Audits & Bug Bounties

YieldBasis has undergone multiple comprehensive security audits, AI-assisted reviews, and competitive security reviews to improve the safety and reliability of the protocol. However, no audit can guarantee absolute security, and smart contract risk remains.

Finding-level remediation status is not summarized here until each report's finding matrix and current remediation evidence are available. Do not infer that every finding is remediated from the presence of a report link.

If you have any security concerns or vulnerabilities to report, please contact us here: [email protected]

Audit Reports

Core Architecture

Audit #1: Statemind

Date: 24-02-2025 - 22-05-2025

View Full Report →

Audit #2: Chainsecurity

Date: 07-07-2025

View Full Report →

Audit #3: Quantstamp

Date: 01-04-2025 - 16-04-2025

View Full Report →

Audit #4: Mixbytes

Date: 11-08-2025

View Full Report →

Audit #5: Electisec

Date: 03-08-2025

View Full Report →

Audit #6: Pashov

Date: 26-03-2025 - 01-04-2025

View Full Report →

Security Contest

Sherlock Security Contest

Date: 01-08-2025 - 30-09-2025

Scope: Full protocol

View Full Report →

Hybrid Vaults

Audit #7: Mixbytes

Date: 26-03-2026

View Full Report →

Audit #8: Chainsecurity

Date: 26-03-2026

View Full Report →

Fee Distributor

Audit #9: Firepan AI Audit

Date: 23-04-2026 - 26-04-2026

Scope: FeeDistributor

View Full Report →

Read Case Study →

Bug Bounty

Status as of 2026-05-19: a bug-bounty program is in preparation. Scope is expected to cover production core contracts listed in Contract Addresses. Standard out-of-scope: frontend, third-party integrations, social-engineering, known issues already reported.

For immediate security concerns, email [email protected] directly.

Related

• Contract Addresses
• Risk Disclaimer