Beefy Finance
TEMPEREDYield Aggregator · Multi-chain · $300M+ TVL · 20 contracts
Confidence 67%Z-Factor 0.85Updated 2026-05-13Public Score
Public risk assessment — scores are produced with the same methodology as monitored protocols
726
BRI Score
3004756508251000
Security Profile
Access Control
55
55
Economic Soundness
60
60
Oracle Integrity
75
75
Compositional Risk
35
35
Governance
50
50
Maturity
80
80
Resilience
50
50
Supply Chain
65
65
Op Security
60
60
Cascade Exposure
100
100
Access Ctrl
55
55
Economic
60
60
Oracle
75
75
Compos.
35
35
Govern.
50
50
Maturity
80
80
Resilience
50
50
Supply Ch.
65
65
OpSec
60
60
Cascade
100
100
Min
35
Avg
63
Max
100
Audit History
Certik
2021-01
Peckshield
2022-06
Bug Bounty Program
$100,000
Max payout on Immunefi
Assessment
Beefy is architecturally simple per-vault (positive) but has critical third-party farm dependency that transfers all risk externally (negative). 67-month maturity and survival through one exploit provide solid track record. The D4 compositional risk score of 35 is the anchor -- each vault is only as safe as its underlying farm. No cross-vault contagion limits systemic risk. Comparable to Yearn V2 in architecture but with wider chain surface.
Dimension Breakdown
How scores work →Access Control
Weight 18%70% conf
55
Moderate
- Owner-based ACL (no role separation: owner controls strategy migration, token rescue, fee config)
- Strategy has separate keeper/strategist/manager roles but all controlled by same Beefy team
- No on-chain timelock for most admin functions (only strategy migration has approvalDelay)
- Vault owner can call inCaseTokensGetStuck (rescue) but cannot touch want token
- earn() is fully permissionless with no rate limiting
Economic Soundness
Weight 13%65% conf
60
Moderate
- Simple share/asset model (deposit/withdraw). getPricePerFullShare should be monotonic.
- No flash loan surface in vault itself
- First-depositor inflation attack possible on fresh vaults without dead shares
- Performance fee capped but fee config is external contract (modifiable)
- harvest() swap creates MEV sandwich opportunity on every compound
Oracle Integrity
Weight 13%50% conf
75
Good
- Vault does not use price oracles directly (no liquidation, no collateral)
- Strategy swap routing relies on DEX spot prices (no TWAP protection in base)
- getPricePerFullShare is an implicit oracle used by external integrators
- Some strategies use Chainlink for swap path optimization (varies per strategy)
- Higher score because oracle dependency is indirect, not core to safety
Battle-Tested Maturity
Weight 12%80% conf
80
Strong
- Beefy live since October 2020 (67+ months)
- Vault V7 is latest iteration, evolved from V1-V6
- ~$350M TVL across 20+ chains, hundreds of vaults
- One significant exploit in 2022 (Fantom strategy vulnerability, ~$11M)
- Post-exploit: improved security reviews, strategy safeguards added
- Z-factor: 0.788 (strong maturity signal)
Governance & Upgradeability
Weight 10%60% conf
50
Concerning
- Beefy operates as a DAO with BIFI token governance
- Core team controls strategy deployments and vault parameters
- Strategy migration has timelock (approvalDelay) but owner controls
- No formal on-chain governance for parameter changes
- Community can propose strategies but deployment is permissioned
Adversarial Resilience
Weight 10%30% conf
50
Concerning
- Immunefi bounty program active
- Multiple community audits but no top-tier formal audit of core vault
- Simple per-vault architecture limits blast radius
- Third-party farm dependency is the weakest adversarial link
- Harvest sandwich attacks are a known, accepted MEV cost
- No validated adversarial findings — score set to neutral baseline
Operational Security
Weight 10%55% conf
60
Moderate
- Active monitoring of vaults and strategy health
- Keeper infrastructure for automated harvests
- panic() mechanism for emergency farm withdrawal
- Multi-chain operational complexity increases surface area
- Incident response demonstrated in 2022 exploit (funds partially recovered)
Compositional Risk
Weight 5%75% conf
35
Critical
- CRITICAL DIMENSION: Each vault depends entirely on its underlying farm protocol
- Strategy calls external farm.deposit/withdraw/getReward -- any farm exploit = total loss
- Swap via unirouter: external DEX dependency for every harvest
- Multi-chain deployment means different farms, routers, bridges per chain
- No isolation between farm failure and vault loss (1:1 coupling)
- Saving grace: each vault is independent, no cross-vault contagion
Cascade Exposure
Weight 5%55% conf
100
Excellent
- Appears in 1 cross-protocol cascade chain(s)
- Member of 2 dependency cluster(s)
- Score: 100/100 (higher = more isolated from systemic risk)
- Source: cross_protocol_composition.json dependency analysis
Supply Chain
Weight 4%55% conf
65
Moderate
- Uses OpenZeppelin for ERC20, Ownable, ReentrancyGuard
- Solidity 0.8.x (overflow protection built-in)
- Strategy code is templated but each farm integration is custom
- Hundreds of strategy contracts, each a potential supply chain entry point
- Verified on block explorers across chains
Risk Drivers
Primary risk factors driving this score, ordered by severity.
Compositional Risk35
Governance & Upgradeability50
Adversarial Resilience50
Adversarial Risk Signals
Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.
Disclosure HistoryNot Assessed
Remediation VelocityNot Assessed
Bug Bounty ProgramNot Assessed
Audit CoverageNot Assessed
Incident HistoryNot Assessed
Deployed 2020-10-08Z-Factor 0.85010 active dimensions
Score History & Verification
Score provenance tracking begins with the next reassessment.
On-Chain Data
- Protocol Slug
- "beefy"
- Oracle
- BRORegistry (Base)
- Evidence
- IPFS (pinned)
- Staleness Threshold
- 24 hours
Read Score
registry.getScore("beefy")Reduce exploitable risk
BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.