search

shield-checkSecurity

hashtag
Security Measures

Protocol security is built through multiple layers of protection, forming a hardened barrier designed to safeguard user funds and ensure the long-term integrity of the system. The Yield Strategy team consists of experienced professionals from both DeFi and Web2 backgrounds, with a track record of building and maintaining secure on-chain and off-chain applications. Best practices in development and security are second nature to us.

hashtag
Contracts

  • All protocol contracts will be open-source and verified on-chain, allowing users to audit and review them prior to interaction.

  • Official contract addresses will be published under the "Contracts" page in our documentation. Always double-check addresses before interacting to ensure they are correct.

  • Our contracts are forked from the original Tomb Finance codebase, enhanced with UX and efficiency improvements.

    • This ensures we're using battle-tested code that has undergone multiple third-party audits over the years.

    • Contract structures are designed to limit admin control, preventing malicious manipulation of user-facing functions.

Once deployed, these contracts operate independently and without admin involvement, embodying the ethos of true decentralization.

hashtag
Rug/Exploit Proof

Rug pulls and exploits are unfortunately common in DeFi. We’ve implemented several preventative measures to eliminate such vulnerabilities from the Yield Strategy protocol:

Peg Token Minting Protection

The most common exploit in seigniorage protocols involves developers minting unlimited peg tokens and draining liquidity—similar to what recently happened with Quantum.

To prevent this risk entirely:

  • We will renounce ownership of the $BILLS peg token contract once operator control is assigned to the treasury contract.

  • Only the treasury contract will retain minting permissions, and only under specific conditions (i.e., when above peg to reward Vault stakers).

  • The treasury operates autonomously and is not admin-controlled in any way.

Even if an admin key is compromised, no malicious minting or liquidity drain is possible. The protocol will continue functioning securely and as intended.

Liquidity Pull Immunity

Seigniorage protocols differ from OHM-style bonding protocols (e.g., Solis), where the team often owns or controls the LP tokens—a key attack vector.

In contrast:

  • Yield Strategy does not own or bond any community LP tokens.

  • All LP is entirely community-owned and fully under user control at all times.

As a result, liquidity pull rugs are structurally impossible in Yield Strategy.

hashtag
Multi-Sig Admin

To further reduce risks of centralized control, we implement a multi-sig (multi-signature) system for all major administrative actions.

  • Major transactions (e.g., treasury movements, emissions schedule changes) require multiple wallet signatures for execution.

  • This setup protects against:

    • Unauthorized actions

    • Single point-of-failure risks (e.g., if a dev wallet is compromised)

By distributing control among multiple trusted parties, we create a security-first infrastructure for all protocol governance and operations.

Unlike centralized platforms like Bybit, we do not engage in questionable behavior such as signing off blindly on massive transfers (e.g., the infamous 70% ETH fund move worth $1.4B).

PreviousOTC DeskNextOptimal Farming Strategies

Last updated