Oct 20, 2020
Harvest.Finance Smart Contract Audit
HAECHI AUDIT successfully audits Harvest.Finance smart contracts.
Harvest.Finance Dev-team asked us to review and audit the Harvest.Finance smart contracts. Harvest.Finance is a yield farming protocol that shares profit between ‘hard worker’ and ‘farmer’. We looked at the code and now publish our results.
The full report can be found in the link here, and a list of the found issues is as follows:
Audit Result
The code used for the audit can be found at GitHub (https://github.com/harvest-finance/harvest/). The last commit for the code audited is at “4f2812dc0765d402dc5e9685a015bd8b73b3d92b”.
Harvest.Finance team has answered that they have already fixed several issues on commit
- 48adf02d98b5bad2b426d7b833548aeddd62d2f7
- 8d464a1791a3d48d4b0318fb3c9207075cdede86
- 974a83ec3d5674f0c3f9b67ce015a1573462af3d
And they have confirmed that they already acknowledged other issues.
Major Issue
MAJOR : CRVStrategyStable#depositArbCheck() always returns true (Found — v.1.0)(Fixed — 48adf02d98b5bad2b426d7b833548aeddd62d2f7)
Minor Issues
MINOR : RewardPool#notifyRewardAmount() does not check if it received reward. (Found — v.1.0) (Acknowledged)
MINOR : RewardPool#notifyRewardAmount() can decrease rewardRate (Found — v.1.0) (Acknowledged)
MINOR : Vault#setVaultFractionToInvest() can not be set to enable full investment. (Found — v.1.0) (Fixed — 8d464a1791a3d48d4b0318fb3c9207075cdede86)
MINOR : HardRewards#load() can lead to temporary loss of fund when changing token address (Found — v.1.0) (Acknowledged)
MINOR : NoMintRewardPool has an Owner which can be misleading against the Governor. (Found — v.1.0) (Acknowledged)
Conclusion
HAECHI AUDIT found one Major Issue and five Minor Issues. HAECHI AUDIT recommends that the Harvest.Finance team resolve all of the issues found. They fixed and acknowledged all of the issues.
HAECHI AUDIT Official website: https://audit.haechi.io/
HAECHI AUDIT Twitter: https://twitter.com/haechi_audit
About HAECHI AUDIT
It is HAECHI AUDIT’s mission to help clients develop secure smart contracts by providing the most trustworthy security auditing services.
HAECHI AUDIT is a top smart contract security audit firm consists of blockchain professionals. We provide the most secure smart contract security audit and smart contract development services to our global clients.
So far, based on the HAECHI AUDIT’s security audit report, our clients have successfully listed on the global cryptocurrency exchanges such as Huobi, Upbit, OKEX, and others.
Trusted by the industry leaders, we have been incubated by the Samsung Electronics and awarded the Ethereum Foundation Grants and Ethereum Community Fund.
Secure your smart contracts with HAECHI AUDIT.
Contact : audit@haechi.io
