{ "schema_version": "1.0.0", "title": "Audit and Release Status", "canonical": "https://andrecronje.info/public-record/audit-release-status/", "published": "2026-06-24", "last_reviewed": "2026-06-24", "record_status": "Public-source audit and release inventory", "editorial_standard": "Audit status is project-, component-, version-, commit-, scope-, and date-specific. Absence of a public report is not proof that no review occurred.", "records": [ { "id": "yearn-iearn-cryptomaniacs-2020", "project": "Yearn Finance", "component": "iEarn", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "CryptoManiacs", "reportDate": "2020", "reportUrl": "https://github.com/yearn/yearn-audits/blob/master/CryptoManiacs%20%20-%20Audit%20of%20iearn.finance%20by%20CryptoManiacs%20-%20HackMD.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Early iEarn scope only; later Yearn contracts, strategies, governance, integrations, and deployments require separate review." ], "lastReviewed": "2026-06-24", "version": "early iEarn", "auditCollectionUrl": "https://github.com/yearn/yearn-audits", "sourceRepository": "https://github.com/yearn/yearn-audits" }, { "id": "yearn-finance-quantstamp-2020", "project": "Yearn Finance", "component": "Yearn Finance", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "Quantstamp", "reportDate": "2020", "reportUrl": "https://github.com/yearn/yearn-audits/blob/master/Quantstamp%20-%20Yearn.Finance%20Security%20Review.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Report scope is the early reviewed codebase; it is not evidence for every later vault, strategy, deployment, or operational setting." ], "lastReviewed": "2026-06-24", "version": "early Yearn", "auditCollectionUrl": "https://github.com/yearn/yearn-audits", "sourceRepository": "https://github.com/yearn/yearn-audits" }, { "id": "yearn-v1-mixbytes-2020", "project": "Yearn Finance", "component": "Yearn Finance protocol", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "MixBytes", "reportDate": "2020", "reportUrl": "https://github.com/yearn/yearn-audits/blob/master/MixBytes%20-%20Yearn.Finance%20protocol%20v.1%20Smart%20Contracts%20Audit%20Security%20Audit%20Report.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "V1 protocol report only; component coverage does not establish coverage for every strategy, vault, or later change." ], "lastReviewed": "2026-06-24", "version": "V1", "auditCollectionUrl": "https://github.com/yearn/yearn-audits", "sourceRepository": "https://github.com/yearn/yearn-audits" }, { "id": "yearn-itoken-certik-2020", "project": "Yearn Finance", "component": "iToken Finance", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "CertiK", "reportDate": "2020", "reportUrl": "https://github.com/yearn/yearn-audits/blob/master/Certik%20-%20itoken-finance-audit-report-1.1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "iToken-specific report; not a generalized statement about all Yearn code or deployments." ], "lastReviewed": "2026-06-24", "version": "1.1.0", "auditCollectionUrl": "https://github.com/yearn/yearn-audits", "sourceRepository": "https://github.com/yearn/yearn-audits" }, { "id": "yearn-timeloans-mixbytes-2020", "project": "Yearn Finance", "component": "Timeloans Finance", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "MixBytes", "reportDate": "2020", "reportUrl": "https://github.com/yearn/yearn-audits/blob/master/MixBytes%20-%20Timeloans.Finance%20Smart%20Contract%20Security%20Audit%20Report.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Component report only; does not prove full-system coverage." ], "lastReviewed": "2026-06-24", "version": "historical component", "auditCollectionUrl": "https://github.com/yearn/yearn-audits", "sourceRepository": "https://github.com/yearn/yearn-audits" }, { "id": "yearn-vaults-v2-trailofbits-2021", "project": "Yearn Finance", "component": "Yearn Vaults", "releaseStatus": "production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "Trail of Bits", "reportDate": "2021-07-19", "reportUrl": "https://github.com/yearn/yearn-security/tree/master/audits/20210719_ToB_yearn_vaultsv2", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Vaults V2 review folder; deployment bytecode relationship is not independently verified on this page." ], "lastReviewed": "2026-06-24", "version": "V2", "auditCollectionUrl": "https://github.com/yearn/yearn-security/tree/master/audits", "sourceRepository": "https://github.com/yearn/yearn-security" }, { "id": "yearn-strategies-peckshield-2021", "project": "Yearn Finance", "component": "Yearn strategies", "releaseStatus": "production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2021-01", "reportUrl": "https://github.com/yearn/yearn-security/tree/master/audits/202101_Peckshield_yearn-strategies", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Strategy review scope varies by listed strategy and date; not evidence for unlisted strategies or later modifications." ], "lastReviewed": "2026-06-24", "version": "2021 strategies", "auditCollectionUrl": "https://github.com/yearn/yearn-security/tree/master/audits", "sourceRepository": "https://github.com/yearn/yearn-security" }, { "id": "yearn-partner-tracker-chainsecurity-2022", "project": "Yearn Finance", "component": "Yearn partner tracker", "releaseStatus": "production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "ChainSecurity", "reportDate": "2022-01-23", "reportUrl": "https://github.com/yearn/yearn-security/tree/master/audits/20220123_ChainSecurity_yearn_partner_tracker", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Partner-tracker component only; not evidence for unrelated Yearn contracts or deployments." ], "lastReviewed": "2026-06-24", "version": "2022 component", "auditCollectionUrl": "https://github.com/yearn/yearn-security/tree/master/audits", "sourceRepository": "https://github.com/yearn/yearn-security" }, { "id": "yearn-v3-statemind-2024", "project": "Yearn Finance", "component": "Yearn V3", "releaseStatus": "production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "Statemind", "reportDate": "2024-05-02", "reportUrl": "https://github.com/yearn/yearn-security/tree/master/audits/20240502_Statemind_Yearn_V3", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "V3 review folder only; later integrations, parameter choices, and deployments require separate verification." ], "lastReviewed": "2026-06-24", "version": "V3", "auditCollectionUrl": "https://github.com/yearn/yearn-security/tree/master/audits", "sourceRepository": "https://github.com/yearn/yearn-security" }, { "id": "yearn-v3-chainsecurity-2024", "project": "Yearn Finance", "component": "Yearn V3", "releaseStatus": "production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "ChainSecurity", "reportDate": "2024-05-04", "reportUrl": "https://github.com/yearn/yearn-security/tree/master/audits/20240504_ChainSecurity_Yearn_V3", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "V3 review folder only; exact deployed bytecode is not asserted here." ], "lastReviewed": "2026-06-24", "version": "V3", "auditCollectionUrl": "https://github.com/yearn/yearn-security/tree/master/audits", "sourceRepository": "https://github.com/yearn/yearn-security" }, { "id": "yearn-v3-yacademy-2024", "project": "Yearn Finance", "component": "Yearn V3", "releaseStatus": "production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "yAcademy", "reportDate": "2024-06-01", "reportUrl": "https://github.com/yearn/yearn-security/tree/master/audits/20240601_YAcademy_Yearn_V3", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "V3 review folder only; scope should be read from the report materials before making component-specific claims." ], "lastReviewed": "2026-06-24", "version": "V3", "auditCollectionUrl": "https://github.com/yearn/yearn-security/tree/master/audits", "sourceRepository": "https://github.com/yearn/yearn-security" }, { "id": "keep3r-v1-peckshield-2020", "project": "Keep3r Network", "component": "Keep3r protocol", "releaseStatus": "public-beta", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2020", "reportUrl": "https://github.com/keep3r-network/keep3r.network/blob/master/audits/PeckShield-Audit-Report-Keep3r-v1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Keep3r V1 report; exact deployed-bytecode match is not independently verified on this page." ], "lastReviewed": "2026-06-24", "version": "V1", "auditCollectionUrl": "https://github.com/keep3r-network/keep3r.network/tree/master/audits", "sourceRepository": "https://github.com/keep3r-network/keep3r.network" }, { "id": "keep3r-v2-peckshield-2021", "project": "Keep3r Network", "component": "Keep3r protocol", "releaseStatus": "production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2021", "reportUrl": "https://github.com/keep3r-network/keep3r-network-v2/blob/main/audits/PeckShield-Audit-Report-Keep3rV2-v1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "One actual report was located in the V2 audit directory; coverage should not be generalized to every job, integration, or later change." ], "lastReviewed": "2026-06-24", "version": "V2", "auditCollectionUrl": "https://github.com/keep3r-network/keep3r-network-v2/tree/main/audits", "sourceRepository": "https://github.com/keep3r-network/keep3r-network-v2" }, { "id": "fixed-forex-keep3rv2-pve-2021", "project": "Fixed Forex", "component": "Keep3r V2 PVEs", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-limited-review-published", "auditor": "PVE reviewers", "reportDate": "2021", "reportUrl": "https://github.com/keep3r-network/ff/blob/master/audits/Keep3rV2_PVEs_updated.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Limited component review; not a full-system statement for Fixed Forex or Keep3r." ], "lastReviewed": "2026-06-24", "version": "updated review", "auditCollectionUrl": "https://github.com/keep3r-network/ff/tree/master/audits", "sourceRepository": "https://github.com/keep3r-network/ff" }, { "id": "fixed-forex-ibeur-peckshield-2021", "project": "Fixed Forex", "component": "ibEUR ERC-20", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2021", "reportUrl": "https://github.com/keep3r-network/ff/blob/master/audits/PeckShield-Audit-Report-ERC20-ibEUR-v1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "ERC-20 component only; not evidence for every Fixed Forex contract or economic dependency." ], "lastReviewed": "2026-06-24", "version": "1.0", "auditCollectionUrl": "https://github.com/keep3r-network/ff/tree/master/audits", "sourceRepository": "https://github.com/keep3r-network/ff" }, { "id": "fixed-forex-optionslm-peckshield-2021", "project": "Fixed Forex", "component": "OptionsLM", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2021", "reportUrl": "https://github.com/keep3r-network/ff/blob/master/audits/PeckShield-Audit-Report-OptionsLM-v1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "OptionsLM component only; interface, deployment configuration, and later changes are outside this page's scope." ], "lastReviewed": "2026-06-24", "version": "1.0", "auditCollectionUrl": "https://github.com/keep3r-network/ff/tree/master/audits", "sourceRepository": "https://github.com/keep3r-network/ff" }, { "id": "fixed-forex-stablev1pair-peckshield-2021", "project": "Fixed Forex", "component": "StableV1Pair", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2021", "reportUrl": "https://github.com/keep3r-network/ff/blob/master/audits/PeckShield-Audit-Report-StableV1Pair-v1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "StableV1Pair component only; oracle, route, and integration risks are not generalized from this report." ], "lastReviewed": "2026-06-24", "version": "1.0", "auditCollectionUrl": "https://github.com/keep3r-network/ff/tree/master/audits", "sourceRepository": "https://github.com/keep3r-network/ff" }, { "id": "fixed-forex-stakingrewardsv3-peckshield-2021", "project": "Fixed Forex", "component": "StakingRewardsV3", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2021", "reportUrl": "https://github.com/keep3r-network/ff/blob/master/audits/PeckShield-Audit-Report-StakingRewardsV3-v1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "StakingRewardsV3 component only; not a complete-system review." ], "lastReviewed": "2026-06-24", "version": "1.0", "auditCollectionUrl": "https://github.com/keep3r-network/ff/tree/master/audits", "sourceRepository": "https://github.com/keep3r-network/ff" }, { "id": "solidly-v1-peckshield-2022", "project": "Solidly", "component": "Solidly protocol", "releaseStatus": "historical-production", "deploymentEnvironment": "mainnet", "reviewStatus": "external-audit-published", "auditor": "PeckShield", "reportDate": "2022", "reportUrl": "https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Solidly-v1.0.pdf", "scopeToDeployment": "historical-report-deployment-match-unknown", "firstPartySource": false, "public": true, "limitations": [ "Original Solidly V1 scope only; later forks, successor protocols, modified deployments, interfaces, and governance systems are separate." ], "lastReviewed": "2026-06-24", "version": "V1", "auditCollectionUrl": "https://github.com/peckshield/publications", "sourceRepository": "https://archive.org/details/github.com-andrecronje-solidly_-_2022-01-16_07-54-08" }, { "id": "eminence-public-report-not-located-2026", "project": "Eminence", "component": "Eminence experimental contracts", "releaseStatus": "pre-production-mainnet", "deploymentEnvironment": "mainnet", "reviewStatus": "no-public-report-located", "auditor": "No public third-party report identified", "reportDate": "2026-06-24", "reportUrl": "https://andrecronje.info/public-record/eminence/", "scopeToDeployment": "unknown", "firstPartySource": true, "public": true, "limitations": [ "No public report located is not proof that no review occurred; the contracts were mainnet-accessible before a formal production release." ], "lastReviewed": "2026-06-24", "version": "unreleased experiment", "auditCollectionUrl": "https://andrecronje.info/public-record/eminence/", "sourceRepository": "https://andrecronje.info/public-record/eminence/" }, { "id": "fantom-opera-source-2026", "project": "Fantom / Sonic", "component": "Fantom Opera client", "releaseStatus": "network-client", "deploymentEnvironment": "mainnet", "reviewStatus": "security-research", "auditor": "Public source and protocol research record", "reportDate": "2026-06-24", "reportUrl": "https://github.com/Fantom-foundation/go-opera", "scopeToDeployment": "not-applicable", "firstPartySource": true, "public": true, "limitations": [ "Source code and research are security evidence but are not interchangeable with a component-scoped independent audit report." ], "lastReviewed": "2026-06-24", "version": "network client", "auditCollectionUrl": "https://andrecronje.info/public-record/fantom-sonic/", "sourceRepository": "https://github.com/Fantom-foundation/go-opera" }, { "id": "sonic-client-source-2026", "project": "Fantom / Sonic", "component": "Sonic client", "releaseStatus": "network-client", "deploymentEnvironment": "mainnet", "reviewStatus": "security-research", "auditor": "Public source and testing record", "reportDate": "2026-06-24", "reportUrl": "https://github.com/0xsoniclabs/sonic", "scopeToDeployment": "not-applicable", "firstPartySource": true, "public": true, "limitations": [ "This page has not mapped a component-level independent audit inventory for the client; do not reduce network assurance to a single smart-contract audit label." ], "lastReviewed": "2026-06-24", "version": "network client", "auditCollectionUrl": "https://andrecronje.info/public-record/fantom-sonic/", "sourceRepository": "https://github.com/0xsoniclabs/sonic" }, { "id": "fantom-lachesis-research-2018", "project": "Fantom / Sonic", "component": "Lachesis consensus research", "releaseStatus": "research", "deploymentEnvironment": "not-applicable", "reviewStatus": "security-research", "auditor": "Academic and protocol research record", "reportDate": "2018-10-24", "reportUrl": "https://arxiv.org/abs/1810.10360", "scopeToDeployment": "not-applicable", "firstPartySource": false, "public": true, "limitations": [ "Academic or protocol research is not an independent deployment audit and does not establish smart-contract scope coverage." ], "lastReviewed": "2026-06-24", "version": "protocol research", "auditCollectionUrl": "https://arxiv.org/abs/2108.01900", "sourceRepository": "https://arxiv.org/abs/1810.10360" }, { "id": "flying-tulip-security-program-2026", "project": "Flying Tulip", "component": "Security program and public bug bounty", "releaseStatus": "production", "deploymentEnvironment": "multi-chain", "reviewStatus": "bug-bounty-live", "auditor": "Sherlock bug bounty program", "reportDate": "2026-06-24", "reportUrl": "https://audits.sherlock.xyz/bug-bounties/248", "scopeToDeployment": "not-applicable", "firstPartySource": false, "public": true, "limitations": [ "Bug bounty scope is not the same as a completed public audit report; component reports should be added only after final approved public publication." ], "lastReviewed": "2026-06-24", "version": "staged rollout", "auditCollectionUrl": "https://github.com/flyingtulipdotcom/security", "sourceRepository": "https://github.com/flyingtulipdotcom/security", "deployedAddressesUrl": "https://docs.flyingtulip.com/contract-addresses/" }, { "id": "flying-tulip-public-security-repo-2026", "project": "Flying Tulip", "component": "Public security repository and known issues", "releaseStatus": "production", "deploymentEnvironment": "multi-chain", "reviewStatus": "internal-review", "auditor": "Flying Tulip security repository", "reportDate": "2026-06-24", "reportUrl": "https://github.com/flyingtulipdotcom/security", "scopeToDeployment": "unknown", "firstPartySource": true, "public": true, "limitations": [ "The public security repository currently lists security materials and known issues; no approved public audit-report directory was located during this implementation." ], "lastReviewed": "2026-06-24", "version": "staged rollout", "auditCollectionUrl": "https://github.com/flyingtulipdotcom/security", "sourceRepository": "https://github.com/flyingtulipdotcom/security", "deployedAddressesUrl": "https://docs.flyingtulip.com/contract-addresses/" }, { "id": "flying-tulip-risks-docs-2026", "project": "Flying Tulip", "component": "Risks, security, audits, and contract registry", "releaseStatus": "production", "deploymentEnvironment": "multi-chain", "reviewStatus": "internal-review", "auditor": "Flying Tulip documentation", "reportDate": "2026-06-22", "reportUrl": "https://docs.flyingtulip.com/risks/", "scopeToDeployment": "unknown", "firstPartySource": true, "public": true, "limitations": [ "The documentation states the security process and links public registries; it is not a substitute for a report-level public audit record." ], "lastReviewed": "2026-06-24", "version": "staged rollout", "auditCollectionUrl": "https://docs.flyingtulip.com/risks/", "sourceRepository": "https://docs.flyingtulip.com/risks/", "deployedAddressesUrl": "https://docs.flyingtulip.com/contract-addresses/" } ] }