Runtime Verification completes Yieldly’s TEAL 5 Multi-token Staking Audit

Runtime Verification has completed their security audit of Yieldly’s TEAL 5 multi-token staking pool contract with no major issues found. This outcome makes us all even more excited for Yieldly’s new TEAL 5 products slated to launch this month. Namely, Yieldly’s Liquidity Provider (LP) Pools, Fair Distribution via Staking Pools, and Auto-compounding ASA Staking Pools (per our latest roadmap post here).

Security is Yieldly’s top priority

The Yieldly team is obsessed with security. We always ensure Yieldly’s codebase goes through multiple reviews, audits and rigorous testing before deployment. To date, Yieldly has undergone four independent security audits by world-class cybersecurity firms. These firms go line by line over Yieldly’s codebase in order to identify any potential security failings or exploitable loopholes. They examine whether our bespoke smart contracts are secure, reliable and behave correctly even in adversarial conditions, thus improving Yieldly’s overall security.

Runtime Verification

Last month Yieldly once again enlisted Runtime Verification’s auditing and formal verification expertise. Runtime Verification applies formal methods to critically analyse the safety, reliability, and correctness of computing systems for aerospace and automotive industries, as well as blockchain technology. They have performed security audits on cutting-edge virtual machines and smart contracts on the Ethereum, Algorand, Tezos and Elrond blockchains, including Maker, Uniswap, Olympus, Stakefish and element.fi.

Audit Scope

Yieldly engaged Runtime Verification to conduct a flash security audit of the TEAL 5 multi-token staking pool contract. Their objectives were as follows:

  • Review the contract’s business logic and implementation in TEAL and identify any issues that could potentially cause the system to malfunction or be exploited
  • Review the architecture of the multi-token staking pool smart contract based on the provided documentation
  • Review the TEAL implementation of the contract to identify any programming errors
  • Cross check the TEAL code of the contracts with the documented high-level design

Outcome

The Runtime Verification team found some minor issues in the TEAL 5 multi-token staking codebase, all of which were subsequently addressed by the team. There were no show-stoppers or issues that required radical changes from Yieldly. Despite Yieldly applying our own rigorous testing methodologies against the latest TEAL implementation, leveraging the experience of Runtime Verification helps us improve the security and safety of our users. We would like to thank the Runtime Verification team for their insightful comments and suggestions.

Runtime Verification’s new audit report of Yieldly is now released and published at GitHub here.

Next Audit

The Yieldly team is currently working with another cybersecurity firm, Halborn, who is also auditing our upcoming TEAL 5 products. Updates will be provided in due course.

To stay up-to-date with Yieldly’s rapidly expanding DeFi and NFT protocol, please join our community channels:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store