owned this note changed 4 years ago
Linked with GitHub

Key Risk Hierarchy

A risk hierarchy, known in traditional finance as a risk taxonomy, can be used to organize, prioritize and document all major risks faced by an organization.

  • Operational Risk

    1. Smart Contract Risk
    2. Governance Risk
    3. Effective Risk Culture & Incentive Alignment
    4. People Risk
      -Key Person Dependency
      -Execution/Talent Risk
    5. Cybersecurity Risk
  • Market Risk

    1. Solvency Risk
    2. Volatility Risk
    3. Liquidity Risk
    4. Macroeconomic Risk
  • Counterparty Risk

    1. External Smart Contract Risk
  • Strategic Risk

    1. Risk Appetite & Risk Culture
    2. Capital & Resource Allocation
    3. Strategic Competitiveness & Market Position
  • Legal, Political & Regulatory Risk

  • Reputational Risk

  • Systemic Risk


Key Risks

Risk Identified

There is a risk that deposits into yEarn fall short of expectations.

Why is this a risk?

Yearn Finance's first product, yEarn, is designed with the goal of monitoring certain DeFi lending protocols and periodically automatically switching funds to the highest-yielding monitored lending protocol. The DeFi lending protocols compatible with yEarn may have reduced yields, either in absolute or relative terms, making yEarn less attractive to deposit funds into than other capital-commitment opportunities (inside or outside DeFi) and leading to decreased yEarn deposits. Alternatively, competitive products could be developed which employ superior DeFi monitoring and switching strategies to yEarn and leading to decreased yEarn deposits.

How is this risk mitigated?

The following factors may mitigate certain of the risks identified above:

  1. Competitive yields are available at https://yearn.finance/earn, especially versus the extremely low yields available outside of DeFi evidenced by $15 trillion of negative yielding debt globally.
    https://www.bloombergquint.com/onweb/world-s-stock-of-negative-yield-debt-climbs-toward-2019-s-record
  2. The permissionless nature of Yearn Finance means that for people who do not have access to a USD-denominated bank account, yEarn may be a simple way to earn a return on USD stablecoins.

Risk Identified

If a significant amount of USD stablecoins were deposited into yEarn then the yields would come down drastically.

This was discussed by Andre Cronje.
https://www.youtube.com/watch?v=WNP0lOK96qo

Why is this a risk?

Yearn Finance's first product, yEarn, is designed with the goal of monitoring certain DeFi lending protocols and periodically automatically switching funds to the highest-yielding monitored lending protocol

A key selling point of yEarn is the high yield that can be earned relative to money deposited elsewhere, for example, into a traditional bank. Lower yields would reduce the competitiveness of yEarn.

How is this risk mitigated?

The following factors may mitigate certain of the risks of low yields in yEarn:

  1. The fact that there are many reasons for borrowing stablecoins, the demand for which drives lending returns. The higher the demand for borrowing USD stablecoins such as DAI and USDT, the higher the interest rates the borrowers are willing to pay and the greater the returns for the lenders. For example, during the summer of 2020 the yield farming craze meant that borrowers were willing to pay high rates of interest because yield farming APYs were often in three digits. Despite this phase dying down, there remain many reasons for borrowing stablecoins against digital asset collateral:
No. Reason for borrowing stablecoins
1 Leverage position by borrowing stablecoin and buying more of a token
2 Need the cash but want to keep exposure to the token
3 Avoid realising capital gains on the token held
4 Unable to get a loan using traditional finance
5 Lower borrowing rate than traditional finance
6 Earn a higher rate on a different lending protocol
7 Pay off debts
8 Pay taxes
9 Shorting USD

The examples above show that there should continue to be demand for borrowing stablecoins, and hence returns for savers willing to lend their stablecoins.

  1. The DeFi industry is developing financial services at a rapid pace that could give people more reasons to borrow. For example, derivatives on DeFi have a lot of growth potential.
  2. One constraint on the amount of borrowing in DeFi was the requirement to fully collateralise loans. Aave changed this with the ability to take out undercollateralised loans. These have already been used by the yaLink vault and could significantly increase the demand from borrowing.
    https://twitter.com/StaniKulechov/status/1314180568066785281
  3. Yearn Finance pioneered yVaults that pay higher returns with more complex strategies for those willing to take extra risk.

Risk Identified

There is a risk that depositors into the yVaults earn less than expected.

Why is this a risk?

The returns earned by yVault participants depend on several factors listed in the table below.

No. Reasons for varying returns in yVaults Why the returns are affected
1 The strategy being deployed Strategies vary in their complexity, the protocols used, the tokens being farmed etc
2 The price of the token being yield farmed Selling the farmed token for a higher price leads to a greater return
3 The amount of funds, including those outside yVaults, yield farming the same token The more funds, the lower the rewards as they are distributed across more capital
4 Borrowing rates from lending protocols The lower the borrowing rates the greater the returns
5 Ethereum gas fees Higher fees lead to lower returns
6 Amount deposited into the yVault The gas fees are shared across more capital but then so are the yield farming rewards
7 The price of the token deposited The amount that may be borrowed against a token, for a given collateralisation ratio, varies with the price
8 The collateralization ratio of any loans involved in the strategy The higher the collateralisation ratio the less risky but the less that is being borrowed/minted hence the lower returns

How is this risk mitigated?

The following factors may mitigate certain of the risks of deposits peforming less well than expected:

  1. Even if yields may not be as high as expected, yields on ETH are not readily available in traditional finance. For example, the Grayscale Ethereum Trust charges 2.5% per annum, an effective negative yield of -2.5%.
    https://grayscale.co/ethereum-trust/#overview
  2. The permissionless nature of Yearn Finance means that by depositing into the yVaults with a few clicks (details shown in the link below) anyone can earn a return on ETH, WETH, YFI, yCRV, crvBUSD, crvBTC, DAI, TUSD, USDC, USDT or aLINK. Many people do not have access to a centralised service therefore there are few other options to earn a return on their digital assets.
    https://docs.yearn.finance/how-to-guides/how-to-participate-in-a-yvault

Operational Risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. It is intrinsically more difficult to quantify and manage than other types of risks (market risk, credit risk) due to being inherent to a more diverse range of risk sources, and as a result, tends to be an area lacking focus in newer organizations. Despite that, operational risk is increasingly gaining larger focus with the advent of tools and frameworks that allow for more granular analysis and a more real-time, proactive approach to risk monitoring and management.

Operational Risk Management (ORM)

Operational risk management is a continued cyclical process involving risk identification, risk assessment, implementation of risk treatment strategies and controls, and ongoing risk monitoring that serve to accept, avoid, mitigate, or transfer losses that occur as a result of operational risk incidents.

https://en.wikipedia.org/wiki/Operational_risk_management

https://www.mckinsey.com/business-functions/risk/our-insights/the-future-of-operational-risk-management-in-financial-services

Effective risk management frameworks should incorporate a feedback loop based on appropriate and good quality information, processes and objective assessment, which would enable Yearn Finance to take necessary and timely actions in response to changes in its risk profile.

A risk dashboard can provide a central avenue to summarizing key risks, promoting the transparency and objectivity necessary for a risk management feedback loop to manifest. A risk dashboard could include metrics such as:

  • Vault collateralization ratios
  • Quantity of YFI held in centralized exchanges or lending protocols
  • Oracle dependencies and downtimes
  • Length of time key protocols have been in existence (Lindy effect of Ethereum, Maker, Aave, Yearn, etc.)
  • TVL versus competitors
  • Level of Ethereum gas fees
  • Quantity of DeFi users interacting with Yearn and adjacent ecosystem
  • Protocol cashflows over various timeframes (see example of Maker dashboard constructed using Dune Analytics https://twitter.com/DuneAnalytics/status/1357690036725157896)
  • Real-time revenue allocation to contributors, strategists, etc.
  • Treasury value and composition
  • Yearn vault inflows/outflows
  • Social media engagement metrics such as Twitter followers, subreddit subscribers
  • Risk adjusted returns versus competitors
  • Total market cap of digital assets

Operational risks tend to manifest in low-frequency-high-severity losses, which can be modeled through a combination of extreme value theory models, stress testing and scenario testing. Such risk measurement can inform the Yearn community about the severity of certain risks and drive discussions regarding whether to move forward with risk management: either through accepting the risk ("doing nothing"), or through active risk mitigation strategies.

Some potential operational risks facing Yearn, and potential risk mitigation strategies, are listed below.


Smart Contract Risk

The risk of bugs in smart contract code directly supporting Yearn.Finance architecture and products can result in loss that ranges from minimal to catastrophic.

Case study 2021-02-04:

  • The quick multisig response to the yDAI v1 exploit (documented here: https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2021-02-04.md) demonstrated an effective reactive response that resulted in only a 11M loss of DAI (out of a potential loss exposure of 35M), but may also demonstrate a need for additional proactive risk measures pursuant to Yearn's nascent risk appetite.
  • Even if v2 vaults address the specific concerns relevant to the exploit, unknown-unknowns may still manifest as distinct risks to Yearn's balance sheet in the future, and having a risk framework can promote Yearn's readiness to respond to any adverse scenario.

(Literature regarding known-unknowns, unknown-unknowns: https://www.pmi.org/learning/library/characterizing-unknown-unknowns-6077)

Risk Management Strategies

  • Maintain standards and controls for all code supporting the protocol, such as (but not limited to) audits by 1+ reputable entities, ongoing code reviews, off-chain modeling & stress testing, etc.
  • Establish additional risk-pooling and risk-transfer mechanisms to mitigate smart contract risk sourced internally. This can be done through additional self-insurance pools (i.e. YFI staking as loss backstop, akin to Aave's safety module), closer integration with Cover Protocol, reinsurance agreements with Nexus Mutual, etc.
  • Explore controls that further minimize response time to scenarios of protocol misuse.

Governance Risk

Ineffective governance, or governance neglecting long-term strategies in favor of short-term incentives, can result in general protocol strategies that do not align with the long-term success of the protocol. This risk is inherent in most governance models and can be mitigated through adherence to a standardized, inclusive and transparent governance process.

Can be caused by:

  • Cartels or adversarial actors capturing majority of voting power and wielding it against the long-term interest of the protocol or its community.
  • Uneducated, unsophisticated, or misled governance participants skewing votes.

Risk Management Strategies

  • Establish stricter quorum and voting thresholds for certain issues, such as YFI minting. (Proposal being worked on here: https://docs.google.com/document/d/1ZA5_Fyq_Qlj4Wsi6xnPEPGBozg_hcMbIt6Fw1FfF9gg/edit?usp=sharing)
  • Establish quadratic voting or a mechanism similar to Curve Finance's vote locking, which directly incentivizes longer-term participation in governance.
  • Maximize community engagment, protocol transparency, and YFI stakeholder education before key governance decisions and votes.

Effective Risk Culture & Incentive Alignment

Having a culture that prioritizes healthy risk-taking by commitment to ethical principles and enforcement/maintenance of key risk controls is critical to the long-term success of the protocol. Aligning incentives across all Yearn stakeholders helps to minimize principal-agent risk (https://en.wikipedia.org/wiki/Principal–agent_problem) and helps address the free-rider problem by incentivizing constructive participation in the protocol (https://en.wikipedia.org/wiki/Free-rider_problem). Stakeholders include executives, builders, contributors, YFI token holders, vault depositors and any other individuals with a vested interest in the success of Yearn.

A significant amount of capital is currently deposited in the Yearn protocol. History is littered with examples of clever people leveraging large amounts of money to make great returns (initially), but not understanding the risks and then losing everything (examples in the link below). Maintaining a risk culture that emphasizes caution and sound risk-taking is key to learning from, and not repeating, those mistakes.
https://www.valuewalk.com/2020/02/top-10-hedge-fund-blow-ups/

Identifying and documenting the risks are a first step in developing a risk management framework. The article below highlights the importantance of understanding and communicating the risks to users of the protocol.
https://cointelegraph.com/news/30m-makerdao-black-thursday-lawsuit-sent-to-arbitration

Products are designed with the security of depositors' funds as a high priority. Examples of safety design features include that:

  1. yVaults are designed to only accept digital assets that (by DeFi industry norms) are considered relatively mature and thus less likely to pose inherent technological risk.
  2. Collateralisation ratios for each vault are kept at 200%, and are subject to rebalancing to reduce the likelihood that a position is liquidated.
  3. yVaults are designed to only interact with protocols that (by DeFi industry norms) are considered relatively mature and thus less likely to pose inherent technological risk.
  4. Many members of the yEarn developer community follow and encourage other members to follow a development process that prioritizes security over speed.

To date, when a security issue has been found and resolved, Yearn Finance contributors have provided documentation of the issue and resolution, including a timeline of events. Most Yearn contributors would now view this practice as a community norm.

Past disclosures include (as of 2021-02-07):

https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2020-09-25.md
-Vulnerability related to the earn() function affecting yDAI, yTUSD and yUSD vaults. Resolved before any exploits.

https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2020-10-10.md
-Vulnerability related to Curve Voter Proxy, involving the deposit function being callable by unapproved strategies. Resolved before any exploits.

https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2020-10-30.md
-Vulnerability suspectible to flashloan attack, related to the deposit() function of a TUSD strategy not checking for slippage before adding liquidity. Resolved before any exploits.

https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2021-01-17.md
-Oversight in strategy migration process associated with GUSD and crvGUSD vaults led to incorrect share price calculation, resulting in loss of 11,435.95 GUSD for vault depositors. Affected depositors compensated using Yearn's operations fund.

https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2021-02-04.md
-Flashloan attack on susceptible v1 yDAI vault led to a 11M loss. Compensation proposals to depositors are in research/planning phase, as of 2020-02-07.

Risk Management Strategies

  • Ensure figureheads and protocol leaders emphasize a sound risk culture.
  • Compile a central and highly-visible risk appetite for Yearn around which the community can gain consensus, that can subsequently be used as a benchmark for future risk-taking and strategic initiatives.
  • Formalize a set of standards, principles, general risk controls for Yearn products and vault strategies to adhere to.
  • Establish avenues to hold stakeholders accountable.
  • Implement mechanisms that align various stakeholders with Yearn's long-term success, such as those that allow YFI holders to bear more protocol risk in return for additional reward.
  • Maintain security and risk disclosures.

Key Person Dependency

If Yearn were to rely on a few "key persons", then the success of the protocol would depend on the health, interest and ability of those individuals.

This was a significant risk when Andre Cronje was the only person working on Yearn Finance until at least 17th July 2020. Since then, the quantity and relative importance of official/active contributors has increased, and many unofficial or intermittently active contributors have also joined the comunity:
https://docs.yearn.finance/additional-resources/team

@orbxball put together the first community led strategy.
https://twitter.com/bantg/status/1300786653481631752

There are also many contributors not listed above who have helped answer queries in discord or on Telegram, made suggestions on the governance forum and written documentation. It is important to incentivize participation in the protocol to maintain a volume of high-quality contribution.

Risk Management Strategies

  • Reduce dependence on singular figureheads/contributors
  • Maintain a competitive level of high-quality active contributers
  • Standardize the process through which members of the multi-sig are selected, changed, etc.

Execution/Talent Risk

There is a risk that the developers working on Yearn Finance products do not execute.

Yearn Finance's products are dependent on smart contracts being written by developers. DeFi is highly competitive space and there are a finite number of excellent Solidity developers.

Yearn Finance has so far attracted some of the best developers in DeFi. This is evidenced by the interest that the protocol has garnered in its short life and the number of people trying to copy the protocol. Yearn Finance developers are called upon when there are problems with other DeFi protocols, such Andre Cronje and Banteg helping Cream Finance and Pickle Finance respectively.
https://medium.com/cream-finance/announcing-creamy-a-capital-efficient-dynamic-amm-195d17161f4
https://medium.com/@picklefinance/pickle-in-a-pickle-a-post-mortem-741a3d516c89

Yearn Finance produces cashflows and is therefore able to reward developers in ways that protocols with less traction cannot. Also, the decentralised nature of Yearn Finance means that it is not subject to coordination barriers traditional organizations face, such as geographics, immigration laws, and VISA restrictions.

A percentage of the performance fee is paid to strategists as an incentive. However, there is currently no general long-term strategy in place to attract and retain quality talent: https://twitter.com/bantg/status/1318688574779293702

Risk Management Strategies

  • Maintain a competitive level of high-quality active contribution
  • Maintain reward structure to attract/retain high-quality contributors and incentivize contribution

Cybersecurity Risk

The multisig holders are relied upon to respond quickly by signing time-sensitive intervention transactions in response to an ongoing hack for example (note the "Case Study 2021-02-04", under Smart Contract Risk).

A successful and timely signature relies on N our of M multisig holders to be available to verify and approve a transaction. A couple of risks appear:

  • Delay in getting a N multisig holders to respond
  • Failure in the multisig software (Gnosis Safe currently)
  • Validation of tx's before signing (MITM attacks to alter what is being signed)
  • Compromised multisig holders in their person or their software

Risk Management Strategies

  • Independent audit of signing ceremonies and key management practices
  • Regular emergency dry-runs
  • Redundancy: optimize the N and M in N-of-M multisig
  • Redundant signing software besides Gnosis Safe

Market Risks

Risk Identified

There is a risk that a sudden fall in prices causes liquidations of the token that has been deposited on a lending protocol.

Why is this a risk?

Most vault strategies of non-stable coins rely on borrowing against the digital asset and using the loan to earn a yield. The greater the loan relative to the value of the volatile digital asset, the greater the risk of liquidation and resulting liquidation fees.

How is this risk mitigated?

Currently, this borrowing occurs <primarily?> through MakerDAO vaults. For additional safetly, the Yearn protocol is desigend with the intention of maintaining the MakerDAO vaults it creates at a collateral ratio of at least 200%, which is 25% above the current* liquidation ratio of 175% on MakerDAO.

*Note: The MakerDAO liquidation ratios can be adjusted by governance.
https://blog.makerdao.com/governance-polls-october-12-2020/

The MakerDAO governance has whitelisted Yearn Finance, which allows the smart contracts to read the Oracle Security Module (OSM) price feeds for ETH-USD and BTC-USD. This means that Yearn Finance "knows" the price of ETH and WBTC an hour in advance, giving the strategy time to pay down Dai debt and maintain a 200% collateralisation ratio. Nevertheless, it is possible that the collateralization ratio of Yearn-created MakerDAO vaults could fall below this level and that such vaults could be liquidated, resulting in a liquidation penalty and loss of collateral.
https://forum.makerdao.com/t/signal-request-should-we-fast-track-mip10c9-sp6-yearn-eth-usd-osm-whitelisting/3783/3
https://forum.makerdao.com/t/mip10c9-sp10-whitelist-yearn-finance-on-btcusd-oracle/4192


Risk Identified

There is a risk that the cost of developers increases.

Why is this a risk?

Yearn Finance needs developers to keep developing strategies, checking the code and building tools. Without them, Yearn Finance would struggle to maintain its position and to innovate.

How is this risk mitigated?

Yearn Finance's goal is to provide its users with the opportunity to earn the best yields available in DeFi. The ability to earn a yield without middlemen taking excessive fees is something unique to DeFi and so Yearn Finance attracts people who believe in this mission. Removing middlemen by building decentralised technologies is an explicit goal of DeFi and one Vitalik brings up in the first 10 seconds of his early explanation of Ethereum from 2014.
https://www.youtube.com/watch?v=TDGq4aeevgY&t=

Yearn Finance has so far attracted some of the best developers in DeFi. This is evidenced by the interest that the protocol has garnered in its short life and the number of people trying to copy the protocol. Yearn Finance developers are called upon when there are problems with other DeFi protocols, such Andre Cronje and Banteg helping Cream Finance and Pickle Finance respectively.
https://medium.com/cream-finance/announcing-creamy-a-capital-efficient-dynamic-amm-195d17161f4
https://medium.com/@picklefinance/pickle-in-a-pickle-a-post-mortem-741a3d516c89

Yearn Finance produces cashflows and is therefore able to reward developers in ways that protocols with less traction cannot.

A percentage of the performance fee is paid to strategists as an incentive. The first community led strategy was put together by @orbxball.
https://twitter.com/bantg/status/1300786653481631752

The decentralised nature of Yearn Finance means that it is not subject to the immigration laws and VISA restrictions that traditional finance companies face and therefore its recruitment is cheaper.


Digital Assets Ecosystem

Risk Identified

There is a risk that the universe of digital assets may not increase, thus constraining the growth of Yearn Finance.

Why is this a risk?

Yearn Finance's two key products, yEarn and yVaults, depend on users depositing their digital assets. The greater the value of all digital assets the greater the potential Assets Under Management (AUM) for Yearn Finance.

How is this risk mitigated?

CoinGecko reports a total market cap of over $360 billion (on 11th October 2020). With Yearn Finance's current AUM under $1 billion this leaves plenty of room for room for growth.

Although many of the largest market capitalisation digital assets are not on Ethereum (for example Bitcoin) tokenised versions are available on Ethereum.


Risk Identified

There is a risk that the value of digital assets currently available for depositing into Yearn Finance's products may not grow as expected.

Why is this a risk?

Yearn Finance's two key products, yVaults and yEarn, depend on investors depositing digital assets. The greater the value of all digital assets that are available for depositing, the greater the potential Assets Under Management (AUM).

How is this risk mitigated?

The amount of digital assets deposited in Yearn Finance's yVaults and yEarn products is a small proportion of the total market capitalism of the digital assets available for depositing into those products, for example, the sum of ETH, DAI, USDT alone is over $60 billion (on 11th October 2020).


Smart contract risk

Risk Identified

A smart contract bug could allow a hacker to exploit and drain funds from Yearn Finance. Bugs may include coding errors, but also flawed design patterns, or even design patterns once considered sound which turn out to be exploitable. Exploits may include not only software-oriented attacks constituting "hacking", but also "economic attacks" which utilize the ordinary functioning of Yearn but affect Yearn adversely by manipulating extrinsic market factors such as oraclessuch economic attacks may lead to outcomes that are unexpected and unfair but do not arise from traditional code security flaws.

Why is it a risk?

Keeping funds safe is a prerequisite for Yearn Finance's success therefore a loss of funds could be detrimental.

How is smart contract risk mitigated?

The risk of smart contract bugs may be partly mitigated by:

  1. Vaults are designed to only interact with protocols that (by DeFi industry norms) are considered relatively mature and thus less likely to pose inherent technological risk. Currently, these are the permitted protocols (figures as at 10/10/2020):
DeFi protocol Founded TVL ($m) Market cap ($m)
MakerDAO 2017 1,900 541
Aave 2017 1,150 261
Compound 2017 817 385
dydx 2017 25 N/A

Among the safety criteria by which protocols should be assessed is the conditions under which their smart contracts are upgradableand whether there are any individuals or entities who have continuing administrative controls/permissions over the smart contract

  1. Having a great team of developers listed here.
    https://docs.yearn.finance/additional-resources/team

  2. Carrying out security audits shown here:
    https://github.com/iearn-finance/audits

  3. Building an engaged community with an interest in spotting and reporting potential issues in discord, on the governance forum, Twitter, Telegram or Reddit.

  4. When bugs are found having a team that can fix them quickly as demonstrated here:
    https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2020-09-25.md
    https://github.com/iearn-finance/yearn-security/blob/master/disclosures/2020-10-10.md


Adoption risks

Risk Identified

Yearn Finance is at risk of the number of DeFi users stagnating.

Why is this a risk?

DeFi users help create and maintain their ecosystens, for example, SNX needs its Spartans, LINK needs its Marines. These early adopters contribute in many ways including finding bugs, making suggestions and helping on-board new users.

How is this risk mitigated?

The following factors may mitigate the risk of stagnant DeFi user growth:

The key driver of DeFi users is high quality protocols to interact with. So far at least two types of protocols have achieved product market fit in DeFi as evidenced by the large amounts locked up (as shown on DeFiPulse). Lending protocols such as Aave and Compound Finance allow interest to be earned on digital assets, including stablecoins, and allow users to borrow against collateral. Autonomous Market Makers (AMMs), such as Uniswap and Curve Finance, allow users to exchange digital assets without a trusted third party. As more useful DeFi protocols become available, such as yield aggregation, insurance and index funds, the number of users is likey to increase.

DeFiPulse shows the amount held in DeFi protocols
https://defipulse.com/

CoinGecko shows the Decentralized exchange volume
https://www.coingecko.com/en/dex

Stateofthedapps shows how many users have used the protocols.
https://www.stateofthedapps.com/rankings/category/finance

Metamask exceeded 1 million monthly active users in October 2020.
https://medium.com/metamask/metamask-exceeds-1-million-monthly-active-users-9da72a1e915d


Risk Identified

There is a risk that a lack of understanding, for example, due to poor communication, leads to Yearn Finance becoming irrelevant.

Why is this a risk?

The crypto, and in particular the DeFi landscape, changes quickly and the YFI token is not even 3 months old until 17th October 2020. Last month's hyped token often disappears and is replaced by something new.

How is this risk mitigated?

The many channels of communication are listed below:

Yearn Products
Yearn.Finance: https://yearn.finance/
Alternative Frontend https://y.finance/
Yearn Governance: https://ygov.finance/
Yearn Snapshot: https://yearn.snapshot.page/
Yearn Insurance: https://yinsure.finance/
Yearn Borrow: https://yborrow.finance/
Yearn Swap: https://yswap.exchange/
Yearn Stats: https://yearn.finance/stats
Yearn Docs: https://docs.yearn.finance/
Yearn Forum: https://gov.yearn.finance/

Community Websites
yCosystem: https://ycosystem.info/
LearnYearn: https://www.learnyearn.finance/
YFI Address Stats: https://www.yfistats.com/
Andre: https://twitter.com/AndreCronjeTech
CEO Klim: https://twitter.com/milkyklim
Yearn Newsletter: https://yearn.substack.com/
Claim ygov rewards: https://ygov.rocks/

Community Calculators
Yieldfarming: https://yieldfarming.info/
Feel-the-yearn: https://feel-the-yearn.app/
yVault ROI Calc: https://yvault-roi.netlify.app/
Yearn ROI Calc: https://yearn-roi.xyz/
Yearn Party: https://yearn.party/

Socials
Twitter: https://twitter.com/iearnfinance
Medium: https://medium.com/iearn
Discord: https://discord.com/invite/6PNv2nF
Telegram: https://t.me/yearnupdates
Github: https://github.com/iearn-finance


Risk Identified

Adoption is hampered by poor User Experience (UX)

Why is this a risk?

Several steps need to be followed to use Yearn Finance's products. Most of the problems with UX are related to using Ethereum rather than Yearn Finance's products specifically, however, this is a major pain point.

The table below lists most of the steps required to use Yearn Finance's products.

Step no. Step Description
1 Sign up to a centralised exchange to convert fiat into digital assets
2 Figure out how to deal with an order book
3 Download Metamask (or other wallet)
4 Write down your private key and seed phrase
5 Withdraw to your Metamask address using a QR code or copy/paste of a complicated-looking Ethereum address
6 Send a small amount to Metamask first to check the address is correct
7 Wonder where your digital assets are when they have withdrawn from the centralised exchange but are not yet in your Metamask
8 Add custom token to Metamask using the contract address if it is not yet listed
10 Wonder why the fees are so much higher than they were this morning
11 Make sure that you have enough Eth in your Metamask wallet even though you wanted to deposit another token into the yVault
12 Not know what the fees will be to withdraw from the yVault or how much it will cost to transfer back to the centralised exchange in order to get your fiat back

How is this risk mitigated?

The following factors may mitigate certain of the risks of UX issues mentioned above:

There is a group of people writing and improving Yearn Finance's documentation.
https://docs.yearn.finance/

All of the issues with UX mentioned are well known and being worked on. Despite these issues Metamask achieved 1 million monthly active users in October 2020, growing 4x in 1.5 years which shows that the number of people willing to carry out these steps is increasing.
https://medium.com/metamask/metamask-exceeds-1-million-monthly-active-users-9da72a1e915d


Risk Identified

There is a risk that adoption is hampered by lack of or poor marketing that does not target the right audience.

Why is this a risk?

Without high quality marketing it is difficult to achieve high levels of adoption.

How is this risk mitigated?

Yearn Finance reached $1 billion without any serious marketing. The path to adoption for Yearn Finance will involve different groups of users over time.

Certain marketing-related risks regarding specific categories of current or prospective users may be mitigated as described below:

  1. Yearn Finance community
    This group staked their YFI into the governance contract and then into the YFI vault, as well as ETH into the vault as soon as they became available.
    Under 20% of YFI tokens were available on centralized exchanges (11th October 2020)
    https://etherscan.io/token/0x0bc529c00c6401aef6d220be8c6ea1667f6ad93e#balances
    Little marketing is required to onboard these users.
  2. DeFi users
    DeFi users are used to depositing a token to earn a yield. This group is looking for the highest yield and will use Yearn Finance if the yields compare favourably versus alternatives. The three digit APYs available during the DeFi yield farming crazed summer of 2020 have probably elevated expectations beyond what is realistic in the longer term.
  3. Ethereum holders who have not used DeFi
    This group of users is more risk averse than the DeFi users as DeFi protocols are built on Ethereum and hence are exposed to more risk. Security of funds will likely be prioritised over high yields. This is illustrated by Vitalik's June 20th 2020 tweet: "Interest rates significantly higher than what you can get in traditional finance are inherently either temporary arbitrage opportunities or come with unstated risks attached."
    https://twitter.com/vitalikbuterin/status/1274443124375523329

Ethereum holders will be able to earn a yield by staking ETH under Ethereum 2.0 so this will become the risk-free yield for ETH.

ETH validating Max annual issuance Max annual network issuance % Max annual return rate (for validators)
1,000,000 181,019 0.17% 18.10%
3,000,000 313,534 0.30% 10.45%
10,000,000 572,433 0.54% 5.72%
30,000,000 991,483 0.94% 3.30%
100,000,000 1,810,193 1.71% 1.81%
Source: https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-economics/
  1. Stablecoin holders
    Stablecoins pegged to USD are usually held to get exposure to USD. This can be beneficial in countries that suffer high inflation. Below is an article explaining how the decentralised stablecoin Dai gained adoption in south america.
    https://blog.makerdao.com/how-dai-became-a-favorite-crypto-in-latin-america/
    On 14th October 2020 there was a supply of around 1 billion Dai.
    https://daistats.com/#/
    Earning a yield on the stablecoin is a clear improvement to holding the stablecoin and earning no yield. The marketing will need to explain the benefits of earning a yield versus the extra risks taken due to the interaction with DeFi protocols. For those holding USD stablecoins to eliminate the risk of inflation in their home country, earning a yield to reduce the risks of US inflation will be intuitive.
  2. Bitcoiners
    Bitcoiners are often spoken about as if they were a homogenous group of people but this may not be the best way to approach marketing.
No. Type of Bitcoiner
1 Maximalist, believes everything else is a scam
2 Maximalist but happy to earn a yield with centralised services such as Celsius or BlockFi
3 Also holds ETH
4 Have borrowed stablecoins against my BTC to yield farm
5 Have converted BTC into WBTC to yield farm on Ethereum, might consider RenBTC

Groups 3, 4 and 5 will likely be receptive to Yearn Finance's yield aggregating products. They would likely prioritise security of the tokenised bitcoin and the Yearn Finance protocol as well as checking that the yield was competitive with more centralised options.
6. Everyone else
Everyone else is the largest group of people by number and by wealth. With $15 trillion sitting in negative yielding debt one might think it would be easy to convince people to deposit into Yearn Finance to earn a yield greater than zero. It will be difficult and there is a long road ahead. While the project is young marketing to people outside of crypto is not a priority.
https://www.bloombergquint.com/onweb/world-s-stock-of-negative-yield-debt-climbs-toward-2019-s-record


Risk Identified

There is a risk that adoption is hampered by difficulty in converting fiat into digital assets.

Why is this a risk?

Yearn Finance only accepts digital assets on Ethereum; therefore, if people find it difficult to convert their local currency into a digital asset, it cannot be deposited on Yearn Finance.

How is this risk mitigated?

Accessing digital assets is becoming easier with an increasing number of exchanges and the increasing adoption of stablecoins on Ethereum.


Risk Identified

There is a risk that Yearn Finance adoption is limited to the English-speaking world.

Why is this a risk?

Most of the communication is in English, leading to difficulties for non-English speakers to get involved in the community or to use Yearn Finance's products.

How is this risk mitigated?

Work is underway to translate the documentation. So far the YIPs have been translated into Spanish, Portuguese, Indonesian, French and Chinese.

Here is a link to the FAQ in Chinese
https://docs.yearn.finance/v/chinese/

Facundo Ameal discusses Yearn Finance in Spanish with OKEx on YouTube
https://www.youtube.com/watch?v=-ltDIfYJBKM


Regulatory risks

Risk Identified

There is a risk that the SEC deems YFI a security or deems the act of depositing tokens into a vault a securities transaction. If any of the tokens or protocols that Yearn vaults interact with are deemed to be securities, there is also a risk that the SEC could deem Yearn or Yearn contributors to be involved in unregistered securities broker-dealer actviities or unregistered investment advisor activities.

Why is this a risk?

Securities regulations are onerous, and, moreover, much of existing securities regulation assumes the presence of securities intermediaries; by contrast, there is no clear guidance on how to comply with securities regulations for securities that are on Ethereum and transacted in on a disintermediated peer-to-peer basis. Thus, the effects of a regulator or judge holding that securities are involed in Yearn is unpredictable, but could be significantfor example, Yearn contributors could be fined or enjoined from continuing certain aspects of their work on the project. Or, YFI or other y-Tokens could be delisted or de-integrated from exchanges and wallets. Or, users' tax and other legal positions regarding their use of Yearn could be adversely affected. Statements made about Yearn could become subject to the elevated disclosure standards applicable under securities laws.

How is this risk mitigated?

The SEC devised a “Howey Test” as a means of determining whether an offering counted as a security. There are four criteria that, according to the test, a security offering satisfies:

  1. The offering involves a monetary investment.
  2. There is an expectation of profits from the investment.
  3. The investment is in a common enterprise.
  4. Any profit comes from the efforts of a promoter or third party.

There is a case to be made that YFI does not meet any of the criteria.

  1. There was no monetary investment because people had to earn the YFI token.
  2. There was no expectation of profits because it was a governance token that would be used to govern the protocol.
  3. The meaning of a "common enterprise" is down to interpretation. One interpretation is that a "common enterprise" is an enterprise that is common among the promoter and multiple investors. In YFI's case it is fair to say that there was no promoter because the person who introduced it clearly stated that is has 0 value. And there were no investors because the YFI token had to be earned by using the protocol.
  4. There was no expectation of profit, no promoter and no third party therefore no.4 does not apply. At the end of the medium article introducing YFI Andre Cronje wrote "And just because we feel we didn’t stress it enough, 0 value. Don’t buy it. Earn it."
    https://medium.com/iearn/yfi-df84573db81

Senior SEC officials have suggested that bitcoin and Ether are not securities. Unfortunately the SEC tend to prefer leave their options open with opinions like the following (on Ether): "Based on my understanding of the present state of Ether, the Ethereum network and its decentralized structure, current offers and sales of Ether are not securities transactions,” Hinman said on June 14, 2018. This suggests that it is possible for tokens to become securities should they change.

Another potentail mitigation of these risks is to maintain yearn as an open and non-authoritarian community where a wide diversity of unaffiliated persons independently contribute value to Yearn.


Risk Identified

There is a risk that the CFTC could deem Yearn to involve complex commodities derivatvies which are subject significant regulation under the Commodities Exchange Act (CEA).For example, the CFTC could deem the act of depositing ETH into a MakerDAO vault in exchange for DAI to constitute a "leveraged retail commodities transaction" because the depositors may be using the vault to multiply their profits from rising ETH prices. The CFTC could also deem tokens deposited into vaults (such as Curve tokens) or yTokens to be "commodities swaps" that are highly regulated under the CEA. Likewise, the CFTC could view Vaults themselves as "commodities pools" and Yearn contributors or depositors as "commodities pools operators" requiring registration and regulation under the CEA.

Why is this a risk?

For complex derivatives, the CEA embodies a policy of "mandatory intermediation" whereby forums in which such derivatives trade, and their operators, are required to register with the CFTC and undergo strict supervision; as a result, if Yearn is deemed to involve such derivatives, the unique selling point of Yearnits decentralizationmay make legal compliance impossible. There is currently no process for registering smart contracts with the CFTC as appropriate venues for the trading of complex derivatives. This could mean that the CFTC seeks to impose fines on Yearn contributors or depositors or to enjoin Yearn contributors from continuing to perform certain work related to Yearn.

How is this risk mitigated?

There is currently a dearth of guidance concerning how the commodities laws may apply to DeFi. The best mitigation currently available is to endeavor to set Yearn risk parameters conservatively and seek to assure the safety and predictability of depositing into Yearn vaults, which may differentiate the risks posed by DeFi protocol to the systemic risks originally targeted by the CEA in cetralized commodities markets.


Risk Identified

There is a risk that regulation is introduced that adversely affects Yearn Finance, the industry in which it operates, or the digital assets on which it earns yields. The three recent reports below show that regulators in both Europe and the US are in the process of developing regulation that will affect the digital assets ecosystem.

On 15th September 2020 the ECB Cryptoassets Task Force released the following Occasional Paper Series on stablecoins.
https://www.ecb.europa.eu/pub/pdf/scpops/ecb.op247~fe3df92991.en.pdf

On 24th September 2020 the European Commission released a "Proposal for a
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on Markets in Crypto-assets".
https://ec.europa.eu/finance/docs/law/200924-crypto-assets-proposal_en.pdf

On 8th October 2020 the Attorney General Digital Task Force released a Cryptocurrency Enforcement Framework.
https://www.justice.gov/ag/page/file/1326061/download

Why is this a risk?

Regulations can make the operating environment difficult and can lead to a high cost of compliance. They can affect the legal status of current and future products.

Regulatory risk is discussed for DeFi in general on this Bankless episode.
https://www.youtube.com/watch?v=nh2KwtLG7do

How is regulatory risk mitigated?

The following approaches should be taken to mitigate regulatory risk:

  1. Allocate resources to understanding and documenting the regulation and how it may relate to Yearn Finance.
  2. Seek a legal opinion when making decisions that affect Yearn Finance, such as in the design of new products or how contributors are paid. There may be simple adjustments that can be made to make it easy for regulators to understand the protocol and how it meets any regulations.
  3. Engage with the regulators. Explain how Yearn Finance leads in transparency and customer-focus.
  4. Produce clear documentation so that the regulators understand what the protocol is doing and the risks to which it is exposed.
  5. Explain the advantages (including to the regulators) that Yearn Finance has over traditional finance services companies.

Risks relating to Ethereum

Risk Identified

Ethereum fails

Why is this a risk?

Yearn Finance is currently built on Ethereum and all the assets that the protocol holds are currently on Ethereum.

How is this risk mitigated?

Ethereum has been running since 2015. Unless Yearn Finance diversifies onto other platforms then it is likely to continue being dependent on Ethereum. As one of the most important protocols built on Ethereum, the community involved in Yearn has a vested interest in understanding the risks to Ethereum and improving Ethereum. The Lindy Effect can be used to estimate the longevity of something non-perishable like a technology. This leads to a crude rule that the expected lifetime of something that has existed for x years is 2x.


Risk Identified

Ethereum gas fees could make it too costly to deposit into Yearn Finance's vaults.

Why is this a risk?

Yearn Finance relies on people depositing digital assets into its vault strategies. As Ethereum gas fees increase, the amount of capital needed to benefit from Yearn Finance's strategies increases so that the deposit fees become a smaller proportion of the returns. This reduces the number of potential users of Yearn Finance.

How is this risk mitigated?

There are many projects working on bringing down the price of Ethereum's gas fees, for example, EIP-1559, Eth 2.0 and Layer 2 solutions.


Risk Identified

There is a risk that Ethereum gas fees make it too costly to withdraw from Yearn Finance's vaults.

Why is this a risk?

Ethereum gas fees can be volatile and if gas fees on withdrawal become a large chunk of a person's deposit then this will cause the depositor to have a bad experience of interacting with the Yearn Finance protocol.

How is this risk mitigated?

This is a known problem for all dapps built on Ethereum. EIP-1559 and Ethereum 2.0 could reduce or give more certainty around gas fees. There are also Layer 2s such as Loopring and xDai that may become part of the solution.


Risk Identified

There is a risk that gas fees become reducedfor example, due to Ethereum 2.0, or a new Layer 1causing less demand for a capital aggregator that saves on gas fees by pooling capital.

Why is this a risk?

One of the reasons for yield farming as a pool is to save on gas fees, especially for strategies that require a number of complex transactions. If gas fees reduce then there could be one less reason to deposit in Yearn Finance's vaults.

How is this risk mitigated?

If gas fees reduce significantly it will continue to be cheaper (per unit of deposit) to carry out transactions with pooled resources rather than individually. There are also other reasons for pooling resources such as saving time finding the best strategies and working out how to implement them.


Risk Identified

Ethereum does not win the Layer 1 race and YFI does not transition to the new leading Layer 1.

Why is this a risk?

There are many other chains competing with ___???

How is this risk mitigated?

The reasons why Yearn Finance is built on Ethereum is because it has the following:

  1. the assets, for example, DAI, USDT, Ether
  2. the protocols that can be used, for example, Aave, Compound, Uniswap
  3. the tools, for example, Metamask and Etherscan
  4. written in (or compatible with) Solidity so can copy and paste and useful code from other protocols

Until competing Layer 1 blockchains tick those boxes then Yearn Finance will remain on Ethereum.


Governance risks

Risks Identified

A bad actor accumulates 51% of the YFI tokens and starts making decisions that adversely affect the protocol

Why is this a risk?

[TBC]

How is this risk mitigated?

The main defence against the 51% attack is the cost of acquiring 51% of the YFI tokens. Tokeneconomics have been designed such that any person or group that acquires 51% of the network is then incentivised to try to increase the value of the network. However, there could be an incumbent that benefits from the status quo and considers the cost of destroying as cheap in order to maintain its monopoly or oligopoly position. In this calculation the incumbent also has to factor in the cost of destroying YFI forks and other DAOs that could offer similar products. YFI tokens held in the governance contract or in the vault are not for sale and therefore reduce the likelihood of a 51% attack. Both options offer good returns, thus incentivising holder to remove the tokens from exchanges. Arguably the higher the proportion of YFI tokens held on exchanges, the greater the risk.


Risks Identified

6 out of 9 of multi-sig

Why is this a risk?

How is this risk mitigated?

Improvements being considered


Risk Identified

YFI holders become bored of participating in governance leading to poor decisions being made

Why is this a risk?

Apathy is a significant risk because the less people care about the decisions made, the worse the decisions will likely be

How is this risk mitigated?

Continue to incentivise holders to participate in governance. Giving out NFTs for voting is a great idea.


Risk Identified

The YFI community does not think of new revenue generating activities

Why is this a risk?

YFI is operating in a very competitive DeFi space. The fact that the code is open source means without new ideas, YFI will not last.

How is this risk mitigated?

Monitor percentage of YFI voting in governance.

Improvements being considered

It could be helpful for this to have its own section on the governance website / discord (separate from vault strategies). We could add incentives for new contributers e.g. you could nominate someone to get "best newbie contributer of the month" (or week?) and they get an NFT with the date. This will encourage loyalty! Newbie so that core team and BlueKirby don't win them all. They could even be helpful for people outside of crypto who want work in the industry.


Risk Identified

The YFI community does not think of new revenue generating activities

Why is this a risk?

YFI is operating in a very competitive DeFi space. The fact that the code is open source means without new ideas, YFI will not last.

How is this risk mitigated?

Improvements being considered


Risk Identified

The $500k Treasury turns out to be too little

Why is this a risk?

How is this risk mitigated?

Improvements being considered


YFI token risks

Risk Identified

There is a risk that the YFI community splits over a contentious governance proposal.

Why is each a risk?

If the YFI community were to fork and become two competing communities then that could do significant damage. The YFII fork was as a result of YIP-8 but the split was geographic and YFI kept most of the original community. Forks can cause lasting damage and confusion to people not following the space closely, e.g. Bitcoin Cash fork caused confusion for a long time.

How is this risk mitigated?

Forks are not a hypothetical risk. There have been many forks and their market capitalisations have consistently been a small proportion of the original. The table below shows the data as at 15th October 2020.

Original Forks Market cap as a proportion of the original
Bitcoin Litecoin (LTC) 1.5%
Bitcoin Bitcoin Cash (BCH) 2.2%
Bitcoin Bitcoin Satoshi's Vision (BSV) 1.5%
Bitcoin Bitcoin Gold (BTG) 0.1%
Bitcoin Bitcoin Diamond (BCD) 0.0%
Ethereum Ethereum Classic 1.5%
YFI YFII 19.5%
Uniswap SushiSwap 12.5%

Yearn Finance's code is open source however its community, including the developers, cannot easily be forked.


Scaling

Risks Identified

Why is each a risk?

How is this risk mitigated?

Improvements being considered


Monetization risks

Risk Identified

There is a risk that the fee structure becomes uncompetitive.

Why is this a risk?

Other yield farming protocols charge different fees and structure their fees differently. If other fee structures become more popular then this could lead to fewer deposits into Yearn Finance products.

How is this risk mitigated?

This risk is mitigated by developing products that people find valuable and for which it is worth paying the fees. Yearn Finance has developed yEarn, vaults, yInsure while keeping depositors' funds safe. It continues to lead innovation in DeFi.
Vaults save people money (in Ethereum gas fees) and time, things people are willing to pay for.
If it becomes apparent that the fee structure is uncompetitive then governance has the ability to change the fee structure.


Risk Identified

There is a risk that YFI does not manage to monetize.

Why is this a risk?

It is possible that Yearn Finance's fees are somehow gamed. For example, if the deposits into the vaults come via centralized exchanges that minimize the withdrawal fees by switching funds between users.

How is this risk mitigated?

If it becomes apparent that the fee structure is being gamed then governance has the ability to improve the fee structure. In the example of centralized exchanges managing the withdrawal fee, this would likely be more than offset by a higher performance fee.


Tax

Risk Identified

There is a risk that taxes are increased on earnings made in digital assets.

Why are tax changes a risk?

Governments can change tax rules to encourage investment in some assets over others. In the case of digitial assets, for example the UK has onerous tax rules where every exchange of a digital asset is a taxable event whereas in other jurisdictions tax only applies when crypto is converted back to fiat.

If taxes are increased on the earnings from Yearn Finance products then this will reduce the difference between yields earned on digital assets versus those available in traditional finance.

How is this risk mitigated?

Yields on USD-denominated stablecoins are not available in many countries outside the US hence the tax environment is unlikely to play a key part in a customer's decision process.

Improvements being considered


Competition

Risks Identified

  1. There is a risk that funds flow to competition, for example, Celsius, YFII or Harvest.Finance, if they start to offer better rates, lower risk, have better marketing, UX or UI
  2. Open source software can be copied and YFI can be forked
  3. CeFi (such as the centralised exchanges) or traditional finance (banks) could begin to offer better savings products

Why is each a risk?

  1. Yearn Finance aggregates capital. The less capital it holds, the less useful it is.
  2. With all Yearn Finance's code and ideas out in the open, either on GitHub, discord or the governance forum there is a risk that someone or a group of people take the code and ideas and implement them more quickly or improve upon them. There are already several forks of YFI attempting to do this.
  3. The total market cap of digital assets on CoinGecko is under $350 billion. There are trillions of $ sitting in centralised financial institutions.

How is the risk of competition mitigated?

You can fork code but forking developers, the community, assets deposited is much more difficult. The code available is only the code that has been written so far, it does not reflect all the future plans for Yearn Finance.

Yearn Finance also has many other advantages such as the brand of being the original and the fair launch that required no outside capital.

YFII was the first fork of YFI and is targeting a different community, particularly the Asian market with most of the discourse happening in Chinese on WeChat.

Celsius is able to offer high interest rates by lending to private institutions so it has a different customer base on the lending side. The rates are also likely subsidised by the CEL tokens that it holds in the treasury.

[mention Maker oracle integration - hard to copy. Also banteg mentioned Crv private formula Yearn has access to]
https://forum.makerdao.com/t/signal-request-should-we-fast-track-mip10c9-sp6-yearn-eth-usd-osm-whitelisting/3783/3

Improvements being considered

Yearn Finance is leading the innovation in yield aggregation.

  • The first to offer the yield aggregator product that automatically switched between the highest yielding lending protocols.
  • The first to offer vaults which is now a widely copied concept
  • The first to offer non-KYC insurance with yInsure
  • The first to offer a tokenised savings account, yUSD, that grows at the highest yields available in DeFi

While competitors are trying to copy Yearn Finance's current products, the focus is on how to scale.


Oracle risks

Risk Identified

Oracle gives incorrect price of loan or collateral causing liquidations.

Why is this a risk?

The vaults involve taking out a loan against a digital asset which is deposited as collateral. The debt:collateral ratio needs to remain under a certain threshold (defined within protocol and dependent primarily on the volatilty of the asset) otherwise the loan will be liquidated. If a low price is mistakenly quoted for the collateral then this can lead to a liquidation event as the smart contract will execute automatically. Liquidation penalties are expensive, for example, it is usually 13% of the loan with MakerDAO.

There is an additional risk that could be considered a basis risk between two systems using different price oracles. For example, if Yearn Finance uses a Chainlink Oracle for the debt:collateral ratio and the lending protocol (say, MakerDAO) uses different oracles, then there is a risk that the prices are mis-aligned and that the Yearn Finance contracts has a different collateral ratio. A divergence in prices is most likely to occur under stressed conditions such as March 12th 2020.

How is the risk mitigated?

The risk is mitigated primarily by using the most reliable oracle currently available, i.e. Chainlink, and setting high collateralisation ratios (200%).

https://forum.makerdao.com/t/signal-request-should-we-fast-track-mip10c9-sp6-yearn-eth-usd-osm-whitelisting/3783/3


DeFi protocol

Risks Identified

  1. A protocol such as Aave Lending Pool Core has a contract failure
  2. Problems withdrawing from a lending protocol used to borrow against collateral. This happens when too much of a supplied asset has been borrowed (it has happened on other lending protocols).
  3. Admins of DeFi protocols that are not fully decentralised make unexpected changes to the protocols that adversely affect Yearn products.

Why is each a risk?

  1. YFI is built on top of other DeFi protocols. Problems with these protocols can causes losses to people using YFI products.
  2. People deposit in vaults with the expectation that they can withdraw their funds at any time. If they are stuck on a lending protocol then this can lead to reputational risk.
  3. Many DeFi protocols are not yet fully decentralised. This is because they are mostly not in a finished state and the team wants the ability to make sudden changes if necessary. These DeFi protocols are often transitioning to full decentralisation.

How is this risk mitigated?

  1. If they are stolen maliciously then they can be blacklisted. If they get sent to a burn address they will be gone forever. A good risk management framework would consider how to deal with these situations before they arise.
  2. Only lending protocols with well managed liquidity are used by YFI products. YFI does not accept this risk.
  3. Protocols that are considered too risky are not used by YFI. Protocols that are currently too risky but may be used in the future are being monitored (e.g. For.Tube or Cream.Finance). YFI aims to use the least risky protocols in the DeFi space.

The following links are useful for understanding the risk frameworks of the protocols with which Yearn Finance interacts.

Aave
https://docs.aave.com/risk/

Compound Finance
https://compound.finance/docs/security#economic-security

MakerDAO
https://blocking.net/2863/20000-words-to-understand-the-risk-management-framework-of-makerdao/


Macro-economic risks

Risks Identified

When US equities sneeze, DeFi protocols catch a cold.

Why is this a risk?

DeFi protocols are at the tail end of risk and liquidity. In a "risk-off" period the YFI token price (along with that of other DeFi protocols) may suffer. The YFI token has existed since 17th July 2020 and therefore there is no data to show how it behaves in a risk-off period.

How is this risk mitigated?

This risk would be mitigated if investors start to believe that investing in DeFi is not a leveraged investment on US equities. Relatively low correlation of bitcoin's price with other asset classes is one of the key selling points of bitcoin to traditional investors.

Yearn Finance produces cashflows enabling investors to carry out fundamental analysis that is similar to that carried out for traditional equities. An example is shown below.

https://www.mechanism.capital/yfi-frameworks-for-fundamental-valuation/

Not all of Yearn Finance's cashflows are expected to be positively correlated to economic growth. For example, the yEarn product that switches between the highest rate lending protocols or yUSD are effectively savings accounts and could become more popular during an economic downturn.

Macro-economic downturns tend to affect leveraged companies the most. Yearn Finance maintains a treasury of around $500k and has no debt therefore its operating cash-to-debt ratio is effectively infinite.

The amount held in the treasury can be seen here.
https://app.zerion.io/0xfeb4acf3df3cdea7399794d0869ef76a6efaff52/overview

Improvements being considered

Yearn Finance continues to be as transparent as possible by providing timely and publicly available information.

https://www.yfistats.com/financials.html

https://explore.duneanalytics.com/public/dashboards/g0bGfgloeXBd9C18jpBjdXi5KkQjR7IXYqFRUnHk

https://gov.yearn.finance/t/build-a-twitter-bot-to-give-yfi-valuation-daily-updates/6101


Bitcoin Maximalist

Risks Identified

Yearn Finance does not scale because tokenised BTC, the largest digital asset by market capitalisation, does not move to Ethereum and/or find its way to Yearn's vaults.

Why is each a risk?

The total market capitalisation of digital assets on CoinGecko is $360 billion (on 10/10/2020) of which over $200 billion is bitcoin. Bitcoin cannot be on Ethereum, but tokenised bitcoin (effectively a bitcoin IOU) can be used on Ethereum. In order to scale beyond the DeFi on Ethereum ecosystem, Yearn Finance needs to attract deposits of tokenised BTC.

How is the risk mitigated?

Tokenised bitcoin on Ethereum is growing at a rapid pace as shown here https://bitcoinonethereum.vercel.app/

Although bitcoin has dominated the market cap of digital assets since 2009, other digital assets are growing rapidly including stable coins (https://cointelegraph.com/news/stablecoins-post-triple-digit-growth-in-2020-but-institutional-rivals-loom) and other DeFi protocols

Improvements being considered

Vaults offering tokenised BTC are under consideration and have been discussed in the governance forum. For example, WBTC, RenBTC, hBTC, sBTC and other forms of tokenised bitcoin each come with different risks related to scale and security.


DISCLAIMERS AND CAUTIONS

Forward-Looking Statements.

This document contains forward-looking statements which may, among other matters, discuss the anticipated functioning or behavior of smart contracts and other technologies or markets related thereto and the predicted or expected behavior current and prospective users or current and prospective contributors. Forward-looking statements may contain words such as “expect,” “believe,” “may,” “can,” “should,” “will,” “shall,” “expect,” “anticipate” or similar expressions, and include the assumptions that underlie such statements. These statements are subject to known and unknown risks and uncertainties that could cause actual results to differ materially from those expressed or implied by such statements, including. All forward-looking statements are based on the authors' knowledge, plans and assumptions as of the date of publication. Except as required under applicable law, no author hereby undertakes any obligation to update any forward-looking statements.

Nature of Information Provided.

This document is being provided only as an aid to research, and not as a source of truth. Certain matters described herein, including the code of smart contracts and other descriptions of technologies contained herein, are described only in a summary fashion. Such summaries are not necessarily accurate and complete, and do not include all relevant details. The statements and information contained herein (or provided through links) may not be accurate and complete, or may be subject to important limitations and qualifications; accordingly, no person should rely on such provisions as characterizations of the actual past, current or future state of facts about the relevant matters. No representations and warranties are intended to be provided hereby, and you should not rely on any information set forth herein, but should undertake your own independent research into he matters described.

No Legal or Investment Advice

No legal or investment advice is being provided hereby, and there is no attorney-client or other advisory or fiduciary relationship between the readers and the authors.

[Add a form here for feedback]

Select a repo