YELD Security Incident Report

Reading Time: < 1

CoinFabrik specializes in auditing and developing Dapps.

  •  
  •  
  •  
  •  
  •  
  •  

On October 8 funds were stolen from the YELD community. Previously, on October 4 CoinFabrik delivered an audit report on 3 files. The YELD smart contracts involved in the incident are different from the ones we audited.

We audited the following files located at the commit https://github.com/merlox/yeld-contracts/commit/f2dd2cce4b2ff60854e5849f88db8aa8ac1b765b

  • RetirementYeldTreasury.sol
  • yDAI.sol
  • yeldDAI.sol

The function through which the funds were stolen was unstake and was added to the RetrimentYeldTreasry.sol after the audit.


  •  
  •  
  •  
  •  
  •  
  •