In a recent interview with Cointelegraph Yearn.Finance creator Andre Cronje revealed that the recently disclosed security audits do not make the project completely safe. The exciting DeFi project launched in July and stood in the spotlight of the crypto market. The YFI token started out at around $800 but managed to reach a psychological price point of $16,000 on Binance.
With the growing interest in decentralized finance, the situation for YFI took a positive turn in less than a month. According to the leading developer, Yearn Finance is the first protocol on the Ethereum network “whose governance is entirely in the hands of token holders.” At the time of writing, investors locked $751 million into the platform,. This ranks it the 6th largest project by Total Value Locked (TVL).
Despite these quick successes, founder Andre Cronje thinks it is fair to warn investors before they head in too deep. He stated for Cointelegraph that the recent security audits are not recent at all. In fact, they were done months ago, but Cronje decided to withhold them in order to protect investors. He noted:
“I always refused to publish the audits because I don’t want people to get a false sense of security because of them.”Andre Cronje
Auditors discovered ‘major vulnerabilities’
The security audits were released two days ago on the project’s official GitHub page. According to the documents, major firms such as Quantstamp and Certik audited the project from February to July this year.
These audits revealed that things are not completely fine at Yearn.Finance. Certik spotted a vulnerability, “which under quite common situations could temporarily block users from withdrawing all of their funds.” Cronje told CoinTelegraph that the vulnerability is not that disastrous. It is a form of design, but that it still represents a problem.
He explained: “if you lend, the risk always exists that there are more assets borrowed than the available liquidity to withdraw.”
Defending his platform, the creator said that other leading projects such as Aave and Compound have the same exact vulnerability. To prove that he is fine with receiving criticism for his code, Cronje made the audits publicly available. However, he is aware that investors do not care that much about audits. The fact is that being audited is the only prerequisite for investing, not the audit’s results. Cronje added:
“But since the whole ‘no audit yolo’ narrative, decided to share them, so people understand, I still do audits, I just don’t share them, because I want people to understand the risk.”
As we previously wrote, investors still have their funds locked up in Yam.Finance even though a severe bug completely disabled the platform. Crypto analytics firm Messari stated that similar projects, described by some as a meme, are here to stay. It seems that crypto investors do not care where they put their money as long as they accrue financial gains.