Risk & Audit Status
Audit Status
| Item | Status |
|---|---|
| External audit | Pending |
| Mainnet validation | In progress (invited whitelist only) |
| Internal test suite (613 cases) | Passing |
| Public bug bounty | Not yet active |
YearRing Fund Protocol has not completed a third-party external audit.
The current contracts are deployed for controlled internal validation with a limited number of invited participants. A formal external audit is planned before broader public access is opened.
Until an external audit is completed, users should treat all interactions as experimental.
Risk Factors
Smart Contract Risk
The protocol contracts have not been formally audited by a third party. The internal test suite covers 613 cases across vault accounting, access control, emergency paths, and commitment operations. Testing does not eliminate all contract risk.
No Guaranteed Yield
Yield is generated by supplying USDC to Aave V3 on Base. Supply rates fluctuate based on market conditions and may decrease or reach zero. The protocol does not guarantee any fixed return. Past performance does not predict future results.
Strategy Risk
Vault capital deployed to Aave V3 is subject to Aave protocol risk — including smart contract vulnerabilities, governance actions, and market conditions. If Aave's aUSDC value decreases, vault PPS decreases proportionally.
Operational Risk
Admin operations pass through a 24-hour timelock. The emergency role can pause immediately but cannot reconfigure the system. In the current version, admin control is held by a single entity — full multisig governance is planned but not yet implemented.
Liquidity Risk
Redemptions require sufficient idle USDC in the vault. If idle balance is insufficient, users must wait for a rebalance or admin divest action before redeeming.
RWT Price Risk
RWT has no guaranteed market value. Its price, if any, is determined by secondary market activity. The protocol does not provide liquidity guarantees for RWT.
Experimental Software
YearRing Fund Protocol is experimental software.
Nothing in this documentation or on the protocol interface constitutes financial advice, investment advice, or a public solicitation. Users interact with the protocol at their own risk and should independently assess smart contract, DeFi, regulatory, and liquidity risks before depositing any assets.
Security Contact
To report a vulnerability: security@yearringfund.com
See Security for full responsible disclosure policy.