Yearn.finance founder: Project audit does not guarantee its complete safety

Yearn.finance founder: Project audit does not guarantee its complete safety

The founder of the popular DeFi project yearn.finance André Cronier published the results of his project’s audits. The code was reviewed by such teams as Certik and Quantstamp. The audits were conducted several months ago, but Cronier did not publish their results. He did it on purpose as he didn’t want to create a misconception of security among users.

“I’ve always refused to publish audits because I didn’t want people to have a false sense of security because of them.”
André Cronier to Cointelegraph

Some vulnerabilities found in the code were named critical. For example, Certik discovered that users may not be able to withdraw their assets fully in a fairly common situation.

Cronje said that this was the developer’s idea, but this is still a vulnerability.

“If you issue a loan, there is always a risk that the amount of borrowed assets will exceed the available liquidity for withdrawal”

André Cronier

He also noted that this feature is common for many large DeFi projects, including Compound and Aave.

“People throw money into the contract when they see ‘audited’”

André Cronier


Previously, the unaudited DeFi project Yam.Finance collapsed due to a critical bug. Developers are now migrating the system to a verified contract.

Be the first to comment

Leave a Reply

Your email address will not be published.


*