defirisk.co
rubric v1.7.0

Static-analyzer high-severity count

Yearn Finance's assessment for RD-F-010 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Slither does not parse Vyper. V3 core VaultV3.vy and V2 Vault.vy cannot be analyzed by Slither, Mythril, or Semgrep. Solidity periphery (TokenizedStrategy.sol) could in principle be analyzed but no published tool run is available. Static analysis gap is structural and unresolvable without Vyper-compatible tooling.

Sources #

  • Curator note
    Vyper Slither gap — pipeline_unimplementedVyper static analysis gap — Slither does not parse Vyper; confirmed via briefing §7 and methodology template §Cat 1retrieved 2026-05-16

Methodology #

Count the number of unique high-severity detector findings from Slither + Mythril + Semgrep run against the deployed verified source (after deduplication across tools).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-010 score gray collected_at 2026-05-16 08:34:32