Scores/Yearn Finance

Yearn Finance

MITHRIL

Yield Aggregator · Multi-chain · $400M+ TVL · 20 contracts

Confidence 65%Z-Factor 0.91Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

853

BRI Score

3004756508251000

Security Profile

Access Control
80

Economic Soundness
82

Oracle Integrity
82

Compositional Risk
58

Governance
78

Maturity
90

Resilience
68

Supply Chain
80

Op Security
82

Access Ctrl
80

Economic
82

Oracle
82

Compos.
58

Govern.
78

Maturity
90

Resilience
68

Supply Ch.
80

OpSec
82

Min

Avg

Max

Audit History

Trail of Bits

2021-03

MixBytes

2022-06

ChainSecurity

2022-01

Bug Bounty Program

$250,000

Max payout on Immunefi

View Program →

Assessment

Pioneer of yield aggregation, 75+ months live with zero core vault exploits. Strategy-level dependencies create composition risk but core vault architecture is proven. veYFI governance and community-driven strategy approval provide oversight.

Dimension Breakdown

How scores work →

Access Control

Weight 19%78% conf

Strong

Vault management permissions
Strategy approval process
Guardian for emergency
Multisig operations

Economic Soundness

Weight 14%80% conf

Strong

Yield aggregation model proven
Performance fees transparent
Multiple strategy diversification
Withdrawal queue management

Oracle Integrity

Weight 14%80% conf

Strong

Strategy-dependent oracle usage
Share price calculation from underlying
No direct oracle dependency in vault core
Strategy-level oracle risks

Battle-Tested Maturity

Weight 13%88% conf

Excellent

Live since February 2020 (75+ months)
Pioneer of yield aggregation
Survived multiple market events
Zero core vault exploits

Governance & Upgradeability

Weight 11%75% conf

Good

YFI governance proven
veYFI staking model
Community-driven strategy approval
Reasonably decentralized

Adversarial Resilience

Weight 11%72% conf

Moderate

Strategy-level exploits historically
Core vaults clean
Active bounty program
Multiple auditors across versions

Operational Security

Weight 11%78% conf

Strong

Professional strategist operations
Monitoring infrastructure
yMechs keeper network
Incident response demonstrated

Compositional Risk

Weight 5%65% conf

Moderate

Deep DeFi strategy dependencies
Strategies interact with many protocols
yVault composability across DeFi
Strategy failure cascades to vault

Supply Chain

Weight 4%78% conf

Strong

Standard Solidity
Vyper for V2 vaults
Verified contracts
Strategy dependencies vary

Additional Dimensions

Cascade Exposure

Weight conditional0% conf

-1

Critical

Not assessed — excluded from BRI computation

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Compositional Risk58

Adversarial Resilience68

Governance & Upgradeability78

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2020-02-06Z-Factor 0.9109 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "yearn"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("yearn")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →