Deprecated contract paused but pause reversible by live admin

Yearn Finance's assessment for RD-F-167 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V1 vaults (yDAI, yUSDT, yTUSD etc.) are deprecated and fully immutable in Vyper — no pause mechanism exists, so admin cannot reverse a pause (there is no pause to reverse). Deprecated contracts hold residual user funds (confirmed by 2023 exploits of legacy V1 contracts). The F167 concern (admin-reversible pause over deprecated surface) is moot since immutable Vyper has no pause capability. Yellow because residual funds remain in legacy immutable contracts with no admin control over them (cannot pause but also cannot protect users proactively).

Sources #

URL
Yearn Rekt4 — rekt.newsrekt.news yearn-rekt4 (Dec 2023) — 'legacy contracts cannot be paused, so users must self exit'retrieved 2026-05-16
Docs
yVaults Overview — Yearn Docsdocs.yearn.fi — V1 vaults deprecated, kept live for withdrawal onlyretrieved 2026-05-16

Methodology #

Determine whether a deprecated-and-paused contract's pause state is revertible by a currently-live admin role.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-167 score yellow collected_at 2026-05-16 08:34:32