Yield Protocol

Findings · 11

1. 1 Flash minting can be used to redeem fyDAI Medium
2. 2 Permission-granting is too simplistic and not flexible enough Low
3. 3 pot.chi() value is never updated Low
4. 4 Lack of validation when setting the maturity value Low
5. 5 Delegates can be added or removed repeatedly to bloat logs Informational
6. 6 Withdrawing from the Controller allows accounts to contain dust Low
7. 7 Solidity compiler optimizations can be dangerous Undetermined
8. 8 Lack of chainID validation allows signatures to be re-used across forks High
9. 9 Permit opens the door for griefing contracts that interact with the Yield Protocol Informational
10. 10 Pool initialization is unprotected Low
11. 11 Computation of DAI/fyDAI to buy/sell is imprecise Undetermined

Findings extracted from the published report PDF. See the full report below for details and remediation.