LP token balanceOf used for pricing

Yearn Finance's assessment for RD-F-061 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Vault core: V2/V3 pricePerShare does NOT use balanceOf of LP tokens in price path. V3 _total_assets() = total_idle + total_debt; total_debt represents strategy debt values reported through _harvestAndReport(), not raw LP balanceOf reads. However, individual strategies holding LP positions (Curve, Convex strategies) report their totalAssets through _harvestAndReport() — Yearn strategy writing guide explicitly warns 'care should be taken when relying on oracle values, LP prices etc. that have the potential to be manipulated.' The framework does not prevent LP balanceOf-based pricing in individual strategy implementations. Yellow: vault core clean; individual strategy LP pricing not audited at framework level; historical precedent (2021 yDAI Curve pool manipulation) confirms real exposure.

Sources #

GitHub
Yearn V3 VaultV3.vy — vault pricing pathVaultV3.vy _total_assets(): total_idle + total_debt; LP balanceOf not in vault pricing pathretrieved 2026-05-16
Docs
Yearn V3 Strategy Writing Guide — oracle/LP manipulation warningStrategy writing guide: 'care should be taken when relying on oracle values, LP prices etc. that have the potential to be manipulated'retrieved 2026-05-16
URL
Rekt.news — Yearn Feb 2021 (Curve pool manipulation)2021 yDAI exploit: Curve 3pool manipulation during migration — LP price manipulation precedentretrieved 2026-05-16

Methodology #

Determine whether protocol pricing is derived from the `balanceOf` of LP tokens in a contract (manipulable by direct token transfer / donation).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-061 score yellow collected_at 2026-05-16 08:34:32