BlackHartBlackHart
Scores/Yearn Finance

Yearn Finance

DAMASCUS

Yield Aggregator · Multi-chain · $400M+ TVL · 20 contracts

Confidence 65%Z-Factor 0.91Updated 2026-05-17Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

838
BRI Score
3004756508251000

Security Profile

Access Ctrl
80
Economic
82
Oracle
82
Compos.
58
Govern.
78
Maturity
90
Resilience
68
Supply Ch.
80
OpSec
55
Cascade
100
Min
55
Avg
77
Max
100

Audit History

Trail of Bits
2021-03
MixBytes
2022-06
ChainSecurity
2022-01

Bug Bounty Program

$250,000
Max payout on Immunefi
View Program →

Assessment

Pioneer of yield aggregation, 75+ months live with zero core vault exploits. Strategy-level dependencies create composition risk but core vault architecture is proven. veYFI governance and community-driven strategy approval provide oversight.

Dimension Breakdown

How scores work →
Access Control
Weight 18%78% conf
80
Strong
arrow_forward
+20Vault management permissions
+20Strategy approval process
+20Guardian for emergency
+20Multisig operations
receipt_longView provenance chainarrow_forward
Economic Soundness
Weight 13%80% conf
82
Strong
arrow_forward
+20Yield aggregation model proven
+20Performance fees transparent
+20Multiple strategy diversification
+20Withdrawal queue management
receipt_longView provenance chainarrow_forward
Oracle Integrity
Weight 13%80% conf
82
Strong
arrow_forward
+41Strategy-dependent oracle usage
+41Share price calculation from underlying
-9No direct oracle dependency in vault core
-9Strategy-level oracle risks
receipt_longView provenance chainarrow_forward
Battle-Tested Maturity
Weight 12%88% conf
90
Excellent
arrow_forward
+22Live since February 2020 (75+ months)
+22Pioneer of yield aggregation
+22Survived multiple market events
+22Zero core vault exploits
receipt_longView provenance chainarrow_forward
Governance & Upgradeability
Weight 10%75% conf
78
Good
arrow_forward
+20YFI governance proven
+20veYFI staking model
+20Community-driven strategy approval
+20Reasonably decentralized
receipt_longView provenance chainarrow_forward
Adversarial Resiliencelock
Weight 10%72% conf
68
Moderate
  • Strategy-level exploits historically
  • Core vaults clean
  • Active bounty program
  • Multiple auditors across versions
Operational Security
Weight 10%60% conf
55
Moderate
arrow_forward
-9No branch protection detected
-9CI/CD present but unstable (20% success)
+18Commit signing: 100% verified
+18SECURITY.md present (detailed)
receipt_longView provenance chainarrow_forward
Compositional Risk
Weight 5%65% conf
58
Moderate
arrow_forward
+14Deep DeFi strategy dependencies
+14Strategies interact with many protocols
+14yVault composability across DeFi
+14Strategy failure cascades to vault
receipt_longView provenance chainarrow_forward
Cascade Exposure
Weight 5%55% conf
100
Excellent
arrow_forward
+50Appears in 1 cross-protocol cascade chain(s)
0Score: 100/100 (higher = more isolated from systemic risk)
+50Source: cross_protocol_composition.json dependency analysis
receipt_longView provenance chainarrow_forward
Supply Chain
Weight 4%78% conf
80
Strong
arrow_forward
+20Standard Solidity
+20Vyper for V2 vaults
+20Verified contracts
+20Strategy dependencies vary
receipt_longView provenance chainarrow_forward

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Operational Security55
Compositional Risk58
Adversarial Resilience68

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2020-02-06Z-Factor 0.91010 active dimensionsreceipt_longProvenance Ledger

Score History & Verification

Score provenance tracking begins with the next reassessment.

receipt_longView full provenance ledger →

On-Chain Data

Protocol Slug
"yearn"
Oracle
BRORegistry (Base)
Evidence
IPFS (pinned)
Staleness Threshold
24 hours
Read Score
registry.getScore("yearn")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring PlansHow Scores Work
Believe this score contains a factual error? Submit evidence for review →