Add Blast Yield App

[DenSmolonski]

Entry type

• New addition

App info

URL: https://blast-yield.app.safe.protofire.io/

Manifest.json URL: https://blast-yield.app.safe.protofire.io/manifest.json

Name: Blast Yield

Description: Blast Yield is a yield aggregator for Blast

Icon (PNG, 180x180):

It's minified via https://tinypng.com: yes

Homepage:
Twitter: https://x.com/protofire
GitHub: https://github.com/protofire
Discord: https://discord.com/invite/y5TE8TcPGn

App supports batching multiple transactions via Safe: no

Supported networks

- Blast

Revision checks

• Used smart contracts were audited.
• You have implemented the app using the Safe Apps SDK
• Your Safe App includes a manifest.json file at the root with the required data
• The app can be loaded as a custom Safe App in the Apps section of https://app.safe.global.
• The app auto-connects to the Safe as a wallet
• It doesn't try to connect to the browser wallet (e.g. MetaMask)
• You are able to trigger and execute one transaction with a Safe.
• RPC requests are optimized (not triggering many requests in a very short time period).

Audit document

NA

Code for review

https://github.com/protofire/blast-yield/tree/main

Team information

Company: Protofire

Official website: https://protofire.io/

Point of contact: Contracts provided by blast network. The documentation https://docs.blast.io/building/guides/eth-yield

Email/Telegram: safe-support@protofire.io / https://t.me/goxibyte

[kirkkonen]

This submission is checked and approved by the product team.

[PooyaRaki]

@DenSmolonski Thank you for your submission. Unfortunately, we cannot accept it at this time, as the contracts have not yet been audited. Please let us know once the audit results are available so we can proceed with the process. We appreciate your understanding.

[PooyaRaki]

@DenSmolonski I will close the issue for now, but feel free to reopen it once the audit results are available.

[DenSmolonski]

@PooyaRaki Sorry for not giving you full information about audit. There is link with information about audit https://cantina.xyz/competitions/c90131b4-5c7c-4ebc-a1f3-8002d219bfe0

[PooyaRaki]

@DenSmolonski Thank you for submitting the requirements. We’ll review your app shortly.

[PooyaRaki]

@DenSmolonski I reviewed the app. Despite the app being functional, I have a couple of points to mention before passing the app to Q.A:

1. It seems there are no PRs in your repository. Is the code being reviewed through another process?
2. I noticed there are no tests, and your code includes some risky commands like @ts-ignore. Do you have plans to add tests? The presence of tests becomes even more important when such risky commands are used.
3. This is less critical, but are you considering using a linter? I noticed some functions are imported but not used, which a linter could help identify. While a linter is present, it doesn’t seem to be effectively utilized.
4. In the audit results, I noticed some high-risk issues that have only been acknowledged. Are there any plans to address and resolve these issues?

[DenSmolonski]

@DenSmolonski I reviewed the app. Despite the app being functional, I have a couple of points to mention before passing the app to Q.A:

1. It seems there are no PRs in your repository. Is the code being reviewed through another process?

2. I noticed there are no tests, and your code includes some risky commands like `@ts-ignore`. Do you have plans to add tests? The presence of tests becomes even more important when such risky commands are used.

3. This is less critical, but are you considering using a linter? I noticed some functions are imported but not used, which a linter could help identify. While a linter is present, it doesn’t seem to be effectively utilized.

4. In the audit results, I noticed some high-risk issues that have only been acknowledged. Are there any plans to address and resolve these issues?

@PooyaRaki Thanks for the review. You're right, we did review the code internally within the team. That is why there is no PR. I'm working on 2 and 3 points. I'm clarifying the information on the 4th point.

[nere-id]

Heya @PooyaRaki, Blast DevRel here. Issues posing real-world threats identified in the Spearbit and subsequent Cantina audits have been mitigated. These audits were conducted prior to the launch of Blast mainnet back in Feb 2024. Let me know if there is anything specific in the audit report you'd like me to run down and I can provide more info as needed.

[DenSmolonski]

@PooyaRaki Hi

Hey, we've got some updates for you. We've added lint and critical tests to the blast-yield repo, and our QA team has tested the other features manually. It'd be great if you could take another look at the application and share your thoughts.

[PooyaRaki]

@nere-id @DenSmolonski Thanks for the updates. I'll take another look soon and will get back to you.

[PooyaRaki]

@DenSmolonski I've checked the new changes and they look good to me.

@nere-id Regarding the contract I saw here:
https://github.com/spearbit/portfolio/blob/689ec1ee5bbba03f2b267cc14a42fbfb95d5dc02/pdfs/report-blast-contracts-review-draft.pdf
5.2.2 is labeled as high-risk but has only been acknowledged so far. What are your plans for addressing it?