Yearn.finance founder: Project audit does not guarantee its complete safety
The founder of the popular DeFi project yearn.finance André Cronier published the results of his project’s audits. The code was reviewed by such teams as Certik and Quantstamp. The audits were conducted several months ago, but Cronier did not publish their results. He did it on purpose as he didn’t want to create a misconception of security among users.
“I’ve always refused to publish audits because I didn’t want people to have a false sense of security because of them.”
André Cronier to Cointelegraph
Some vulnerabilities found in the code were named critical. For example, Certik discovered that users may not be able to withdraw their assets fully in a fairly common situation.
Cronje said that this was the developer’s idea, but this is still a vulnerability.
“If you issue a loan, there is always a risk that the amount of borrowed assets will exceed the available liquidity for withdrawal”
He also noted that this feature is common for many large DeFi projects, including Compound and Aave.
“People throw money into the contract when they see ‘audited’”
Previously, the unaudited DeFi project Yam.Finance collapsed due to a critical bug. Developers are now migrating the system to a verified contract.