Harvest
  • Harvest Overview
  • Get Started Farming
  • General Info
    • What is Harvest
      • FARM token
      • Communal Harvesting and iFARM
      • Strategy Development
      • Variable Rates of Return - APY %
    • Yield Sources on Harvest - How to Get and Track Them
  • How it works
    • Autopilots
    • How to convert and revert
    • Harvest contracts
      • Vaults
        • Timelocks
      • Strategies
    • Contract Addresses
  • Other
    • Community Apps
    • Translations
      • Official announcements
      • Official announcements (old)
      • Useful articles about Harvest Finance
    • 🎨Media Kit
    • Builders
    • FAQ
    • Coinbase Wallet Quest [Tutorial]
    • Security
      • Bounty Program
      • Risks
      • Audits
      • Incidents
        • fUSDC/fUSDT Economic Attack Oct 26 2020
        • fWETH Revert Failure Sept 18 2020
  • Archive
    • Archived
      • fCASH
        • iFARM and Defi integrations
        • DoHardWork
      • (Old) Getting Started with UNI Pools
      • (Old) Farm with USDC
      • Harvest User Guide
        • How to understand how much you earn
          • Interest rate guide
          • APY Calculation
        • Where to trade FARM
      • Governance
      • FAQ
      • GRAIN token
      • Articles
        • Videos
        • Core Team
        • Podcasts
        • Redmption's Farmers Almanac
      • Merchandise
      • Contests
      • Collabs
      • History
        • History of Strategy
  • legal
    • Terms & Conditions
    • Privacy Policy
Powered by GitBook
On this page
  • PeckShield Audit
  • Haechi Labs
  • Certik Audit
  • Least Authority
  • Incident

Was this helpful?

  1. Other
  2. Security

Audits

PreviousRisksNextIncidents

Last updated 5 months ago

Was this helpful?

To keep the crops secure, you must farm in fences. The Harvest operations budget (10% of supply) will be used to ensure that Harvest farming strategies are audited and secure.

PeckShield Audit

We acquired an audit from PeckShield which should assure our farmers that their crops are safe and bread for the people will be produced, no matter what the future brings. The main issue pointed out by PeckShield is the privileged role of our 0xf00d deployer address. Based on the discussion with our community, we have implemented timelock mechanisms that provide the farmers with an opportunity to leave the farm if they disagree with the deployer's actions before these actions are executed. An additional issue related to CRVStrategyStable's depositArbCheck() was pointed out by our wonderful community and was already fixed before the report by PeckShield was completed. Other non-informational issues do not affect the system, or are explicit design choices and decentralization features made by our team. We would like to thank PeckShield for their hard work on this audit and keeping our farmers safe.

On September 7th 2020, PeckShield indicated that no serious business logic issues had been found in a preliminary review: Last few days PeckShield has done a sanity check of Harvest Finance smart contracts, so far no serious business logic issue was found. In the next several weeks, we will conduct a full security audit of the smart contracts. #DeFiFarming

Haechi Labs

We acquired an audit from Haechi which should assure our farmers that their crops are safe and bread for the people will be produced, no matter what the future brings. The audit highlighted one issue classified as major (initially pointed out by the community, thus it is already fixed), and 5 additional minor issues, 4 of which are in fact decentralization features and design choices that we actively made for our platform. The one remaining minor issue was fixed as well. We would like to thank Haechi for their hard work on this audit and keeping our farmers safe.

Preliminary results from 14th of September 2020: Thanks to Harvest.Finance developer’s hard work, we could not identify any serious bug in smart contracts. We were able to find that Harvest.Finance development team had put a lot of effort into testing the smart contracts. Including external contract tests which were very helpful while reviewing the contracts. As a result, what we could find was minor issues including missing interface files which do not affect the security of the business logic.

is a Korean security company that has performed audits for LG, Samsung, Carry Protocol, and the Ethereum Foundation.

Certik Audit

An audit from has also been commissioned. The Certik audit started on September 16 and ended on October 2, 2020. No critical issues were found.

Least Authority

An audit from has also been commissioned. The Least Authority audit started on November 30, 2020 (a month after the Flash Loan incident) and ended on February 17, 2021. The audit identified several areas for improvement, and no unresolved critical issues directly affecting the current production environment were found, as the vulnerable strategies were discontinued or mitigated.

Incident

PeckShield Audit
PeckShield Inc. @peckshield (2020-09-07)
@harvest_finance
Haechi Labs Audit
LINK to the original post
haechi.io
Certik
Certik Audit
Least Authority
Least Authority