This is a prior discussion for a security proposal for Yearn. All community feedback is welcome.
Yearn Finance / YFI currently uses two separate domains for its operations, which makes us more susceptible to Phishing attacks and makes it extremely confusing towards newcomers.
Domain 1: https://ygov.finance/
Domain 2: https://yearn.finance/
The proposal is to merge both objectives into a single domain.
As you may have heard, yearn finance was subjected to a Phishing attack on discord.
To mediate this issue in the future, I propose a popup on Yearn’s website to indicate the correct domain and inform users to type in the domain instead of clicking links or google searching it.
We form a set of community security experts to look out for vulnerabilities related to Yearn’s operation routinely.
Example: Recently a security flaw on the newly deployed yVault was discovered by community member: @samczsun
(update: exploit was patched)
Whether these community experts will work on a volunteer basis or would be compensated is up to discussion.