Hire a pentesting company to check the main servers and frontends used to interact with Yearn contracts
This would be done in perpetuity, but only the first audit would be more costly. Afterward, they’d just do a faster check each month. This would permit us to display on the website a badge saying something like “Secured by …”.
Additionally, we would implement w/e security protocols they recommend. For example, who has access to changing the frontend? How is that access secured? Who has access to the actual server? How is that secured? And so on.
Testing and contract audits won’t help us much if someone hacks yearn.finance and changes the website to call functions with the wrong arguments, or other similarly bad stuff. This is highly needed.
I will formalize the proposal during the next few days. We should come up with suggestions on what pentesting company we should go for, and what’s the budget.
- Let’s do this!