Harvest.Finance Security Review

3 min readSep 14, 2020

As a Smart Contract Audit company, HAECHI AUDIT has finished an initial security review on ‘Harvest.Finance’.

What is ‘Initial Security Review’?

Before delivering a final audit report, auditors at HAECHI AUDIT review the whole process of interacting withe the smart contract. At this stage, we find out the relationship between the given contracts and external contracts. Auditors check if there is any serious bug in the business logic or known issues like swc list.

What is ‘Harvest.Finance’?

Harvest.Finance is a yield farming protocol that shares profit between ‘hard worker’ and ‘farmer’.

Farmers will deposit assets to ‘Vault’ and get f-Asset as a return.
Hard Workers will do yield farming using predefined ‘Strategy’ attached to ‘Vault’.
Farmers can earn $FARM by depositing f-Asset.

What did you find?

Thanks to Harvest.Finance developer’s hard work, we could not identify any serious bug in smart contracts. We were able to find that Harvest.Finance development team had put a lot of effort into testing the smart contracts. Including external contract tests which were very helpful while reviewing the contracts.
As a result, what we could find was minor issues including missing interface files which do not affect the security of the business logic.

So, is it safe?

We don’t know yet. As we stated at the start of this post, this is just a review of the business logic and it is just a part of the full audit. We recommend waiting for the full audit report which will be published at the end of this month. And also other audit reports by other smart contract audit firms.

As ‘Harvest.Finance’ uses a lot of external smart contracts such as Curve, Swerve, and Synthetix, ‘Harvest.Finance’ will also be holding the security risks of those contracts such as Owner key issues.

What’s next?

We’ll do static analysis on smart contracts and full testing of every scenario interacting with the contracts.
Also, we will do full end-to-end testing with all interacting smart contracts.
Based on testing and analysis results, we will provide a full audit report to ‘Harvest.Finance’ and help them fix it.
While preparing for the audit report, if we find any critical issue that could potentially affect the user’s assets.

Provided Materials

Source Code: https://github.com/harvest-finance/harvest
Initial Commit Hash: 4b8ab380254726c53fa507b80fc6b944693b96e6
Updated Commit Hash: 4f2812dc0765d402dc5e9685a015bd8b73b3d92b
Wiki : https://farm.chainwiki.dev/en/home

HAECHI AUDIT Official website: https://audit.haechi.io/

HAECHI AUDIT Twitter: https://twitter.com/haechi_audit

[About Us]

HAECHI AUDIT is a leading entity in the global blockchain industry specializing in smart contract security audits and developing. We are made up of experts with multiple years of experience in blockchain technology research and development, and provide the most reliable smart contract security auditing and developing services.
Our hallmark portfolio includes SK Telecom, Kakao’s blockchain subsidiary Ground X, Carry Protocol, etc.; we also pride ourselves in having conducted security audits for over 80 global projects.
Also, based on our technological expertise, we received/ are receiving support from multiple sources such as Samsung Electronics, the City of Seoul, KB Financial Group, Shinhan Bank, Hanwha Group, etc; we have also been awarded subsidies from the Ethereum foundation.