Multi-Protocol Risks & Risk Management

Both the Market Neutral Yield Farming strategy and Directional Yield Farming strategy are active strategies that deploys funds with third-party DeFi products/protocols.

For the ‘active’ component of the strategy, the primary risk is contract or infrastructure failures causing drawdowns in the strategy. DeFi is an immature space, as is the infrastructure and systems that support it. As a result, these strategies are exposed to risks of drawdowns due to system failure.

YieldFi utilizes multiple protocols which introduces third-party risk, which is the risk that a third-party DeFi protocol has an exploit or some form of failure resulting in a loss of user funds, and in-turn a loss for the YieldFi vault and users. YieldFi has no control over exploits to third party protocols, though we employ strategies to do our best to mitigate these risks. Each third-party protocol is evaluated for security vulnerabilities and monitoring systems are deployed to monitor the function and solvency of the third-party protocols.

In order to generate maximum yields when market neutral yield farming, we will utilize a number of third-party protocols. While this maximizes yields, it increases the risk profile for the overall system. For instance, we may deposit initial capital into a money market such as Geist to borrow another token. We take those tokens and deposit them into a liquidity pool in SpookySwap. We take that LP token and deposit it into a yield farm in Liquid Driver to capture more yield. So in this example (which is a very practical example as we are integrated with all of the above for our market neutral yield farming protocol), the end user is exposed to YieldFi, Geist, SpookySwap and Liquid Driver. If there is an exploit in any of these protocols, the end user is subject to incurring losses. In the effort of transparency and in order to reduce risks involved in providing YieldFi’s protocols for use by end users we present to users on our user interface under "Yield Farm Information" the protocols that the end user will be exposed to by entering each product. This in turn ensures full transparency of where user funds are being deployed and which 3rd party protocols are being used in the creation of the products being offered.

In order to reduce the YieldFi protocol risk profile, we are only creating private vaults for use by our users/clients. The risks as compared to public vaults are significantly lower. At a high level this is because users are required to be ‘allow-listed’ in order to interact with the contracts (which depending on how and who is deploying our technology may require the passing of KYC). This is a barrier which makes attacks less attractive. Secondly, we are working with licensed custodians to incorporate this option into our User Interface. This is another potential point which can stop the attacker from successfully withdrawing funds from the YieldFi protocol (Custodians typically have a level of insurance too). Thirdly, flash-loans and flash-bots which are common tools for attackers, cannot be utilized to interact with private vaults. So, while there are always risks associated with DeFi products including YieldFi, we believe our private vaults will be less attractive to attackers than public vaults.