# YveCRV Audit Notes  ## Critical: 0 ## Major: 1 ### 1. Zero-out Approval on Migration **Comment:** - none. **Actions taken:** - Added reccomended fix to zero-out approvals on `prepareMigration` ## Warnings: 2 ### 2. Missed Token **Comment:** - Disagree that token is missed since `want == yveCrv`. **Actions taken:** - `want` is already protected via BaseStrategy, so I have removed that from the list. - For consistency, I have removed all references to `yveCrv` and replaced with `address(want)`. ### 3. Potential Insufficient Approval: **Comment:** - It should not be a concern that we exhaust allowance on `type(uint256).max` - Still a function to increase approvals might be handy in an edge case where we migrate-back to a strategy (after they are zeroed-out in finding #1 above). **Actions taken:** - Added a `restoreApprovals` function protected by `onlyGovernance` which sets tokens to max approval. ## Comments: 2 1. "There is no input parameter processing in the method" - No action taken. This parameter is inherited from BaseStrategy 1. "Event is probably missing" - Added `UpdatedBuffer` event