Role separation: upgrade ≠ fee ≠ oracle

Yearn Finance's assessment for RD-F-035 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V3 uses 14 distinct roles assignable independently: ACCOUNTANT_MANAGER (fee), DEBT_MANAGER, ADD_STRATEGY_MANAGER, EMERGENCY_MANAGER. No single address must hold all three (upgrade/fee/oracle). Yearn is a yield aggregator — no single 'oracle config' role; upgrade = new VaultFactory deployment. Role separation is structurally enforced by design.

Sources #

Docs
VaultV3 Contract Docs — Yearn Docsdocs.yearn.fi/developers/smart-contracts/V3/VaultV3 — role definitionsretrieved 2026-05-16
GitHub
VaultV3.vy — yearn-vaults-v3 GitHubVaultV3.vy — 14-role enum explicitly separating ACCOUNTANT_MANAGER, DEBT_MANAGER, EMERGENCY_MANAGER, ADD_STRATEGY_MANAGERretrieved 2026-05-16

Methodology #

Determine whether the upgrade role, fee-collection role, and oracle-config role are assigned to distinct addresses.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-035 score green collected_at 2026-05-16 08:34:32