Certik Trail of Bits Quantstamp +3 ChainSecurity MixBytes PeckShield
Certik Trail of Bits Quantstamp ChainSecurity MixBytes PeckShield
CertiK, feb 19, 2020 Quantstamp, july 24, 2020 MixBytes, november 05, 2020 PeckShield, january 17, 2021 MixBytes, april 15, 2021 MixBytes, april 23, 2021 MixBytes, april 09, 2021 MixBytes, april 06, 2021 MixBytes, may 24, 2021 MixBytes, june 02, 2021 Trail of Bits, april 30, 2021 MixBytes, october 18, 2021 ChainSecurity, january 18, 2022 MixBytes, dec 23, 2021 MixBytes, january 25, 2022 MixBytes, jan 10, 2022 - feb 28, 2022 Optimum, march 2022 Optimum, april 2022 Optimum, may 2022 Optimum, may 2022 ChainSecurity, sep 06, 2022
Price Market cap.
Last updated: Feb 02, 2023
Yearn is a DeFi platform providing its users with yield farming optimization, lending aggregation, and more. At the core of the project are its Vaults – representing capital pools automatically generating profit based on various opportunities present on the crypto market.
The platform was at first a personal project to automate DeFi yield generation by Andre Cronje but later earned the founder near-mythical status and following due to his fair distribution of YFI governance tokens, none of which were left for the founding team.
Yearn Vaults, or yVaults, are the main product on top of which Yearn allows its users to earn yield. yVaults get user deposits and route them through various strategies to capture the highest possible yield in DeFi. These vaults utilize Portals.fi (a platform for facilitating crypto transactions by utilizing various projects’ liquidity pools) to allow any token that can be swapped on Uniswap with less than 1% slippage to be deposited in them. Once a vault has accepted a token, it converts it into whatever type of asset is required by the vault, however, when withdrawing users can only choose from ETH, WETH, DAI, USDT, USDC, or WBTC.
As claimed by the Yearn team itself, one of the critical components of the platform’s infrastructure is a collaboration with Curve.fi – where several Yearn vaults provide liquidity into Curve pools and stake LP tokens to earn CRV rewards. 10% of all CRV rewards are deposited into an yveCRV-DAO vault, also referred to as “Backscratcher”, to obtain additional CRV, whereas the remaining 90% are swapped for LP tokens and re-deposited into the vaults. Only the yvUSDN3Crv vault locks 50% of all CRV earned into the Backscratcher vault, while the remaining 50% are swapped. In Backscratcher users can also earn emissions of tokens like SUSHI and PICKLE for providing liquidity.
With the release of V2 yVaults, Yearn’s vaults can now accept up to 20 strategies per vault, increasing the flexibility to manage capital efficiently during various market scenarios. Unlike V1 yVaults, where a single Controller oversees strategy performance and can take actions to improve capital efficiency, in V2 this concept is replaced by a Guardian and Strategy creator, which are tasked with the same duties. The new yVaults also implement bots from the Keep3r Network, that are used to purchase new collateral by selling earned tokens and deposit the profit back to the vaults and later into different strategies. Furthermore, with the release of V2, the one-time Yearn fee charged on balance upon withdrawal has been removed, making users subject to no withdrawal fees.
Yearn utilizes Iron Bank to access credit used to enhance yVault yields. However, this feature is only available to white-listed addresses. Some strategies also implement flash loans, but this is a back-end service requiring development experience to be accessed.
To deposit assets into a yVault and start earning a passive income thanks to Yearn’s automated strategies, users need to connect a wallet Yearn supports with the dApp. Currently, the project supports most web3 wallets such as MetaMask for example. Although the project is multi-chain when connecting to it, users must select the Ethereum network first before switching to any of the other supported blockchains.
Once connected, users need to select their preferred vault and deposit tokens in it, by entering the amount they chose, while keeping in mind they need to have enough assets left to pay for the transaction fees on the network. After that is done, all that is left is to click on “Deposit” or “Approve” (if they haven’t approved before) from their wallet and wait for the transaction to be confirmed by the network’s validators. Users can find their deposited assets by checking their vault of choice’s interface, usually found on top of the vaults list.
To withdraw funds from Yearn, users need to visit the vault from which they want to withdraw, enter the amount they want to take out of the platform, click the “Withdraw” button, and finally confirm the transaction from their wallet. Once the transaction is complete the tokens will be available in the user’s wallet.
The Yearn app can be personalized with various themes and other customizable details by visiting the “Settings” tab. Users can also change their slippage preferences from the same tab to one of three preset options.
Although balance doesn’t increase continuously, and profit is distributed only when the “harvest” function is called – which happens “on a fluctuating basis”, as per the Yearn documentation, users can utilize some community-made solutions to monitor the changes in their balance in real-time.
There are various in-depth guides available on the Yearn documentation portal.
Yearn’s YFI token is meant to act as a tool for coordination between the project’s contributors, community, and associated protocols. Furthermore, the asset also provides its holders with governance rights in order to decentralize the management and development of the platform’s product suite.
The total supply of the asset is 36,666 tokens, all of which have been minted. When the token’s contract was deployed users of different DeFi protocols were able to obtain it by providing liquidity to specific pools on the platform. Through this program, the company distributed 30,000 tokens proportionally to all LPs in seven days.
The YFI token was created with a built-in minting function that was originally controlled by Yearn’s founder – Andre Cronje, but soon after the token emissions began, the control was handed to a multisig wallet.
As a fully decentralized project and since the intention behind the YFI token was for it to have fully decentralized control, major governance decisions regarding token emissions and allocations are published on the project’s documentation webpage. For example, YIP-56 (YIP stands for Yearn Improvement Proposal) disbanded the staking system and implemented a buyback system, which directs more capital to the project’s treasury while also benefiting YFI holders as it also removes YFI from the market. YIP-57 saw token holders voting on minting 6,666 tokens of which 1/3 was vested to key contributors, while the remaining 2/3 went to the project’s treasury.
YIP-61 saw the launch of Governance 2.0. This included expanding the token holders’ responsibilities from creating and voting on YIPs, to creating and voting on YDPs (Yearn Delegation Proposals) and YSPs (Yearn Signaling Proposals). YDPs empower so-called yTeams – small autonomous groups of Yearn contributors controlled by YFI token holders to act in the interest of Yearn.
Yearn also utilizes the WOOFY token – it is aimed to solve the problem that YFI’s price is too high in USD terms, making it complicated to calculate for users. At all times 1 YFI token is equal to 1,000,000 WOOFY tokens. The two Yearn crypto coins can be exchanged for each other at a fixed rate at any time, through the WOOFY Ethereum contract or the Woofy website.
At the beginning of February 2021, Yearn’s v1 yDAI vault got exploited, resulting in a loss of $11 million worth of digital assets. According to the post-mortem of the incident, just 38 minutes after the start of the attack, Yearn’s founder – Andre Cronje noticed a suspicious pattern of transactions and called the Yearn team into action, resulting in saving 24 million DAI from the exploited vault’s total balance of 35 million DAI deposits. The Yearn team along with the project’s multi-sig signers, managed to finish their recovery action in only 11 minutes.
The attacker was able to exploit Yearn by creating exchange rate imbalances between stablecoins in Curve’s 3CRV pool. This made Yearn’s yDAI vault deposit and withdraw funds from the 3CRV pool at “unaffordable rates” through a series of transactions. The exploit was only possible as the attacker was holding a substantial portion of the Curve 3CRV pool, resulting in a profit of only 2.7 million from the total 11 million stolen from the protocol.
Only a few days after the Yearn hack, the project announced it has restored the yDAI pool (essentially repaying affected users) at its balance prior to the attack by using YFI tokens from its Treasury to mint 9.7 million DAI.
Yearn has undergone 39 audits at the time of writing this review, all of which have been made public and are accessible through the project’s dashboard on this webpage. All issues found in the audits have been responded to and resolved by the Yearn team.
The founder of Yearn – Andre Cronje is one of the most prominent members of the crypto industry. He started his career as a lawyer but later developed an interest in computer science and after taking extensive courses on the topic, became a lecturer himself. Later he worked in various tech fields, such as Telecom, Neural Networks, and finally Fintech. His experience in crypto includes being a code reviewer and partner at Crypto Briefing, as well as a technical advisor role in the Fantom Foundation.
The project is currently governed by YFI token holders, which can submit and vote on off-chain proposals managing its ecosystem. Even after newly submitted proposals get majority support, they can only be implemented through a 6-of-9 multi-sig account. The account in control is an implementation of Gnosis Safe, its members are chosen by YFI token holders and are subject to change. The current list of members includes Milkyklim – a pseudonymous member of the Yearn team; Devops199fan – part of Saddle Finance, eGirl Capital, and Venture DAO; Vasily Shapovalov from p2p.org; Mariano Conti from nanexcool.com and MakerDAO; Leo Cheng from Cream Finance; cp287 from cp0x.com; Ryan Watkins from Messari; Banteg – also part of the Yearn team, and Daryl Lau from Not3Lau Capital.
Yearn’s security practices include a bug bounty program with Immunefi which can earn anyone who finds a bug in its code that has not been shared publicly anything from $100 to $200,000, depending on the severity of the issue.
The project is running a Partnership Program allowing developers to easily integrate yield into their own services by making yVaults accessible to them. Partnering projects can earn up to 50% profit from their shared TVL, when participating in the program.
As a flagship project in the industry and due to the many innovations implemented by it as well as thanks to its partnering program – there are numerous projects collaborating with Yearn. Some of them include Alchemix, ShapeShift, Sturdy, Gearbox, Akropolis, Abracadabra, Element, QiDao, and many more.
There is no distinct Yearn roadmap currently, the upcoming features of the platform are subject to discussion and governance approval and can be followed on the Yearn governance website.
Aave will integrate Chainlink's Proof-of-Reserve, further increasing the platform’s security
Uniswap's governance proposal accepted