Following the launch of YIN Finance’s mainnet at the end of November 2021, we launched our own Bug Bounty Program as an effort to maximize the security of our mainnet products. We partnered with leading DeFi Bug Bounty platform Immunefi to launch the YIN Finance Bug Bounty Program on December 14th 2021.
Through our partnership with Immunefi and its wider open source security community, we have attracted professional developers and bounty hunters to continuously conduct in-depth testing on our products, so as to timely identify and repair any bugs, threats and vulnerabilities found in the various functions of YIN Finance, especially those related to the security of user assets.
What kind of bugs is focused on preventing:
- Thefts and freezing of principal of any amount
- Thefts and freezing of unclaimed yield of any amount
- Theft of governance funds
- Governance activity disruption
- Website goes down
- Leak of user data
- Deletion of user data
- Access to sensitive pages without authorization
Assets in Scope
Smart Contract — YIN Asset Manager Vault (YANG)
Smart Contract — YIN Uniswap V3 Positions Manager (CHI)
Smart Contract — ChainLinkFeedsRegistry
Smart Contract — CHIVaultDeployer
All smart contracts of YIN Finance can be found at https://github.com/YinFinance. However, only those in the Assets in Scope table are considered as in-scope of the bug bounty program.