Smart Contract Assessment - Ern

1. Introduction

Halborn was engaged to conduct a security assessment of the Ern protocol. The assessment was performed from February 16th, 2026 to February 17th, 2026. Commit hashes and additional details reviewed during the engagement are documented in the Scope section of this report.

The Ern protocol implements a yield aggregation and reward distribution system that allows users to deposit assets into Aave, accrue yield through aTokens, and periodically convert the generated yield into reward tokens via decentralized exchanges. The design uses non-transferable vault shares, configurable harvest conditions, and role-based controls, along with lock and fee mechanisms, to manage reward distribution and enforce protocol economics.

2. Assessment Summary

A full-time security engineer from Halborn conducted a targeted security review of the Ern protocol. The assessment was performed by a blockchain and smart contract security specialist with expertise in DeFi yield strategies, tokenized vault designs, and reward distribution mechanisms.

The purpose of the assessment was to:

• Identify potential security, economic, and design issues within the Ern smart contracts.

• Verify that deposit, withdrawal, harvesting, and reward distribution workflows operate as intended under various market and usage scenarios.

In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which were addressed by the Ern team. The main recommendations included:

• Withdrawal fees protect reward distribution against front-running so late depositors cannot capture yield they did not generate.

• Implement atomic allocation updates or a claim pause mechanism off chain so users cannot front-run allocation reductions to claim full rewards.