Published in


Harvest.Finance Smart Contract Audit

HAECHI AUDIT successfully audits Harvest.Finance smart contracts.

Harvest.Finance Dev-team asked us to review and audit the Harvest.Finance smart contracts. Harvest.Finance is a yield farming protocol that shares profit between ‘hard worker’ and ‘farmer’. We looked at the code and now publish our results.

The full report can be found in the link here, and a list of the found issues is as follows:

Audit Result

[Chart 1, Issue Classification]

The code used for the audit can be found at GitHub (https://github.com/harvest-finance/harvest/). The last commit for the code audited is at “4f2812dc0765d402dc5e9685a015bd8b73b3d92b”.

Harvest.Finance team has answered that they have already fixed several issues on commit

  • 48adf02d98b5bad2b426d7b833548aeddd62d2f7
  • 8d464a1791a3d48d4b0318fb3c9207075cdede86
  • 974a83ec3d5674f0c3f9b67ce015a1573462af3d

And they have confirmed that they already acknowledged other issues.

Major Issue

MAJOR : CRVStrategyStable#depositArbCheck() always returns true (Found — v.1.0)(Fixed — 48adf02d98b5bad2b426d7b833548aeddd62d2f7)

Minor Issues

MINOR : RewardPool#notifyRewardAmount() does not check if it received reward. (Found — v.1.0) (Acknowledged)

MINOR : RewardPool#notifyRewardAmount() can decrease rewardRate (Found — v.1.0) (Acknowledged)

MINOR : Vault#setVaultFractionToInvest() can not be set to enable full investment. (Found — v.1.0) (Fixed — 8d464a1791a3d48d4b0318fb3c9207075cdede86)

MINOR : HardRewards#load() can lead to temporary loss of fund when changing token address (Found — v.1.0) (Acknowledged)

MINOR : NoMintRewardPool has an Owner which can be misleading against the Governor. (Found — v.1.0) (Acknowledged)


HAECHI AUDIT found one Major Issue and five Minor Issues. HAECHI AUDIT recommends that the Harvest.Finance team resolve all of the issues found. They fixed and acknowledged all of the issues.

HAECHI AUDIT Official website: https://audit.haechi.io/

HAECHI AUDIT Twitter: https://twitter.com/haechi_audit


It is HAECHI AUDIT’s mission to help clients develop secure smart contracts by providing the most trustworthy security auditing services.

HAECHI AUDIT is a top smart contract security audit firm consists of blockchain professionals. We provide the most secure smart contract security audit and smart contract development services to our global clients.

So far, based on the HAECHI AUDIT’s security audit report, our clients have successfully listed on the global cryptocurrency exchanges such as Huobi, Upbit, OKEX, and others.

Trusted by the industry leaders, we have been incubated by the Samsung Electronics and awarded the Ethereum Foundation Grants and Ethereum Community Fund.

Secure your smart contracts with HAECHI AUDIT.

Contact : audit@haechi.io




HAECHI AUDIT is the leading smart contract security audit company founded top security experts. Trusted by the industry leaders, HAECHI AUDIT has reached strategic partnerships with global Exchanges and the Fortune global 500 enterprises.

Recommended from Medium

WTF is Wallet Corruption: A weird and shocking way to lose your crypto.

Basic Pentesting: 1

[Some Interesting] Cloud ‘n Sec news: 20th May 22


The Web Application Attacks Basic to get started in Brief

Ledger spear-phishing attacks: from clones to malware

Chronicle Cybersecurity Predictions: Crimeware, Cloud and Beyond

BANANO Ecosystem Spotlight #1: The BANANO Discord Chat Server

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


HAECHI AUDIT은 글로벌 스마트 컨트랙트 보안감사 전문 기업으로, 업계 최고 수준의 스마트 컨트랙트 보안감사 및 개발 서비스를 제공합니다. 고객들의 디지털 자산과 직결되어 있는 스마트 컨트랙트 보안, HAECHI AUDIT과 함께 가장 안전하게 보호하세요.

More from Medium

What is a Decentralized Exchange?

web3 protocols/smart_contracts audit

How are transactions executed? (Part 2)

Deep Dive: IPFS, FILECOIN, Filecoin Solana Use Cases