Epsylon uses Yearn's battle-tested V2 vaults without any change made.
The core contracts found in yearn-vaults repository have been audited by multiple independent third-party firms:
Anyone is free to compare both contracts and appreciate that there is no difference between them.
Epsylon's strategies have been made by Epsylon's core devs and are unique strategies. The strategies as of this moment have not been audited yet. Due to our large number of strategies, the diversity of them, and the great number of protocols they interact with, a complete audit of all the strategies and their dependencies would be prohibitively expensive for a protocol our size. In addition to that, waiting 2-4 months for an audit would greatly harm profitability, since our strategies would become obsolete before even getting to production, given the great dynamism of the DeFi ecosystem.
We solved this by having an extensive test suite, which includes flash loan attacks, pool unbalanced scenarios, oracle manipulation, and many more edge cases present in real-world scenarios, these tests are run using brownie and a local fork of the Fantom opera network. Once the strategies pass our test suite, they go through further testing on production. Before any strategy is ready to go live, it needs to go through a peer code review from the whole Epsylon core team.
The Epsylon team is divided into a red/blue team. One team is specialized in developing strategies and the other in security and is in charge of trying to break and find vulnerabilities in the strategies, using advanced security tools like MythX, slither, and many more...