Yeld Finance - Smart Contract Audit Report

Summary

Yeld Yeld is building innovative DeFi platform focused on lending, staking, and NFTs.

For this audit, we reviewed Yeld's CDL platform at commit d8d976bec59a8fd78be70ea3dc9dd2cb0af93862 and later at commit d240fff02b75251d901ac42436d9abcda5ce0f40 on the project's GitHub.

    Notes on the Contracts:
  • Yeld's CDL platform enables users to deposit assets to earn yield and take out both fixed and variable interest rate collateralized loans.
  • Users who deposit assets into the platform will earn variable interest based on how much of their collateral is being borrowed by others.
  • When depositers accrue interest, those earned funds will be claimable upon repayment of the loan when the depositer chooses to withdraw.
  • The interest paid to users who deposit assets into the protocol comes from half of the fees paid by borrowers.
  • The other half of the interest income from loans is allocated to the Crypto Score lending pool.
  • Interest rates paid by borrowers are dependant upon the amount of collateral deposited and available compared to what has already been borrowed, and the length of the loan (capped at 1 year).
  • If a borrower's position becomes unhealthy (past the payback date or undercollateralized), anyone may liquidate their position and earn a small reward as a gas stipend.

  • Individuals who heavily utilize the platform in an honest way (repaying loans on time) will increase their "crypto score" tracked by the protocol. This part of the platform is innovative and experimental.
  • A user's crypto score is meant to be an experimental equivelant of a credit score; allowing them to borrow small amounts without putting down collateral if their score is higher, indicating more trust.

  • If an asset is heavily borrowed, users who provided that asset may not be able to withdraw their collateral until more loans are paid back. This situation would only arise if the protocol were extremley heavily utilized by borrowers.
  • The team has the ability to update reward rate percentages, add and remove tokens that can be used as collateral, and some of the contract addresses called in the platform for upgrades.
  • The platform utilizes Chainlink price feeds and Uniswap TWAP in order to gain access to up-to-date and tamper-resistant pricing.
  • The team has implemented recommendations from our team to slightly reduce exeuction costs.
  • Utilization of SafeMath throughout the platform to prevent overflow issues.

Audit Findings Summary
  • No security issues from external attackers were identified.
  • Ensure trust in the project team as they have notable power in the ecosystem.
  • Date: April 19th, 2021

Combined External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
Oracle IssuesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS


Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Initializable 
    - [Prv] isConstructor

 +  ContextUpgradeSafe (Initializable)
    - [Int] __Context_init #
       - modifiers: initializer
    - [Int] __Context_init_unchained #
       - modifiers: initializer
    - [Int] _msgSender
    - [Int] _msgData

 +  OwnableUpgradeSafe (Initializable, ContextUpgradeSafe)
    - [Int] __Ownable_init #
       - modifiers: initializer
    - [Int] __Ownable_init_unchained #
       - modifiers: initializer
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  LiquidityProviders (Initializable, OwnableUpgradeSafe)
    - [Ext] initialize #
       - modifiers: initializer
    - [Ext]  ($)
    - [Ext] setCdlContract #
       - modifiers: onlyOwner
    - [Ext] setLiquidityProviderToken #
       - modifiers: onlyOwner
    - [Ext] setTimeToExitLiquidity #
       - modifiers: onlyOwner
    - [Ext] addFeeAndUpdatePrice #
       - modifiers: onlyCDL
    - [Ext] giveLoan #
       - modifiers: onlyCDL
    - [Ext] updateOutOfCirculationTokens #
       - modifiers: onlyCDL
    - [Ext] reduceUserAmountLocked #
       - modifiers: onlyCDL
    - [Ext] loanDefaultCollateralExtraction #
       - modifiers: onlyCDL
    - [Ext] lockLiquidityETH ($)
    - [Ext] lockLiquidity #
    - [Int] _lockLiquidityFor #
    - [Pub] extractEarnings #
    - [Int] _extractEarningsFor #
    - [Ext] extractLiquidity #
    - [Ext] getUnlockedTokens
    - [Ext] getAmountLocked
    - [Ext] extractTokensIfStuck #
       - modifiers: onlyOwner
    - [Ext] extractETHIfStruck #
       - modifiers: onlyOwner

 + [Int] ISwap 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 +  CDLPeriphery (Initializable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Ext] calculateRepaymentAmount
    - [Pub] calculateInterestRate
    - [Pub] getAmountsOut

 + [Int] ICDLOracle 
    - [Ext] getTokenPrice
    - [Ext] priceDecimals

 + [Int] IERC20Detailed 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #
    - [Ext] decimals
    - [Ext] symbol

 +  CDL (Initializable, OwnableUpgradeSafe)
    - [Ext]  ($)
    - [Ext] initialize #
       - modifiers: initializer
    - [Ext] setSwapPath #
       - modifiers: onlyOwner
    - [Ext] setPeriphery #
       - modifiers: onlyOwner
    - [Ext] setPercentages #
       - modifiers: onlyOwner
    - [Ext] setDevelopmentTreasury #
       - modifiers: onlyOwner
    - [Ext] registerCollateralToken #
       - modifiers: onlyOwner
    - [Ext] setCollateralTokenEnabled #
       - modifiers: onlyOwner
    - [Ext] setLiquidityProviderContract #
       - modifiers: onlyOwner,isCollateralToken
    - [Ext] generateLoan #
       - modifiers: isCollateralToken
    - [Ext] repayLoan ($)
    - [Int] getAndLockLiquidityAsCollateralTokensForLoan #
    - [Int] unlockLiquidityTokensUsedAsCollateralByUser #
    - [Ext] defaultLoanByExpiration #
    - [Pub] checkIfLoanIsDefaultableByCollateralDrop
    - [Ext] defaultLoanByDroppedCollateral #
    - [Int] defaultLoan #
    - [Int] swap #
    - [Int] distributeRecallFundsAndUpdateCryptoScore #
    - [Pub] liquidityProvider
       - modifiers: isCollateralToken
    - [Pub] liquidityAddedWithCryptoScore
    - [Pub] notLockedLiquidityAmountsOut
    - [Pub] tokenAmountToUsdAmount
       - modifiers: isCollateralToken
    - [Ext] getLoans
    - [Ext] getClosedLoans
    - [Ext] getLoan
    - [Pub] calculateLoanAmountWhenDefaulting
    - [Ext] totalCollateralInUSD
    - [Ext] userActiveFundsLentInUSD


Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Initializable 
    - [Prv] isConstructor

 +  ContextUpgradeSafe (Initializable)
    - [Int] __Context_init #
       - modifiers: initializer
    - [Int] __Context_init_unchained #
       - modifiers: initializer
    - [Int] _msgSender
    - [Int] _msgData

 +  OwnableUpgradeSafe (Initializable, ContextUpgradeSafe)
    - [Int] __Ownable_init #
       - modifiers: initializer
    - [Int] __Ownable_init_unchained #
       - modifiers: initializer
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Int] AggregatorV3Interface 
    - [Ext] decimals
    - [Ext] description
    - [Ext] version
    - [Ext] getRoundData
    - [Ext] latestRoundData

 + [Int] IERC20Detailed 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #
    - [Ext] decimals
    - [Ext] symbol

 + [Int] ISwap 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 +  CDLOracle (Initializable, OwnableUpgradeSafe)
    - [Ext] initialize #
       - modifiers: initializer
    - [Pub] setWeth #
       - modifiers: onlyOwner
    - [Ext] addPriceFeed #
       - modifiers: onlyOwner
    - [Ext] addOrRemoveUniswapPriceFeed #
       - modifiers: onlyOwner
    - [Ext] getTokenPrice
    - [Int] getTokenPriceChainlink
       - modifiers: hasPriceFeed
    - [Int] getTokenPriceUniswap
    - [Pub] getUniswapTokenPriceInStablecoin
    - [Ext] priceDecimals


Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Initializable 
    - [Prv] isConstructor

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Int] ISwap 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 +  CDLPeriphery (Initializable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Ext] calculateRepaymentAmount
    - [Pub] calculateInterestRate
    - [Pub] getAmountsOut


Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Initializable 
    - [Prv] isConstructor

 +  ContextUpgradeSafe (Initializable)
    - [Int] __Context_init #
       - modifiers: initializer
    - [Int] __Context_init_unchained #
       - modifiers: initializer
    - [Int] _msgSender
    - [Int] _msgData

 +  OwnableUpgradeSafe (Initializable, ContextUpgradeSafe)
    - [Int] __Ownable_init #
       - modifiers: initializer
    - [Int] __Ownable_init_unchained #
       - modifiers: initializer
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  LiquidityProviders (Initializable, OwnableUpgradeSafe)
    - [Ext] initialize #
       - modifiers: initializer
    - [Ext]  ($)
    - [Ext] setCdlContract #
       - modifiers: onlyOwner
    - [Ext] setLiquidityProviderToken #
       - modifiers: onlyOwner
    - [Ext] setTimeToExitLiquidity #
       - modifiers: onlyOwner
    - [Ext] addFeeAndUpdatePrice #
       - modifiers: onlyCDL
    - [Ext] giveLoan #
       - modifiers: onlyCDL
    - [Ext] updateOutOfCirculationTokens #
       - modifiers: onlyCDL
    - [Ext] reduceUserAmountLocked #
       - modifiers: onlyCDL
    - [Ext] loanDefaultCollateralExtraction #
       - modifiers: onlyCDL
    - [Ext] lockLiquidityETH ($)
    - [Ext] lockLiquidity #
    - [Int] _lockLiquidityFor #
    - [Pub] extractEarnings #
    - [Int] _extractEarningsFor #
    - [Ext] extractLiquidity #
    - [Ext] getUnlockedTokens
    - [Ext] getAmountLocked
    - [Ext] extractTokensIfStuck #
       - modifiers: onlyOwner
    - [Ext] extractETHIfStruck #
       - modifiers: onlyOwner