana is an L2 launched June 30, 2025 (approximately 11 months old at assessment). Per-depositor concentration within individual vaults is not programmatically accessible without Dune subgraph queries (Dune 403 persistent gap per process-learnings). Strategy-level concentration within the largest vaults (e.g., a single Morpho or Aave strategy holding 40%+ of a vault) is also unverified without per-vault on-chain reads across 114+ vaults. Scored yellow: observable chain-level concentration is moderate (two chains = 97%), Katana secondary-chain risk is elevated, per-depositor gap not resolvable in this assessment session. RD-F-065 yellow Liquidity depth per major asset Yearn is a vault aggregator; depositor exit liquidity depends on vault withdrawal queues and underlying strategy liquidity (Aave, Morpho, Curve), not direct on-chain DEX depth of vault tokens. Stablecoin vaults (yvUSDC, yvUSDT, yvUSD) have large underlying liquidity in Aave and Morpho, supporting normal-condition redemptions. ETH/WETH vaults similarly liquid. However: (1) V3 vaults use a configurable `minimum_total_idle` withdrawal reserve; actual values across 114+ tracked vaults are unknown without per-vault on-chain reads; (2) Katana-chain vaults ($44.7M) are on a nascent L2 with lower on-chain liquidity depth than Ethereum; (3) strategy allocation mechanics can leave vaults fully allocated with limited instant liquidity. Scored yellow: no acute liquidity crisis evident but aggregator-specific withdrawal-queue risk is unquantified and Katana liquidity is structurally shallower. RD-F-074 yellow ERC-4626 virtual-share offset (OZ ≥4.9) LIVE factor — Yearn is ERC-4626. The Vyper V3 core vault (VaultV3.vy, API_VERSION 3.0.4) does NOT implement the OZ 4.9.x virtual-share offset (_decimalsOffset pattern). Raw source analysis: _convert_to_shares() returns assets 1:1 when total_supply == 0; initialize() has no dead-shares mechanism or seed deposit parameter; VaultFactory.vy deploy_new_vault() has no initial_deposit or dead_shares parameter. The OZ 4.9.5 oz_contracts_version cited in cache applies to the Solidity periphery only (ERC4626Router, TokenizedStrategy Solidity wrapper) -- NOT to the Vyper core vault. V2 Vault.vy has the same gap: _issueSharesForAmount() returns amount 1:1 when totalSupply == 0. Mitigants: (1) V3 vaults are deployed by permissioned actors (Yearn team / Role Manager), not permissionless -- attack requires controlling the first deposit; (2) Role Manager configuration of strategies is staged separately from vault deployment, providing an operational window to seed the vault; (3) ChainSecurity 2024-05 RD-F-075 yellow First-depositor / share-inflation guard LIVE factor -- confirms F074 finding. Neither V2 Vyper vaults nor V3 Vyper core implement a first-depositor guard. V3 _deposit() checks: (1) assets <= max_deposit (deposit limit); (2) assets > 0; (3) shares > 0 -- no empty-vault inflation check. minimum_total_idle in V3 is a withdrawal-reserve configuration (enforced during _update_debt, not during deposit share pricing) and does not act as a first-depositor guard. V2 _issueSharesForAmount() is 1:1 at zero supply with no floor. Historical precedent: 2023-04-13 exploit (rekt.news/yearn2-rekt) involved share-price manipulation on a legacy yUSDT V1 vault (immutable Fulcrum address misconfiguration enabling share inflation). This is a related but distinct share-accounting attack class -- it confirms that share-price mechanics in Yearn legacy vaults have been exploited before. V3 has Role Manager permissioning which constrains but does not eliminate the first-depositor risk window. yAudit June 2023 audit of early Yearn V3 noted double-round RD-F-066 n/a Utilization rate (lending protocols) Yearn Finance is a yield aggregator with no borrow markets and no utilization rate. Cache confirms: sources.defillama.borrow.present=false, total_borrowed_usd=null, utilization_rate_pct=null. Per PD-024 Cat 4 applicability table, RD-F-066 is lending-only and produces not_applicable for non-lending protocol types. RD-F-067 n/a Historical bad-debt events Yearn has no lending book and therefore no bad-debt events in the lending sense. Historical Yearn incidents (2021-02-04, 2023-04-13, 2023-11-30, 2023-12-16) involved strategy-level losses or vault misconfiguration, not bad debt in a collateralized lending context. Per PD-024, RD-F-067 is lending-only and not applicable to yield aggregators. RD-F-068 n/a Collateralization under stress Yearn Finance has no collateral book or borrow positions. No collateralization ratio is definable or computable. Per PD-024, RD-F-068 is lending-only and not applicable to yield aggregators. RD-F-069 n/a Algorithmic / under-collateralized stablecoin Yearn Finance does not issue a stablecoin. yvUSD (launched January 19, 2026) is a yield-bearing ERC-4626 vault token backed 1:1 by deposited stablecoins (USDC, USDT, DAI, etc.) — a yield aggregator wrapper, not an algorithmic or under-collateralized stablecoin design. Per PD-024, RD-F-069 is lending-only and not applicable. Architectural reason: Yearn is a YIELD protocol type, not an algorithmic stablecoin issuer. RD-F-070 n/a Empty cToken-style market (zero supply/borrow) Yearn Finance is an original protocol (not a Compound V2 fork) and has no cToken-style borrow/supply markets. The donation/empty-market attack pattern (attacker donates assets to an empty cToken market, manipulating the exchange rate) requires a Compound V2 fork architecture with market primitives (totalSupply, totalBorrow, exchangeRateCurrent). No such architecture exists in any Yearn V2 or V3 contract. Hacksdatabase confirms: yearn-rekt1.md 'Forked? N -- original Yearn protocol'; yearn2-rekt.md 'Forked? N -- original iearn protocol'. Taxonomy Cat 4 explicitly marks RD-F-070 as Compound-fork-only. RD-F-070 is not_applicable with gap_reason not_applicable. RD-F-071 n/a Seed-deposit requirement for new market listing Yearn does not list lending markets. New vault deployments via VaultFactory.vy do not require a seed deposit -- the factory's deploy_new_vault() function accepts only (asset, name, symbol, role_manager, profit_max_unlock_time) with no initial deposit parameter. This is a vault deployment, not a lending market listing. Per PD-024, RD-F-071 is lending-only (seed-deposit requirement for new-market listing) and not applicable. RD-F-072 n/a Market-listing governance threshold Yearn has no lending market listing governance. Vault deployment is controlled by the Role Manager / ychad multisig but vault creation is not a lending-market listing with defined governance thresholds (permissionless / low / high). Per PD-024, RD-F-072 is lending-only and not applicable. RD-F-073 n/a Oracle-manipulation-proof borrow cap Yearn has no per-asset borrow caps and no oracle-dependent lending book. The oracle-proof borrow cap factor requires a lending protocol with per-asset borrow limits derived from oracle pool depth. Per PD-024, RD-F-073 is lending-only and not applicable.

Operational history Yellow 42 15 of 15

RD-F-077 red Prior exploit count 4 distinct confirmed incidents: (1) 2021-02-04 ~$11M yDAI V1 flash loan + migration window exploit; (2) 2023-04-13 ~$11.4M yUSDT wrong Fulcrum address; (3) 2023-11-30 ~$9M yETH stableswap Newton-Raphson underflow; (4) 2023-12-16 ~$293K iearn TUSD identical Fulcrum misconfiguration. Total gross loss ~$31.7M. No full recovery on any incident. Threshold: red = ≥2 exploits or any unrecovered loss. RD-F-078 red Chronic-exploit flag (≥3 incidents) 4 confirmed distinct incidents in hack database (2021-02-04, 2023-04-13, 2023-11-30, 2023-12-16). Threshold for CHRONIC flag fires at ≥3. Binary flag = red. CHRONIC badge determination (PD-022 same-root-cause ≥3) is borderline — the identical Fulcrum-misconfiguration class has 2 events; broader 'legacy immutable/abandoned' meta-class has 3 events within 8 months — requires_curator_input for final badge call. F078 scores red on incident count alone (4 ≥ 3). RD-F-079 red Same-root-cause repeat exploit Incidents #2 (2023-04-13, yUSDT) and #4 (2023-12-16, iearn TUSD) share identical root cause: legacy immutable iearn contract configured with wrong Fulcrum address since deployment day, never corrected, user funds never migrated. Hacksdatabase yearn-rekt4.md explicitly describes incident #4 as 'a virtual carbon copy of the April 2023 iearn USDT vault bug' with the same configuration error pattern. Two events with identical root-cause cluster = red. Incidents #1 (migration window) and #3 (Newton-Raphson underflow) have distinct root causes. RD-F-089 red Insurance coverage active No active protocol-level insurance coverage found as of 2026-05-16. Historical context: Nexus Mutual paid $2.3M after the 2021 exploit, and Yinsure.Finance provided individual vault covers circa 2020. Current status: Nexus Mutual vault-by-vault coverage is user-purchased at individual discretion, not a protocol-level blanket commitment. No evidence of Yearn Treasury purchasing institutional cover for the current $178M TVL. Sherlock listing (audits.sherlock.xyz/bug-bounties/30) is a bug bounty contest venue, not insurance cover. Threshold: green = ≥5% TVL covered ($8.9M floor); red = no active coverage. RD-F-166 red Deprecated contracts still holding value Hacksdatabase yearn-rekt4.md (2023-12-16 incident) confirms approximately $214K sUSD is permanently locked inside the exploited iearn TUSD V1 vault (0x73a052500105205d34daf004eab301916da8190f) — described as 'mathematically unreachable and visible on-chain as permanent collateral damage' because the legacy code does not recognize sUSD as a valid asset. This exceeds the $100K threshold for red. All V1 vaults are deprecated per Yearn docs; additional residual balances across other deprecated V1 contracts are plausible but not enumerated. The TUSD vault alone confirms the red condition. RD-F-081 yellow Post-exploit response score Scored on most-recent incident (#4, 2023-12-16). Compensation: none (legacy contract, not current infrastructure). Transparency: Yearn publicly characterized the contract as '2,100 days old' and unrelated to current vaults. Root-cause: confirmed (Fulcrum iSUSD vs TUSD strategy mismatch). Recovery speed: no war room spun up; external researchers (William Li, PeckShield) detected it. Score 2/5 on incident #4. Historical context: incident #1 scored 4/5 (11-min vault disable, preserved 24M DAI); incident #3 scored 4/5 (war room ~20 min, SEAL911, $2.4M recovered). Pattern shows strong response capability on incidents involving current infrastructure but minimal response for legacy contracts. RD-F-083 yellow Auditor re-engaged after last exploit Incident #3 (2023-11-30): ChainSecurity engaged in war room post-exploit per hacksdatabase yearn-rekt3.md — this constitutes an incident review by a Tier-1 firm. A ChainSecurity audit of Yearn V3 is documented in profile §8 (2024-05), post-dating both 2023 incidents; this covers current V2/V3 infrastructure. However, no specific re-audit or formal incident review was commissioned specifically for incident #4 (2023-12-16, most-recent). The 2024-05 ChainSecurity engagement covers current operative infrastructure but not the deprecated V1 legacy vault class exploited in #4. Score: yellow (re-audit covers live protocol post-incidents but not the specific deprecated vault class). RD-F-084 yellow TVL stability (CoV over 90d) 90-day TVL CoV = 0.172 per cache sources.defillama.tvl_cov_90d. Threshold: green < 0.15; yellow 0.15–0.35; red > 0.35. CoV 0.172 falls in yellow band. 30-day change is -12.57% indicating declining trend. Mean 90d TVL was $224M vs current $178M, a ~20% decline from the window mean. RD-F-085 yellow Incident response time (minutes) Most-recent incident (#4, 2023-12-16): External researcher William Li spotted the attack in real-time ('Another Yearn V1 vault attack is underway!'); PeckShield flagged simultaneously; Yearn's own response was characterization of the vault as 'deployed over 2,100 days ago' — no war room, no on-chain action possible (immutable contract). Official team statement timing not precisely documented but likely within hours via social media. Incident #1 (2021-02-04): 11 minutes to vault disable (green-class response). Incident #3 (2023-11-30): War room ~20 minutes post-exploit. Scoring on most-recent incident #4 where team statement timing is indeterminate but external detection was real-time; no formal ≤60 min team statement confirmed.

RD-F-076 green Protocol age (days) Earliest mainnet TVL recorded 2020-02-13 (DefiLlama daily series timestamp 1581548400); V2 vaults live since mid-2020; V3 mainnet launched 2024-03-20. Days from 2020-02-13 to 2026-05-16 = ~2,283 days, well above the 365-day green threshold. Protocol has been continuously live through multiple market cycles.

RD-F-080 green Days since last exploit Most recent incident: 2023-12-16. Days from 2023-12-16 to 2026-05-16 = approximately 882 days (>365 days). Green threshold: >365 days since last exploit. No active incident per profile has_active_incident: false.

RD-F-082 green Post-mortem published within 30 days All 4 incidents have documented public post-mortems published within 30 days. Incident #1 (2021-02-04): Yearn Security disclosures repo, published within days. Incident #2 (2023-04-13): rekt.news article published contemporaneously (same day/week). Incident #3 (2023-11-30): The Block and Yearn announcements within 1–2 weeks. Incident #4 (2023-12-16): rekt.news coverage contemporaneous with event. Most-recent incident (#4) post-mortem was effectively immediate (external coverage).

RD-F-086 green Pause activations (trailing 12 months) No pause activations identified in the trailing 12 months (2025-05-16 to 2026-05-16). V2 vault contracts are immutable and have no pause mechanism. V3 vaults have a Role Manager with emergency roles but no specific pause activations documented in available evidence. Protocol has_active_incident: false per profile. Cache defillama.hacks:[] is noted as a gap (U6) but no pause events surfaced through independent evidence channels.

RD-F-087 green Pause > 7 consecutive days No pause event exceeding 7 consecutive days identified in trailing 12 months. V2 vaults are immutable (no pause mechanism exists). V3 vaults have no documented pause events. No active incident per profile.

RD-F-088 green Re-deployed to new addresses in last year No full redeployment to new address set identified in the trailing 12 months. V3 core contracts (VaultFactory, TokenizedStrategy, Role Manager) are stable at documented addresses. Last GitHub commit 2026-05-14 reflects active development, not emergency redeployment. V3 mainnet launched 2024-03-20, which is within the trailing 12 months only at the outer edge, but this was a new version launch rather than a retirement/redeployment of prior V2 addresses.

Real-time signals Green 13 22 of 22

RD-F-100 yellow Flash loan >$10M targeting protocol tokens Flash-loan origination targeting protocol. Historical pattern: exploits 1 (2021-02-04 — 116K ETH dYdX + 99K ETH Aave + 134M USDC Compound flash loans), 2 (2023-04-13 — 10,000 USDT input exploited share inflation via Fulcrum misconfiguration, not a flash loan per se but flash-loan-enabled share accounting), 4 (2023-12-16 — 30M USDC Morpho flash loan used for donation attack). Current V3 vault architecture does not use spot-price-dependent share valuation, reducing the flash-loan manipulation attack surface materially. However, legacy immutable V1/V2 vaults remain on-chain with residual user balances (confirmed by hacksdatabase). The structural residue of legacy vaults means flash-loan targeting of Yearn contracts is not zero-risk. No large flash loan targeting Yearn contracts detected as of 2026-05-16. Phase-2 signal; not live. Yellow: elevated structural residual from legacy vault surface. RD-F-105 yellow DNS/CDN/frontend hash drift DNS/frontend hash drift signal. Applicable: yearn.finance and yearn.fi are active production frontends. Historical DNS disruption: a 2023 domain registrar incident took yearn.finance offline (BeInCrypto reported; yearn.fi remained operational). While this was an administrative registrar issue (not a malicious DNS hijack), it demonstrates the DNS surface has been impacted. No active DNS/frontend drift event as of 2026-05-16. Phase-2 signal; not live. Yellow: registrar disruption history plus documented impersonator domain ecosystem elevates posture above green. Signal design: fires on unscheduled hash drift vs last-known-good baseline; suppressed on change-management allowlist entries. RD-F-109 yellow Social-media impersonation scam spike Social-media impersonation scam-spike. Well-known Yearn brand with documented impersonator ecosystem: HackMD yearn-clones page lists 70+ impersonator domains (syfi.finance, yearn2.finance, xyearn.finance, xearn.finance, yaerm.finance doppelganger, etc.). CoinTelegraph documented a 'yaerm.finance' doppelganger scam that nearly perfectly copied the Yearn Finance website (exact article date 404 on retrieval, but documented in investing.com cross-post). A December 2025 phishing scam used fake on-chain messages targeting Yearn Finance (Phemex News). No acute social-media scam spike detected as of 2026-05-16. Yellow: documented continuous impersonation ecosystem represents elevated baseline risk; no acute spike today. RD-F-090 gray Mixer withdrawal → protocol interaction Signal applicable: Yearn is an EVM protocol with documented history of attacker wallets funded via Tornado Cash (exploits 1-3) and Railgun (exploit 3). Current posture: no confirmed mixer-funded wallet currently interacting with Yearn protocol core contracts within last 30 days identified via public sources. Requires licensed Chainalysis/TRM feed for definitive 30-day window assessment. Historical mixer-funded attackers (post-exploit launder) do not constitute current inbound pre-strike signal. Phase-2 signal not live in production pipeline. RD-F-091 gray Partial-drain test transactions Signal applicable in principle (partial-drain test patterns before large drain). Yearn's 4 historical exploits were predominantly atomic single-transaction events (exploit 1 = multi-tx sequence but not multi-session pre-drain; exploit 3 = single-tx atomic attack). No partial-drain pre-cursor test-tx pattern identified in the Yearn exploit record as a separate detectable phase. production pipeline signal not yet implemented signal; production pipeline not implemented. RD-F-092 gray Unusual mempool pattern from deployer wallet Signal applicable: Yearn V3 deployer (0x2d407ddb06311396fe14d4b49da5f0471447d45c, Etherscan label 'Contract Deployer') and Banteg deployer (0xb23072040b02602a6c2f6cb8d3cff92ad6b904f6, Etherscan label 'Artem: Deployer') are publicly identified. No unusual mempool patterns from either deployer identified as of 2026-05-16 via public Etherscan observation. Requires live mempool monitoring infrastructure (phase-2). production pipeline signal not yet implemented. RD-F-093 gray Abnormal gas-price willingness from attacker wallet Abnormal gas-price willingness from attacker wallet (≥5x EMA baseline). Applicable to Yearn (EVM, Ethereum mainnet). No attacker wallet identified as paying abnormal gas on Yearn contract interactions as of 2026-05-16. Requires real-time attacker-wallet cluster list plus gas-price monitoring. production pipeline signal not yet implemented. Prior exploits (atomic MEV-style attacks) would have shown high gas willingness, but detection window was zero (atomic completion before detection). RD-F-094 gray New contract with similar bytecode to exploit template New contract deployment with similar bytecode to Yearn protocol target. Applicable: V3 VaultFactory create2 deployments produce identifiable bytecode patterns; exploit 3 (yETH 2023-11) used helper contracts that self-destructed to erase bytecode. No new similar-bytecode deploy targeting Yearn identified via public sources as of 2026-05-16. Requires on-chain bytecode sweep. production pipeline signal not yet implemented. RD-F-095 gray Known-exploit function-selector replay Known-exploit replay selector pattern. Applicable: exploits 2 (2023-04-13, yUSDT share inflation) and 4 (2023-12-16, TUSD share inflation) used identical root cause in different vaults — same function selector pattern theoretically detectable. No known active replay attempt detected via public sources. Requires live selector-pattern DB + mempool sweep. production pipeline signal not yet implemented. RD-F-096 gray New ERC-20 approval to unverified contract from whale New ERC-20 approval to unverified contract from high-TVL user. Applicable to Yearn V3 ERC-4626 vault pattern. No specific alerts identified for Yearn as of 2026-05-16. Requires mempool + explorer sweep. V2-deferred per T-09 (moves to consumer-app scope). RD-F-097 gray Sybil surge of identical-pattern transactions Sybil surge of identical-pattern transactions. Low applicability to Yearn yield aggregator (not a DEX or governance-vote platform). Yearn exploits used single attacker + helper contracts, not sybil wallet patterns. V2-deferred. No sybil surge detected as of 2026-05-16. RD-F-102 gray Admin/upgrade transaction in mempool Admin/upgrade transaction appearing in mempool. Applicable: ychad 6-of-9 multisig + TimelockController control admin operations. No suspicious admin tx in mempool identified via public sources as of 2026-05-16. Requires live mempool listener infrastructure (Flashbots stream or Blocknative). Phase-2 signal; not live in production pipeline. RD-F-103 n/a Bridge signer-set change proposed/executed Bridge signer-set change signal. Structurally not applicable: Yearn does not operate a bridge (has_bridge_surface=false; is_a_bridge=false per briefing §7). Katana chain deployment is a native V3 vault instance via VaultFactory; the Katana VaultBridge is a Katana-chain mechanism operated by Katana, not Yearn. Yearn has no bridge signer set to monitor. Signal would never fire for this protocol. RD-F-106 n/a Cross-chain bridge unverified mint pattern Cross-chain bridge tx pattern (deposit src, mint dst without proof). Structurally not applicable: Yearn does not operate a cross-chain bridge (has_bridge_surface=false). Multi-chain deployments are independent per-chain vault instances via VaultFactory. No cross-chain message relay or bridge inbox exists in Yearn's architecture. RD-F-107 gray Admin EOA signing from new geography/device Admin EOA signing from new geography/device fingerprint. Structurally-limited for Yearn: ychad is a 6-of-9 multisig (not an EOA); admin signing occurs via Gnosis Safe multi-signature coordination. Geography/device fingerprinting of multisig co-signers is off-chain and not publicly accessible. Requires MPC/session-key provider telemetry. V2-deferred; P2 signal. RD-F-108 gray GitHub force-push to sensitive branch GitHub force-push/sensitive-branch push. Applicable: yearn/yearn-vaults-v3 is the active repository; last commit 2026-05-14 (healthy activity). No force-push or anomalous push to main/production branch detected via public GitHub as of 2026-05-16. Requires GitHub API monitoring integration. Phase-2 signal. RD-F-110 gray Unusual pending/executed proposal ratio Unusual pending/executed governance proposal ratio. Applicable: veyfi.eth Snapshot + OZ TimelockController. Requires trailing-30d baseline analytics on proposal counts. No baseline established for Yearn in production pipeline. Derived signal from RD-F-101 analytics. V2-deferred per T-09.

RD-F-098 green TVL anomaly — % drop in <1h TVL anomaly signal (≥30% drop in 60-min window vs 30d baseline). Current TVL $178.03M; 30d mean $224.05M; current is ~79.5% of 30d mean. This is a gradual 30-day secular decline (-12.57%), NOT an acute 1h drop. Signal threshold: TVL_now/TVL_baseline_30d < 0.70 within 60-min window. Current posture: does not meet threshold on a 1h basis. No acute drain event active as of 2026-05-16. Signal would NOT fire today.

RD-F-099 green Oracle price deviation >X% from secondary Oracle price deviation >1% from secondary source (phase-2 signal). Core yVault pricePerShare is derived from internal strategy accounting, not a DEX spot oracle of the vault token — making the vault core immune to external oracle deviation. Strategy layer: 19 Chainlink feeds identified in cache (advisory). No oracle deviation detected via public sources as of 2026-05-16. Note: full signal applicability for the strategy layer requires per-strategy oracle mapping (planned for phase-2 curator workflow). Signal not live in production pipeline.

RD-F-101 green Large governance proposal queued Large governance proposal execution queued. Snapshot veyfi.eth uses veYFI locked vote-escrow mechanism (Curve veCRV-class — not flash-loanable). No malicious-pattern governance proposal detected in Snapshot veyfi.eth as of 2026-05-16. ychad 6-of-9 multisig serves as guardian (can nullify proposals). TimelockController minDelay conflict (cache 604800s vs Etherscan 0) is a governance-admin Cat 2 concern; Cat 6 signal fires on actively queued malicious-pattern proposals, not on the timelock delay value itself. No flagged-pattern proposal queued today.

RD-F-104 green Stablecoin depeg >2% on shared-LP venue Stablecoin depeg >2% on venues with shared LP. Protocol exposure: V2 strategies heavily exposed to USDC, USDT, DAI via Curve 3pool, Aave, Compound — exposure well exceeds 5% TVL threshold on multiple stables. No stablecoin depeg event as of 2026-05-16: USDC, USDT, DAI all trading at or near $1.00 on major venues (Chainlink feeds, Curve). Signal would not fire today.

RD-F-182 green Security-Council threshold reduction (RT) Security-Council threshold reduction event (batch-24, Cat 6B RT signal). Applicable: ychad 6-of-9 multisig functions as Yearn's effective governance guardian (equivalent to a Security Council in this context). Threshold: any threshold reduction on ychad, or timelock removal, or new-signer addition within ≤14 days of either. Current posture: ychad threshold confirmed at 6-of-9 (cache sources.safe_multisigs[0]; Yearn docs). No threshold reduction event detected on ychad in recent on-chain history. TimelockController minDelay conflict (cache 604800s vs Etherscan 0) is unresolved; if minDelay was recently changed to 0 (not always-zero), that would be a timelock-removal event qualifying under F182. Pending governance-admin resolution: if minDelay confirmed = 0 and was recently reduced, this factor elevates to yellow. Current assessment: green pending governance-admin finding on minDelay history.

Dev identity & insider risk Green 8 16 of 16

RD-F-111 yellow Team doxx status Mixed doxx status. ychad multisig has 4 real-name doxxed signers (Mariano Conti / former MakerDAO, Lefteris Karapetsas / Rotki, Michael Egorov / Curve, Leo Cheng / C.R.E.A.M.) and 5 consistent-pseudonym signers (omnifient, Ephy, CryptoHarry, Tapir, Lumberg). Core dev banteg is a multi-year consistent pseudonym (first name 'Artem' reported; no surname doxx). Operative deployer EOA is unlabeled but within Yearn deployer chain. Named doxxed signers satisfy the green threshold of >=2 real-name signers, but the deployer EOA and majority of contributors remain pseudonymous. Yellow: consistent pseudonyms with track record but team doxx is partial. RD-F-117 yellow ENS/NameStone identity bound to deployer Yearn uses ENS extensively at the protocol level: ychad.eth (governance multisig 0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52), brain.ychad.eth, dev.ychad.eth, veyfi.eth (Snapshot space). banteg self-attested use of yfi.banteg.eth as a personal signer address (X post 2020). However, the operative V3 VaultFactory deployer EOA (0x78d4BDEBc0B4140f01BAB63085F94A5a7A1294f2) does not show an ENS reverse-resolution name on Etherscan. Yellow: ENS names bound to governance multisig and key contributor handle but not confirmed on operative deployer EOA. RD-F-120 yellow Video-off/voice-consistency flag Named signers (Michael Egorov, Lefteris Karapetsas, Mariano Conti) have documented public video/conference appearances in the DeFi community, satisfying the positive signal. banteg maintains pseudonymity and has no confirmed on-camera video appearances found in OSINT review. banteg is voice-active on podcast/audio channels and text-active on X/GitHub but video appearances are not confirmed. Yellow: team overall has public video presence via named signers, but core developer banteg has limited confirmed video presence; no red flags indicating false identity. RD-F-119 gray Commit timezone consistent with stated geography Commit timezone analysis not performed. GitHub API commit histogram analysis of yearn-vaults-v3 contributors is a programmatic-hard task requiring pipeline tooling not available in this assessment pass. The Coordinape/Keller DPRK incident is contextually relevant but Keller's access was to a peripheral tool, not the V3 vault codebase itself. No public reporting of timezone anomaly in the yearn-vaults-v3 repo has been identified. Assessment deferred to curator pipeline. RD-F-122 gray Contributor paid to DPRK-cluster wallet Chainalysis or TRM DPRK cluster feed not publicly queryable for individual contributor payment address traversal. The Coordinape/Keller incident: banteg confirmed Keller's work was restricted to Coordinape (payroll coordination app); no confirmed routing of Keller wages to DPRK cluster via Yearn deployer or treasury addresses was publicly documented. Individual contributor payment addresses for the broader Yearn team are not enumerated publicly. Cannot assess without CTI feed access. RD-F-184 gray Real-capital social-engineering persona The Coordinape/Keller DPRK incident (CoinDesk Oct 2024) is the closest known comparator to an F184 social-engineering persona at Yearn. However: (a) Keller's access was restricted to Coordinape, a peripheral payroll coordination tool, not the V3/V2 vault protocol itself; (b) no evidence of >=1M real-capital deposits to Yearn vaults attributed to a social-engineering persona has been publicly documented; (c) F184 requires curator-flagged persona with >=1M real-capital credentialing via cross-source verification not completed. The Drift/UNC4736 comparator involved a higher-confidence, protocol-specific embedding. This assessment is gray pending curator investigation. No red finding warranted at this time.

RD-F-112 green Team public accountability surface Named signers each have >=3 verifiable public trails. Mariano Conti: nanexcool.com + MakerDAO career + conference appearances. Lefteris Karapetsas: Rotki app founder + GitHub + conference talks. Michael Egorov: Curve Finance founder + academic background + CoinMarketCap profile. banteg: GitHub (2,900 followers, 219 repos, Yearn org) + X/@bantg (active since 2020) + banteg.xyz (technical blog). Threshold of >=3 trails per core member met for doxxed signers and banteg on pseudonymous track-record basis.

RD-F-113 green Team other-protocol involvement history All named ychad signers come from reputable DeFi protocols: Mariano Conti (MakerDAO), Michael Egorov (Curve), Leo Cheng (C.R.E.A.M.), Lefteris Karapetsas (Rotki), Ephy (MakerDAO/Dewiz per YIP-84). banteg: 5+ years Yearn-only contributor, no rug history. The Coordinape/Keller DPRK incident involves an external contributor to a peripheral payroll tool (not a core team signer or deployer); banteg confirmed restricted access. No rug or exit-scam affiliation identified for any named team member.

RD-F-114 green Deployer address prior on-chain history Operative V3 VaultFactory deployer (0x78d4BDEBc0B4140f01BAB63085F94A5a7A1294f2): 151 transactions, first active ~March 2023 (>12 months before V3 factory deploy ~March 2024), funded exclusively by Yearn: Deployer 20 and related Yearn deployer wallets. Etherscan labels this as 'Contract Deployer'. No flagged activity, no prior rug deployment pattern detected. Categorization: normal-dev-history. CTI feed not directly queried but Etherscan label chain is clean.

RD-F-115 green Prior rug/exit-scam affiliation No rug or exit-scam affiliation confirmed for any named team member or banteg. The Coordinape/Keller DPRK incident involves an external contributor to a peripheral tool; Keller was not a protocol team member or governance signer and had no access to core contracts per banteg's direct statement. Named signers (Conti, Egorov, Karapetsas, Cheng, Ephy) have clean publicly-documented histories at reputable DeFi protocols.

RD-F-116 green Contributor tenure at admin-permissioned PR banteg: verifiable contribution to Yearn org repos since at least 2020 (>6 years, far exceeding 180-day green threshold). GitHub profile shows 219 repositories and Yearn org membership. Most recent admin-permissioned changes to V3 codebase (yearn-vaults-v3 last commit 2026-05-14 per cache) are by long-tenured contributors. YIP-84 signer change is governance-elected (not PR-based) and went through 30-day public forum process. No PR by a <30-day contributor to core permissioned path identified.

RD-F-118 green Handle reuse across failed/rugged projects No handle reuse across failed or rugged projects detected. banteg (@bantg) has maintained a single consistent identity since at least 2020 across X, GitHub, and the Yearn governance forum. Named signers use their real names or consistent handles tied to known active protocols. No Wayback Machine or OSINT evidence of prior project association under different alias found.

RD-F-121 green Contributor OSINT depth score Named signers score 5/5 on OSINT depth: Mariano Conti (nanexcool.com, prior MakerDAO employment, conference talks), Lefteris Karapetsas (Rotki founder, GitHub, LinkedIn), Michael Egorov (Curve founder, academic background, extensive media). banteg scores 4/5: extensive GitHub history, X account since 2020, technical blog banteg.xyz, Yearn org membership, DeFi community recognition — no LinkedIn. Pseudonymous signers (omnifient, CryptoHarry, Tapir, Ephy) score 2-3/5. Weighted average across identifiable core team members ~4, meeting the green threshold.

RD-F-123 green Sudden admin-rescue/ACL change without discussion GREEN (critical). Yearn's governance process mandates minimum 3-day forum discussion plus 5-day Snapshot vote before multisig execution (docs.yearn.fi/contributing/governance/proposal-process). YIP-84 (April 2025 signer rotation: Monoloco replaced by Ephy; Lumberg address key-rotation): 30-day public forum discussion period, fully documented rationale, voluntary departure confirmed. OZ TimelockController (0x88Ba032be87d5EF1fbE87336B7090767F367BF73) independently verified at 604800s (7 days) via Etherscan readContract getMinDelay(). No undiscussed or unilateral ACL changes identified in 180-day review window. Yearn's guardian-role design (ychad can nullify but cannot make proposals) further constrains insider-ACL-change risk.

RD-F-124 green Deployer wallet mixer-funded within 30 days GREEN (critical). Operative V3 VaultFactory deployer (0x78d4BDEBc0B4140f01BAB63085F94A5a7A1294f2) funded by Yearn: Deployer 20 (0xb865aaf1f9f60630934739595f183c4900f65ed9) via tx 0xa849c51dcc2578027fe5a7bfd40c50ce3067373d2e91462e960524a6dc75cce9 (~March 2023). Deployer 20 in turn funded from 0x623d4A04...87C02fC0a (legacy Yearn operational wallet). Later funding from Yearn: Deployer 30 and one additional Yearn wallet. 13 total incoming transactions, all from Etherscan-labeled Yearn deployer chain. No Tornado Cash, Railgun, or other mixer interaction detected at any hop in the 30-day pre-deploy window (V3 VaultFactory deploy ~March 2024). Scope limited to operative V3/V2 deployer per U9 instruction; Andre Cronje era V1 deployer not assessed.

RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus GREEN (critical). Operative deployer chain (0x78d4BDEB to Deployer 20 to 0x623d4A04) terminates in Etherscan-labeled Yearn operational wallets with no OFAC SDN or DPRK/Lazarus cluster designation found. ychad multisig signers are publicly named DeFi figures (Mariano Conti, Lefteris Karapetsas, Michael Egorov, etc.) with no DPRK proximity reported. The Coordinape/Keller DPRK incident: Keller was an external contributor to Coordinape (payroll tool), not a signer or deployer; banteg publicly confirmed no core codebase access; no on-chain routing of Keller wages to Yearn deployer/treasury chain documented. The 4 historical exploits (Cat 5) are external attacker events and do not constitute deployer-level DPRK proximity per U4. No DPRK-confirmed connection exists. No escalation required.

Fork / dependency lineage Green 11 10 of 10

RD-F-133 yellow Dependency manifest uses unpinned versions yearn-vaults-v3 package.json pins OpenZeppelin as '^4.9.5' — caret range allowing minor/patch updates (4.9.6, 4.10.x) but pinning to major version 4. OZ is a security-critical library. Caret is not exact-version pinning. foundry.toml uses path-based remapping without inline version specification. Graded yellow: OZ is semi-pinned (major version constrained) rather than fully unpinned, but not at the exact-version pinning that the factor specifies as green. RD-F-126 n/a Is-a-fork-of Yearn Finance is an original protocol, not a fork. iEarn Finance (predecessor) was designed by Andre Cronje as an original yield optimization primitive. Hacksdatabase confirms 'Forked? N' for both V1 and V2. yearn-vaults-v3 GitHub shows no fork relationship. Cat 8 fork factors are structurally not applicable to original protocols. RD-F-127 n/a Upstream patch not merged Not applicable: no upstream fork source exists. Yearn is an original protocol. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) Not applicable: no upstream fork. No upstream security advisories to propagate to this protocol. RD-F-129 n/a Code divergence from upstream (%) Not applicable: no upstream protocol to measure divergence against. Original codebase. RD-F-130 n/a Fork depth (generations from original audit) Not applicable: original protocol. Fork depth is meaningless without a fork chain. RD-F-131 n/a Fork retains upstream audit coverage Not applicable: original protocol, not a fork. Upstream audit coverage question applies to forks only. RD-F-132 n/a Fork has different economic parameters than upstream Not applicable: original protocol. No upstream economic parameters to compare against.

RD-F-134 green Dependency had malicious-release incident (last 90d) No npm, PyPI, or crates.io malicious-release advisory affecting OpenZeppelin 4.9.5 or Vyper 0.3.7 confirmed in trailing 90 days from 2026-05-16. OZ 4.9.5 is a stable, widely-used release. No GHSA advisory for used dependency versions found.

RD-F-135 green Shared-library version with known-vuln status OZ 4.9.5: no active high/critical CVE or GHSA advisory as of 2026-05-16. Vyper 0.3.7 (V3): outside the July 2023 reentrancy-affected range (0.2.15, 0.2.16, 0.3.0 only). V2 Vyper versions 0.2.8 and 0.2.12: all outside the three affected versions confirmed by Vyper post-mortem. No active high-severity advisories for any used library version.

Post-deploy hygiene & change mgmt Green 12 13 of 13

RD-F-136 yellow Deployed bytecode matches signed release tag V3 core: v3.0.4 release deployed Nov 1, 2024 (commit PR #216 'chore: deploy 304'). ChainSecurity audit fixes merged and tagged (PR #215 Oct 30, 2024). GitHub releases exist. However, not all V3 strategy/periphery deployments have corresponding GPG-signed release tags (permissionless factory model makes this impractical). V2 vaults: individual Vyper deployments without factory pattern; release tag matching for all V2 instances not verified. RD-F-139 yellow Post-audit code changes without re-audit V3 core (VaultV3.vy): last external audits May-June 2024 (ChainSecurity, Statemind, yAcademy). ChainSecurity fixes deployed Oct 30, 2024; v3.0.4 final deploy Nov 1, 2024 — core vault is stable post-audit with the audit-fix commit deployed. Periphery/strategy ecosystem continues to evolve per governance forum retroactive review proposal (2026-04). Gov forum explicitly acknowledges ongoing unaudited strategy codebase changes. No comprehensive re-audit of strategy periphery since mid-2024. Yellow: core vault unchanged post-audit; strategy/periphery drift is documented and ongoing. RD-F-145 yellow Deployed bytecode reproducibility V3 Vyper 0.3.7 source verified on Etherscan. Vyper compiler is deterministic for given version and settings. Build instructions available in yearn-vaults-v3 GitHub README. Not independently reproduced in this assessment. Yellow: infrastructure exists for reproducibility but not verified by this analyst. RD-F-168 yellow Stale-approval exposure on deprecated router V1 vaults (yDAI, yUSDT, yTUSD, others) are deprecated and immutable. Users who granted ERC-20 approvals to V1 vault contracts retain active allowances. V1 contracts were exploited in 2023 via misconfiguration (not approval abuse), but stale approvals remain a low-level residual risk. Approval count to deprecated contracts not enumerated from on-chain data in this assessment. Yellow: stale approvals likely exist given 2023 exploits showed user funds still in these contracts years post-deprecation. RD-F-146 gray New contract deploys in last 30 days V3 VaultFactory enables permissionless vault creation; new vault instances are created regularly by any deployer (not tracked per protocol deployer address). Cache deployer address is null. The traditional 'new deploys by deployer EOA' heuristic is not meaningful for a permissionless factory model. Exact count not available. RD-F-185 n/a Bridge rate-limiter / chain-pause as positive mitigant Yearn Finance is not a bridge operator (has_bridge_surface=false, is_a_bridge=false per briefing §7 and profile §7). Cat 10 entirely not applicable. Katana deployment is a native per-chain vault instance, not a bridge surface. F185 (bridge rate-limiter/chain-pause) not applicable by architecture.

RD-F-137 green Upgrade frequency (per 90 days) V3 vault instances are immutable per-deployment (EIP-1167 minimal proxy with fixed VAULT_ORIGINAL — no Upgraded events emitted on vault instances). New versions use new VaultFactory. V2 vaults: fully immutable Vyper. 0 in-place contract upgrades in trailing 90 days on any core vault.

RD-F-138 green Hot-patch deploys without timelock (last 30 days) V3 vault instances are immutable; hot-patch deploys to existing vault instances are impossible by design. TimelockController delay is 7 days. No evidence of timelock bypass in last 30 days. New strategy/periphery deployments via factory are new addresses (not upgrades of existing), and are by-design not gated by timelock.

RD-F-140 green Fix-merged-but-not-deployed gap ChainSecurity audit fixes merged Oct 30, 2024 (PR #215) and deployed Nov 1, 2024 (PR #216 v3.0.4). No known merged security fixes not yet deployed in V3 core. Periphery fix tracking not exhaustively verified. Green for core vault; periphery gap is partially covered by ongoing Immunefi program.

RD-F-141 green Test-mode parameters in deploy V3 VaultFactory create2 salt = keccak256(deployer + asset + name + symbol) — meaningful production parameters. Role_manager set to production address (ychad-controlled Role Manager 0xb3bd6b2e61753c311efbcf0111f75d29706d9a41). Core contracts deployed to well-documented addresses. No evidence of test oracle addresses or infinite allowances in production.

RD-F-142 green Storage-layout collision risk across upgrades V3 uses EIP-1167 minimal proxies (create_minimal_proxy_to) with a fixed VAULT_ORIGINAL implementation address. Implementation is never upgraded in-place; new versions use new VaultFactory with new VAULT_ORIGINAL. No storage layout collision risk because existing vault implementation slots are immutable. V2 vaults: fully immutable Vyper, no proxy pattern.

RD-F-143 green Reinitializable implementation (no _disableInitializers) Vyper-native re-initialization guard — not EVM/OZ pattern. VaultV3.vy __init__() sets self.asset = self (makes it non-empty on the implementation). initialize() asserts self.asset == empty(address) — fails on implementation since self.asset = self was set. All vault instances (EIP-1167 proxies) initialize exactly once via VaultFactory. Implementation cannot be re-initialized. V2 vaults: fully immutable Vyper, no initialize() at all. F143 'no _disableInitializers' framing does not apply to Vyper; the Vyper guard achieves equivalent protection.

RD-F-144 green CREATE2 factory permits same-address redeploy VaultFactory uses create_minimal_proxy_to with create2 salt unique per (msg.sender, asset, name, symbol). Cannot redeploy same address with different bytecode (VAULT_ORIGINAL is immutable; no selfdestruct in factory). Duplicate salt attempts revert.

Cross-chain & bridge Gray 0 12 of 12

Threat intelligence & recon Yellow 25 8 of 8

RD-F-158 yellow Known-threat-actor cluster has touched protocol Known-threat-actor wallet cluster touches protocol (Cat 11 / T-09 phase-2 signal, Tier C). Applicable. Historical pattern: all 4 Yearn exploits used Tornado Cash or Railgun as attacker funding/laundering infrastructure. Three of 4 attacks laundered funds through Tornado Cash post-exploit ($3M in exploit 3; attacker wallets from exploits 1, 2 also TC-funded). This constitutes venue-use (Yearn protocols used as drain/launder venue by mixer-funded attackers), not team-wallet contamination. Per briefing U4: venue-use routes to F158 yellow, not team contamination. No confirmed DPRK/Lazarus cluster wallet interaction with Yearn contracts within last 30 days identified via public sources. Licensed TI feed (Chainalysis/TRM) required for definitive 30-day window assessment. Yellow: elevated by historical attacker TC-venue use and documented attacker interest in the Yearn vault class. RD-F-161 yellow Protocol-impersonator domain registered (typosquat) Protocol-impersonator domain registered (typosquat) within last 90 days (post 2026-02-15). Applicable: Yearn is a well-known brand with documented large impersonator ecosystem (HackMD yearn-clones page: 70+ domains including yaerm.finance doppelganger, yearn2.finance, xyearn.finance, xearn.finance, syfi.finance, etc.). 90-day window requirement: registration date of any specific lookalike domain after 2026-02-15 is not determinable from public WHOIS in this assessment — domain-monitoring feed required. Historical fact: the impersonator ecosystem is persistent and large; the 'yaerm.finance' scam was documented in CoinTelegraph/Investing.com reporting. Registration date delta to 2026-05-16 is unknown without live WHOIS. Yellow: brand is a persistent high-value impersonation target; curator must run domain-monitoring scan to confirm or clear 90-day window. Gap: curator input required for exact registration date confirmation. RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols Attacker wallet reconnaissance time before strike (days), for similar-class protocols. Peer class: yield aggregator. Historical Yearn attacker reconnaissance window: Exploit 1 (2021-02-04) — Tornado Cash preparatory txs same day as attack (hours). Exploit 2 (2023-04-13) — TC funding shortly before; minimal visible reconnaissance (vulnerability was static/dormant for 1,156 days). Exploit 3 (2023-11-30) — Railgun seed 30 minutes before attack; helper contracts deployed minutes before. Exploit 4 (2023-12-16) — same-day attack using Morpho flash loan. Pattern: Yearn attackers are predominantly short-fuse/opportunistic (hours to minutes), not extended-reconnaissance (78-day DPRK-class). This is protective from a signal-lead-time perspective but means that when an attack comes, the detection window is very short. Legacy vault residue means any attacker that discovers a new misconfiguration can exploit it quickly. Yellow: elevated by legacy vault surface creating ongoing opportunistic reconna RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) Mempool probe: attacker wallet sending low-gas failing txs to Yearn contracts. No such probing detected via public mempool sources. Requires live mempool feed + threat-actor wallet cluster list. production pipeline signal not yet implemented (T-09 §3.3 F159 is a sub-pattern of RD-F-100 bundled for v2). Historical Yearn attackers used short-fuse tactics, not extended mempool-probe reconnaissance. RD-F-162 gray Known-exploit-template selector deployed by any address Known-exploit-template selector-pattern deployed by any address. Applicable: Yearn exploit patterns (share inflation via misconfigured vault accounting, flash-loan + vault deposit/withdraw cycling) produce identifiable selector patterns. No new exploit-template deployment targeting Yearn identified via public sources as of 2026-05-16. Requires on-chain bytecode sweep + exploit-template DB. V2-deferred. RD-F-164 gray Leaked credential on paste/sentry site Leaked credential on paste/sentry site matching Yearn infrastructure. No confirmed credential leak for Yearn infra (API keys, RPC endpoints, admin credentials) identified via public sources as of 2026-05-16. Requires paste/credential-dump monitoring feed (manual curator). V2-deferred (T-09 §3.3 F161 manual triage). RD-F-165 gray Protocol social channel has scam-coordinator flag Telegram/Discord channel member flagged as scam-coordinator. Applicable: Yearn has active Discord (discord.gg/yearn) and Telegram channels. No protocol-adjacent social channel admin flagged on a public scam-coordinator watchlist as of 2026-05-16. Requires curator social watchlist + social-monitoring feed. V2-deferred.

RD-F-160 green GitHub malicious-dependency incident touching protocol deps GitHub-flagged malicious-dependency incident touching Yearn's deps. Yearn V3 dependencies: OZ 4.9.5 (Solidity periphery), foundry toolchain, package.json present (cache github.package_json_present=true). No GitHub security advisory flagging a malicious release in OZ 4.9.5 or the foundry toolchain as of 2026-05-16. OZ 4.9.5 is a stable release with no known CVEs affecting the deployed version. Vyper 0.3.7 (V3 core): outside the July-2023 reentrancy-affected range (0.2.15-0.3.0).

Tooling / compiler / AI Green 0 5 of 5

RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Not applicable: Yearn V3 is an original protocol with no audited upstream to compare against for the AI-copy-risk pattern. V2 is also original. The factor measures bytecode deviation from an audited upstream, requiring a fork relationship. RD-F-172 gray Repo shows AI-tool co-authorship in critical files No evidence of GitHub Copilot or ChatGPT co-authorship trailers in yearn-vaults-v3 or yearn-vaults-v2 from public search. Cannot perform a programmatic GitHub API commit-metadata scan without tool access. Cannot confirm presence or absence without systematic commit log inspection.

RD-F-170 green Solc version used (known-bug versions flagged) V3 vault core: Vyper 0.3.7 — confirmed via Etherscan verification on canonical impl 0xd8063123BBA3B480569244AE66BFE72B6c84b00d. OUTSIDE the July 2023 reentrancy-affected range (0.2.15, 0.2.16, 0.3.0 only per Vyper post-mortem). V2 vaults: sampled deployments show Vyper 0.2.8 (yvDAI 0x5f18c75a, yvWBTC 0xcb550a6d) and Vyper 0.2.12 (newer yvDAI 0xdA816459). All V2 Vyper versions are OUTSIDE the affected range. Solidity periphery: solc 0.8.18 (not on known Solidity bug list). Overall: green for the reentrancy-class check. Older V2 Vyper (0.2.8) may have other bugs not enumerated here, but no active high/critical advisory found.

RD-F-173 green Team self-disclosure of AI-generated Solidity No public blog post, tweet, or documentation from Yearn discloses AI-generated Solidity in production security-critical contracts. Yearn V3 core is Vyper (not Solidity). No AI disclosure found in public Yearn communications. Factor specifically asks about AI-generated Solidity.

RD-F-174 green Dependency tree uses EOL Solidity version V3 Solidity periphery: solc 0.8.18 — supported, non-EOL Solidity version as of 2026-05-16 (0.8.x LTS track active). V3 Vyper core: 0.3.7 — Vyper does not have a formal EOL designation equivalent to Solidity LTS; 0.3.7 is not the latest but is not declared EOL. V2 Vyper: 0.2.8/0.2.12 are older but no formal EOL from Vyper project. Factor asks about EOL Solidity specifically; V3 Solidity is on a supported version.

Response & disclosure hygiene Green 8 4 of 4

RD-F-176 yellow Disclosure SLA public SECURITY.md publishes a fix-timeline SLA (30–60 days for small changes; up to 90 days for significant issues) and requires reporter to provide technical details within 2 working days of ack. However, no explicit ≤72h acknowledgment SLA is published. Threshold: green = SLA ≤72h ack publicly stated and honored; yellow = SLA stated but not as ≤72h or not tested. The Immunefi platform median resolution time of 19 hours suggests operational responsiveness in practice but is not a formal SLA commitment in Yearn's own policy.

RD-F-175 green Disclosure channel exists Multiple active disclosure channels exist: (1) Immunefi program 'yearnfinance' at immunefi.com/bug-bounty/yearnfinance/ — 41 assets in scope, $200K max payout, median resolution 19 hours per Immunefi display; (2) Sherlock bug bounty listing at audits.sherlock.xyz/bug-bounties/30; (3) Direct PGP contacts via SECURITY.md (Tapir: yvtapir@gmail.com, Spalen: spalen@proton.me); (4) security@yearn.finance email. Immunefi median resolution of 19 hours evidences active monitoring.

RD-F-177 green Prior known-ignored disclosure No confirmed case of a properly-disclosed vulnerability that was received through official channels and not actioned before exploit. Incident #2 (2023-04-13 yUSDT): Twitter warning by storming0x was posted minutes before exploit execution — this was simultaneous alert, not a prior responsible disclosure; moreover the contract was immutable (patching impossible regardless). Incident #1 (2021-02-04): The migration window (zero-fee) was a deliberate team decision, not an externally-disclosed vulnerability that was ignored. All other incidents involved bugs in immutable legacy contracts where prior disclosure would not have enabled patching. No post-mortem acknowledges received-but-ignored structured disclosure.

RD-F-178 green CVE/GHSA advisory issued against protocol No CVE, GHSA, or equivalent public advisory found issued against Yearn Finance core vault contracts. Yearn's own yearn-security GitHub repo uses a proprietary disclosure format (disclosures/ directory) rather than GHSA. Incidents are documented through rekt.news and internal disclosure files, not through formal vulnerability databases. No NVD CVE entries found for yearn-finance in available sources. Threshold: green = no advisory or all patched; yellow = advisory exists and patched; red = advisory exists and unpatched in current deploy.

rubric_version v1.7.0 graded_at 2026-05-16 12:12:00 factors 184 protocol yearn-finance