Immunefi
Blog
Platform
Bug Bounty ProgramsPR ReviewsAuditsAudit CompetitionsInvite OnlySafe HarborVaultsManaged TriageHelp Center
Security Researchers
Help for WhitehatsLearnLeaderboardImmunefi Top 10 BugsWhitehat AwardsWhitehat Hall of FameReport FindingsResponsible Publication
LoginExplore bountiesGet Protected
Back to Explore
Audit Comp | Yeet-logo

Audit Comp | Yeet

|

Yeet is a gamified DeFi protocol on Berachain that offers an interactive financial experience through strategy and timing. Its core feature, the Yeet Game, allows users to deposit BERA tokens into a pool, with the last depositor winning most of the funds. YeetBonds help protocols manage their liquidity efficiently, while Yeetard NFTs provide additional in-game benefits.

The native $YEET token can be farmed and staked for rewards. By integrating game mechanics into DeFi, Yeet fosters community engagement, liquidity solutions, and a unique way to participate in decentralized finance. Learn more at https://www.yeetit.xyz/

Solidity

Evaluating

5d: 3h remaining
Reward Pool
$30,000
Start Date
11 March 2025
End Date
25 March 2025
Rewards Token
USDC
Lines of Code
1,538

  • Triaged by Immunefi

  • Step-by-step PoC Required

InformationScopeResources

Is this an upgrade of an existing system? If so, which? And what are the main differences?

No

What ERC20 / ERC721 / ERC777 / ERC1155 token standards are supported?

ERC4626, ERC-20

What emergency actions may you want to use as a reason to downgrade an otherwise valid bug report?

If there are configurations that we can change that would mitigate affected areas. Pausing the game or changing game settings for example.

What addresses would you consider any bug report requiring their involvement to be out of scope, as long as they operate within the privileges attributed to them?

Any addresses controlled by the team—whether an EOA with elevated access or a multisig—would not typically be considered in scope for a bug report, as long as the team retains control over them.

What addresses would you consider any bug report requiring their involvement be out of scope, even if they exceed the privileges attributed to them?

Any addresses controlled by the team—whether an EOA with elevated access or a multisig—would not typically be considered in scope for a bug report, as long as the team retains control over them.

Which chains and/or networks will the code in scope be deployed to?

Berachain

What external dependencies are there?

docs.oogabooga.io, docs.pyth.network/entropy, https://www.beradrome.com/ https://kodiak.finance/

Are there any unusual points about your protocol that may confuse Security Researchers?

No

What are the most valuable educational resources already available? (Ie. Documentation, Explainer videos or articles, etc)

docs.yeetit.xyz