# Strategy v3 Information ## 1. Due Diligence (optional|required) The DD document is optional. The security team might ask the strategist to add it at their discretion. If it is required, once a strategy's due diligence has been approved by the security team, the strategist can begin codifying it for code review. If this DD document is required, create a PR adding the document in the `dd_v3` folder using [this](https://github.com/yearn/yearn-strategies/tree/master/dd_v3/v3_dd_template.md) template. ## 2. Strategy Information ### Description of the strategy #### Briefly explain the external protocols that the strategy interacts with {answer} #### Briefly explain what the strategy does to get yield {answer} ### Important Checks These simple questions are important to understand how the strategy works, and having an overview perspective about the strategy and the underlying protocol(s). Please, answer these questions as detailed as possible. In case some questions don't apply for your strategy, feel free to add *n/a*. #### Which version/s are used in inherited contracts ? (E.g: Core: BaseStrategy/TokenizedStrategy v3.0.2, Periphery: UniswapV3Swapper, AuctionSwapper v1.x.x) {answer} #### Does the strategy has potential deposit fees? {answer} #### On which chains is the strategy currently deployable or planned to be deployed? {answer} #### Does the strategy has potential withdrawal fees? {answer} #### Does the strategy has potential frontrunning threats on deposits/withdrawals? If yes, how so? {answer} #### At any given time, is there a possibility that withdrawing the deposited "asset" might not be possible? If yes, is `availableWithdrawLimit` overridden? {answer} #### At any given time, is there a possibility that depositing any arbitrary amount is not possible? If yes, is `availableDepositLimit` overridden? {answer} #### How many protocols does the strategy directly interact with? If at least one, list them {answer} #### How many protocols does the strategy indirectly interact with? If at least one, list them {answer} #### Do the risks of external contracts pausing or executing an emergency withdrawal affects the strategy? If yes, how? {answer} #### Is there any expected loss in the strategy's normal cycle? If yes, how? {answer} #### Does the strategy require a privileged role to set some important settings? If there are any, explain {answer} #### What are the worst-case scenarios that this strategy can experience? How likely are these scenarios, and what would be the strategy's reaction in such cases? {answer} #### How many assets that the strategy handles? {answer} #### Does the strategy borrow against the deposits? If yes, does it borrow the same asset or some other asset? What kind of money market it uses for lend/borrows? How is the collateral ratio determined and maintained? Who is responsible for changing the parameters? How is the on-chain monitoring and maintenance of the debt position managed? {answer} #### Does the strategy rely on keepers? If yes, how much does it rely? If the keepers are very important, how does the `tendTrigger` work? What would happen if the keeper is not responding correctly? Can the keeper harm the system intentionally or unintentionally? {answer} #### Is `emergencyWithdraw` implemented? If not, why? {answer} #### Does the governance of the yield source protocol contracts have excessive powers that could impact our strategy? If yes, how and what would be the strategy's reaction to it? {answer} ## 3. Strategy Review **Commit (hash)**: {link} **Repo**: {link} **Branch**: {name} **Experts**: List the strategists that understand the strategy code: - {Strategist 1} - {Strategist 2} **Testing**: - Coverage {paste here the tests passing with coverage (image)} - Does it include fuzzing and invariant tests? {answer} **Scope**: - Contract1.sol {link} - Contract2.sol {link} **Flat Strategy (with dependencies)**: {link} **Review Ongoing By**: - [ ] Dev 1 - [ ] Dev 2 **Review Completed By**: - [ ] Dev 1 - [ ] Dev 2 ## 4- Summary Table & Important Notes Total Issues: N | Issue # | Description | Severity | Likelihood | Status | | ------ | ------ | ------ | ------ | ------ | | 1 | Description issue 1 | [Critical, High, Medium, Low, Info] | [High, Medium, Low] | [Pending, Acked, Fixed] | 2 | Description issue 2 | [Critical, High, Medium, Low, Info] | [High, Medium, Low] | [Pending, Acked, Fixed] | N | Description issue N | [Critical, High, Medium, Low, Info] | [High, Medium, Low] | [Pending, Acked, Fixed] ### Notes Section to add important notes about issues identified by strategists and security reviewers. - Note 1. - Note N. ## 5. Risk Scores (To be filled by the security team before closing the ticket) ```json { name: string; network: number; targets: string[]; codeReviewScore: number; testingScore: number; auditScore: number; protocolSafetyScore: number; complexityScore: number; teamKnowledgeScore: number; tags: string[]; } ``` Example: ```json { "name": "Strategy X", "network": 1, "targets": ["0x1234...1234", "0x2345...2345"], "codeReviewScore": 2, "testingScore": 3, "auditScore": 4, "protocolSafetyScore": 3, "complexityScore": 4, "teamKnowledgeScore": 4, "tags": ["protocol", "standalone"] } ``` Tx link (polygon): [link](link) ## 6. Deployed Addresses List all the smart contracts addresses, including factories, templates, etc. | # | Name | Network | Link | | ------ | ------ | ------ | ------ | | 1 | DAIVault | [eth,base,arb,pol] | [0x123...123](https://etherscan.io/0x123...123) | 2 | USDVault | [eth,base,arb,pol] | [0x456...456](https://etherscan.io/0x456...456) | N | Name N | [eth,base,arb,pol] | [0x789...789](https://etherscan.io/0x789...789)