defirisk.co
rubric v1.7.0

Auditor re-engaged after last exploit

Yearn Finance's assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Incident #3 (2023-11-30): ChainSecurity engaged in war room post-exploit per hacksdatabase yearn-rekt3.md — this constitutes an incident review by a Tier-1 firm. A ChainSecurity audit of Yearn V3 is documented in profile §8 (2024-05), post-dating both 2023 incidents; this covers current V2/V3 infrastructure. However, no specific re-audit or formal incident review was commissioned specifically for incident #4 (2023-12-16, most-recent). The 2024-05 ChainSecurity engagement covers current operative infrastructure but not the deprecated V1 legacy vault class exploited in #4. Score: yellow (re-audit covers live protocol post-incidents but not the specific deprecated vault class).

Sources #

  • URL
    Yearn Security audits directoryYearn Security audits directory — ChainSecurity engagement 2024-05 covering Yearn V3 (post-incident)retrieved 2026-05-16
  • Internal
    Yearn Finance 3rd Exploit — ChainSecurity war roomhacksdatabase/hacks/yearn-rekt3.md — ChainSecurity war room engagement post incident #3retrieved 2026-05-16

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-083 score yellow collected_at 2026-05-16 08:34:32