Audits & Security

All aspects of our protocol have been audited to ensure optimal security!

1️⃣ Protocol Audits by Leading Firms

The YSL.IO protocol was created by a team of experienced developers with extensive knowledge and experience in DeFi projects and their associated specifications. Our technical architecture—including contracts, APIs, and the front end - has been purposefully designed to be scalable, fast, and secure, utilising the latest and most advanced technologies.
To further strengthen the security of our system, we have partnered with leading security firms to conduct comprehensive audits of our system architecture and smart contract logic to identify any potential vulnerabilities and reduce the risk of unexpected errors.
V2 Audit
V1 Audits

☑️ PeckShield

☑️ CertiK

☑️ PeckShield

2️⃣ Multiple Security Safeguards

Security is of utmost importance at YSL.IO. In addition to multiple code reviews conducted by top audit firms, we have taken a proactive stance on security by building a robust architecture that integrates preventive measures into every aspect of our protocol. Our comprehensive, multi-layered approach to risk management and security is designed to minimise risks at all levels and provide our community with a safe and secure experience.
We believe that our comprehensive approach to risk management and security, combined with the various measures we have put in place, will help us mitigate risks effectively and provide a secure experience for our community. To give you an idea, here are a few examples of the measures we have implemented.
👉 Security measures implemented across the YSL.IO protocol
  1. 1.
    Price Stability Model (PSM): This will prevent any catastrophic sell-offs of ill-gotten tokens and eliminate the effects of market manipulation while still allowing for large sales from a single wallet per day.
  2. 2.
    Integration of Chainlink Price Feeds: This will help the YSL.IO protocol better resist flash loan attacks, as their price feeds have proven to be accurate and reliable during extreme conditions and market volatility.
  3. 3.
    Real-Time Monitoring of Vault Ratios: When there is a deviation in a vault's Perpetual Ratio due to an excess minting of vault receipt tokens, the system will pause the vault and alert our development team to ensure timely action.
  4. 4.
    Prevention of External Smart Contract Interaction: With the recent flash loan attacks on BNB Chain, external smart contracts won't be able to interact with any of our contracts except for on-chain whitelisted contract addresses.
  5. 5.
    Protocol Block Restrictions: This will help the YSL.IO protocol flash-loan resistant, as platform users are not able to perform multiple actions on the same block. For instance, a deposit and/or claim and/or withdrawal can not be performed on the same block, these functions are only able to be performed by the protocol on subsequent blocks.
  6. 6.
    Emergency Withdrawal: If something were to cause our front-end to go down - such as during a DDoS attack or a temporary outage, users will still be able to withdraw any staked tokens by interacting directly with our vault contracts.
  7. 7.
    Token Mint/Burn Emergency Pause: When there is a deviation in the tokens being minted/burned, our protocol will be able to immediately pause the mint and/or burn process. If the need were to arise during an emergency our development team would also be able to do so manually.
  8. 8.
    Blacklist and Burn/Transfer: In the event that a wallet address is flagged by the community for holding ill-gotten YSL.IO tokens, the address will be blacklisted, which means that it will no longer be able to interact with any of the YSL.IO contracts. The team will have the ability to burn the ill-gotten tokens, but this action will only be taken if it is approved through a community vote via a proposal. Alternatively, the ill-gotten tokens could be transferred back to the team address to be returned to the impacted owner.
  9. 9.
    Vault Deposit/Reward Emergency Pause: When necessary our development team would be able to immediately pause the deposit function and/or the rewards that are being sent to a specific vault.
  10. 10.
    Multisig with Gnosis Safe: Changes made to the protocol's smart contracts will be subject to a multi-sig process, secured by Gnosis Safe, to ensure the safe and secure handling of the funds. The community will be protected from any malicious intent and have the peace of mind that their funds are protected.

3️⃣ Real-time Monitoring by Tenderly and Fully Automated by OpenZeppelin Defender

Smart contracts can be thought of as digital vending machines, much like the physical ones you may have encountered. When you insert money into a vending machine, select an item, and the conditions of the contract (i.e. you've paid the correct amount and made your selection) are met, the machine dispenses your product. In the same way, a smart contract is triggered when specific conditions are met, however, it is limited in its ability to communicate with the outside world and often relies on external entities called defenders to trigger on-chain transactions on its behalf. This is because smart contracts cannot directly access off-chain data such as price feeds.
To optimise the performance of our smart contracts, we have implemented several measures. We have utilised OpenZeppelin Defender to automate all contract operations of the YSL.IO protocol, and Tenderly to monitor all protocol functions in real-time, around the clock. This multi-layered approach ensures optimal levels of responsiveness, security, cost efficiency, and decentralisation for our smart contracts.