Following the launch of YIN Finance’s mainnet at the end of November 2021, we launched our own Bug Bounty Program as an effort to maximize the security of our mainnet products. We partnered with leading DeFi Bug Bounty platform Immunefi to launch the YIN Finance Bug Bounty Program on December 14th 2021.

Through our partnership with Immunefi and its wider open source security community, we have attracted professional developers and bounty hunters to continuously conduct in-depth testing on our products, so as to timely identify and repair any bugs, threats and vulnerabilities found in the various functions of YIN Finance, especially those related to the security of user assets.

What kind of bugs is focused on preventing:

• Thefts and freezing of principal of any amount

• Thefts and freezing of unclaimed yield of any amount

• Theft of governance funds

• Governance activity disruption

• Website goes down

• Leak of user data

• Deletion of user data

• Access to sensitive pages without authorization

Assets in Scope

Smart Contract — YIN Asset Manager Vault (YANG)

https://etherscan.io/address/0x271b7ed53e217d9a2dfa2b80ba39b436472eec04#code

Smart Contract — YIN Uniswap V3 Positions Manager (CHI)

https://etherscan.io/address/0x47311560a625042a4cd14ded8567472e79a7a26a#code

Smart Contract — ChainLinkFeedsRegistry

https://etherscan.io/address/0x3dad37a1dacdb0e5ce30ee738165efcdb3fdfadc

Smart Contract — CHIVaultDeployer

https://etherscan.io/address/0x7f990083369bc83e07be4029acc5eed29902dca3

Web/App

https://yin.finance

All smart contracts of YIN Finance can be found at https://github.com/YinFinance. However, only those in the Assets in Scope table are considered as in-scope of the bug bounty program.