DeFi project aims to bolster security following $11m hack in February

Yearn Finance launches bug bounty program with payouts potentially reaching $200k

Yearn Finance, the decentralized finance (DeFi) protocol, has launched a bug bounty program with Immunefi.

Live since July 1, the program will pay out between $20,000 and $200,000 for critical vulnerabilities and $5,000-$20,000 for high severity flaws.

Yearn Finance comprises a cryptocurrency (called YFI) and DeFi products that provide lending aggregation and yield generation on the Ethereum blockchain. The protocol is maintained by independent developers and governed by YFI holders.

Ethical hackers are invited to find bugs in Yearn Finance’s web domains, applications, and smart contracts, primarily to protect users from hacks that result in the theft of funds.

Among the vulnerabilities listed as of particular interest are logic, re-entrancy, cryptography, randomness, and encryption flaws.

DeFi hack deluge

Yearn Finance also wants bug hunters to help it protect users from flash loan attacks, the vector by which its yDAI vault was breached in February, resulting in $11 million worth of losses.

Despite this setback, the value of YFI soared by more than 220% in 2020 up to May 12, when it peaked at a record high of $95,000. At the time of writing, YFI is worth around $35,000 with 36,000 coins in circulation.

The DeFi community has been subject to a growing number of cyber-attacks, scams, and frauds in recent years.

Attack the block(chain)

Some $156 million was stolen from DeFi protocols between January and April of this year alone – eclipsing the total amount pilfered during the entirety of 2020, according to a report from blockchain analytics firm CipherTrace.

Catch up on the latest cryptocurrency security news

“Vulnerabilities in smart contracts represent a possibility of a direct loss of funds, meaning companies need to come up with the most cost-effective way to ensure their safety,” said Immunefi CEO and founder Mitchell Amador.

“One of those ways is launching a bug bounty, and we’re excited to see more companies turning to this option.”


Immunefi hosts bug bounty programs for blockchain and smart contract projects, such as BadgerDAO, yAxis, and SushiSwap, and says its clients collectively safeguard $25 billion worth of user funds.

Launched in December 2020, the platform says it has already paid out more than $3 million in bounties.

The Daily Swig has contacted Yearn Finance for further comment. We will update this article should they respond.

RELATED Bug Bounty Radar // The latest bug bounty programs for July 2021