This security review was prepared by Quantstamp, the leader in blockchain security. Executive Summary Category Description Type Lockdrop contract

Martinet Lee & Jun-You Liu TL;DR We have notified Andre before publishing this analysis. Your WAIFU is SAFU: None of the existing contracts are subject to the exploits mentioned below. The analysis is based on the set of contracts related to the yCurve yVault. "Poisoning Baby Vault" is valid but it only affects new vaults. The implementation in yCurve yVault/Strategy pair does not consider the case if Vault Token is not Want Token. Specifically, the functions that are related to balance. Future developers should be aware of these issues when implementing Strategies.