FIVA Yield Protocol

Findings · 14

1. 1 Lack of a two-step process for critical operations Low
2. 2 Lack of validation checks in the upgrade_storage operation handler High
3. 3 An attacker can prevent the redemption of YT and PT tokens from the YTMinter contract High
4. 4 Users can lose funds because of incorrect SY token configurations in the YTMinter contract Medium
5. 5 The SYWallet contract is not tested Informational
6. 6 Lack of a gas check in the wrap operation handler Informational
7. 7 Curve stable swap AMM is not usable Informational
8. 8 An incorrect balance check for the PT-to-SY swap can lead to a loss of funds High
9. 9 An attacker can grieve users by completing their liquidity provision operation High
10. 10 An integer overflow in the cube stable market invariant calculation can make the AMM unusable for swaps Informational
11. 11 The YTMinter contract’s get_claimable_interest function deducts the protocol fee twice Informational
12. 12 Incorrect forward value when minting PT in function mint_py_jettons Low
13. 13 Race condition in YT swap and index update can lead to loss of funds High
14. 14 Lack of validation checks in admin action handlers Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.