ABSTRACT
Dedaub was commissioned to perform a security audit of Yearn Angle Protocol Strategy. No major issues were identified.
SETTING & CAVEATS
This audit report mainly covers the contracts of the Yearn Angle Protocol Strategy. Two auditors worked on the contracts for 2 days.
The audit’s main target is security threats, i.e., what the community understanding would likely call “hacking”, rather than the regular use of the protocol. Functional correctness (i.e. issues in “regular use”) is a secondary consideration. Typically it can only be covered if we are provided with unambiguous (i.e. full-detail) specifications of what is the expected, correct behavior. In terms of functional correctness, we often trusted the code’s calculations and interactions, in the absence of any other specification. Functional correctness relative to low-level calculations (including units, scaling and quantities returned from external protocols) is generally most effectively done through thorough testing rather than human auditing.
PROTOCOL-LEVEL CONSIDERATIONS
Possible financial manipulation
The _swap function used to swap ANGLE tokens back to want for reinvestment can be susceptible to financial manipulation. For this to be economically viable, though, the swap amount should be significant. For this reason, harvest should be called frequently enough to make such attacks unprofitable.
VULNERABILITIES & FUNCTIONAL ISSUES
This section details issues affecting the functionality of the contract. Dedaub generally categorizes issues according to the following severities, but may also take other considerations into account such as impact or difficulty in exploitation:
Issue resolution includes “dismissed” or “acknowledged” but no action taken, by the client, or “resolved”, per the auditors.
CRITICAL SEVERITY
[No critical severity issues]
HIGH SEVERITY
[No high severity issues]
MEDIUM SEVERITY
[No medium severity issues]
LOW SEVERITY
Infinite approval
In _initializeStrategy, sanToken is granted infinite approval, which does not seem to be really needed.
Missing sanity checks
It is good practice to add sanity checks to the setters. setTreasury could check that the provided address is not 0 and setKeepInBips could verify that the new value is between 0 and _denominator (=10000).
OTHER / ADVISORY ISSUES
This section details issues that are not thought to directly affect the functionality of the project, but we recommend considering them.
Naming suggestions
In name, the suggested naming convention (according to the yearn strategy example) has “Strategy” as a prefix.
Inconsistent use of SafeERC20
prepareMigration does not make use of the SafeERC20 library, while the rest of the code does.
Possible addition
It seems rational to introduce the withdraw counterpart to the depositToStableMaster function.
DISCLAIMER
The audited contracts have been analyzed using automated techniques and extensive human inspection in accordance with state-of-the-art practices as of the date of this report. The audit makes no statements or warranties on the security of the code. On its own, it cannot be considered a sufficient assessment of the correctness of the contract. While we have conducted an analysis to the best of our ability, it is our recommendation for high-value contracts to commission several independent audits, a public bug bounty program, as well as continuous security auditing and monitoring through Dedaub Security Suite.
ABOUT DEDAUB
Dedaub offers significant security expertise combined with cutting-edge program analysis technology to secure some of the most prominent protocols in DeFi. The founders, as well as many of Dedaub’s auditors, have a strong academic research background together with a real-world hacker mentality to secure code. Protocol blockchain developers hire us for our foundational analysis tools and deep expertise in program analysis, reverse engineering, DeFi exploits, cryptography and financial mathematics.