YELD | Contracts Bug Bounty Progam

Bringing the community to collaborate together 🙌

Dear yelders,

We want to give you the opportunity to collaborate with us and make our project more approachable to the community. We have decided to crea a Bug Bountry Program, this will give you and opportunity to make our product better, more secure & free of bugs. 🔐

All the community is welcomed to participate, there will be compensations ranging from $100 for a minor bug to $30,000 a critical one.

Bug Bounty Program

You can participate in the bug bounty program for the YELD smart contracts in the following repository. The 5 contracts that we want secured are these ones:

To Submit your Bugs:

The main functions in the yContracts are withdraw(), deposit(), buyNBurn(), usdtToETH(), extractYELDEarningsWhileKeepingDeposit(), getGeneratedYelds() and changeYeldToRewardPerDay(). You can ignore the other functions since they are the same from the well-audited yearn protocol.

The entire RetirementYeldTreasury.sol is new so all the functions are included in the bug bounty.

We are following the OWASP risk assessment methodology to determine the bug’s level of threat to the protocol.

Bug Feature Matrix


An attack identified that could steal user funds through operating the protocol would be considered a critical threat. If there was a way for someone to spend more tokens than owned the bug would also be considered critical.

Please note that the submission’s quality will factor into the level of compensation. A high quality submission includes an explanation of how the bug can be reproduced, a failing test case, and a fix that makes the test case pass. High quality submissions may be awarded amounts higher than the values provided above.

Note that bounties will be paid in YELD (currently worth about $100 USD per token) and that team members and paid auditors are not eligible for bounty compensation.

How to submit

Submit every bug or vulnerability as an answer to this thread. More information about the project available on the announcements channel here:

Soon, after the Bug Bounty Program we are going to relaunch our dApp. Any doubts and suggestions will be answered throughout our channels, you can find us at:




Lastly, thank you for reading us, hope you help us make our product better 💪



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store