How to avoid systemic risk from platforms like YAM, while increasing YFI value

The whirlwind events of the past 24 hours should be a wakeup call to everyone who cares about the long-term security of yearn. YAM is not going to be a one-off phenomenon. There will be more and more projects competing to attract stakers for the purpose of executing “fair launches,” but it could end very abruptly with a devastating theft or smart contract error. This could leave a significant chunk of the YFI supply in a blackhole, or even worse, in unscrupulous hands. What then?

At one point, nearly half of all YFI was locked up in the YAM contract. Half! Think about that.

The PoW mining “renaissance” took off in 2013 (I think), as did staking for platform tokens a little later. Now we’re seeing more and more third-party platforms offering rewards for staking DeFi tokens and I think this practice is going to keep growing. But using a governance token for the purpose of staking on external platforms could pose a systemic risk for any DeFi platform, not just Yearn. If we accept the status quo, we are accepting the inevitability of a possibly platform-ending catastrophe. We can either pray it never happens, or try to implement a solution to this risk.

I understand that while there was no formal audit of the YAM staking contract, it was reviewed by many smart people who considered it safe, quite similar to the Synthetix staking contract. That may well be the case, but hacks often happen when other smart people discover a previously unknown technique for manipulating “safe” code. Also, mere mortals who aren’t 100% confident in their fluency in smart contracts, like me, shouldn’t have to rely on other people’s opinions for the purpose of protecting our funds.

Let me preface this by saying I am not a solidity developer, so my suggestion may be entirely unfeasible. But I have as much common sense as [almost] anyone here, and common sense is telling me that it’s not wise to expose valuable assets for the sake of trying to obtain speculative trinkets of dubious value.

We hold YFI tokens which are meant to be staked for governance. But if we take our YFI tokens on safaris around the DeFi universe as we seek free tokens on other platforms, we might not be around to make critical governance votes, and additionally we’ll miss out on fee income as that begins to grow. What if instead of moving our dear YFI around, we let them remain safely staked in the governance contract, while encouraging other platforms to provide us with “farming rights” if they want to attract our audience for their fair launches.

“Farming rights” could simply take the form of a wrapped token – yamYFI, for example – and be delivered to YFI holders through airdrops or some similar mechanism. I imagine this could serve several benefits:

1. It detaches the speculative activity and risk of external yield farming from the governance utility of YFI, encouraging maximum participation in governance while protecting YFI – and the Yearn platform as a whole – from hacks and contract errors.
2. It empowers YFI holders to choose which new platforms to participate in, without having to choose between fee income from the governance pool and speculative gains from other platforms.
3. Makes concurrent participation in different staking opportunities possible.
4. It allows YFI holders to “sell their farming rights” – the wrapped tokens from third-parties – for any particular platform if they so choose, generating additional on-going revenue to YFI holders and accruing more value to tokenholders.
5. Further positions YFI as a central token in DeFi and crypto, as the expectation of any new platform seeking to create a fair launch would be to deliver a wrapped token to YFI holders.
6. Could lay the foundation for a whole new yvault, which would farm individual opportunities as a collective unit.

Aside from the fact that wrapped farming rights tokens are a bit of an abstraction of the functionality of the YFI token, and thus introduce another element of complexity, I hardly see any negatives. But what do you think?

This would be a great system to put in place unless im not seeing any other potential downsides. This would set a standard for other platforms as well. A good time to discuss this. Im always worried about the ripple effects in a concatenated system like the present defi ecosystem during a black swan event.

One step further would be to setup a automated systems(contract?) so developers can initialize these farming rights tokens for their respective projects in a permissionless manner…

The likelihood of recurring and compelling external YFI farming incentives does present an interesting game theoretic situation for us. A repeated game of deciding between A) staking yearn internally for governance, and B) staking yearn externally for profit.

Without A yearn becomes ungovernable and YFI probably goes to zero. But that means giving up massive profit opportunities.

Totally agree. Out-competing liquidity incentives from external pools could make the current system of governance tricky.

I am not a solidity dev nor the most informed in these things – but here’s a stab at how this might work. Instead of staking into a voting contract, we’d create a voting vault. When we deposit YFI into the vault we’d get yYFI LP tokens back. These could be added to external liquidity pools like YAM, but it poses some problems: since the ability to convert yYFI back to YFI would be limited by vote lock, it’s less appealing of a liquidity asset than regular YFI, so external devs would be incentivized to create farms for YFI still and that would earn more fees.

vVault: a Voting yVault
Here’s another option, and I may be totally talking out my ass here so apologies. If we create a voting vault rather than a normal staking contract then we have a giant shared pool of YFI and the ability to run modular strategies on it. We don’t need farming rights, we could use our existing governance system to vote on how to utilize this liquidity. Example: we could vote to add it all to the YAM YFI pool.

We could potentially split the vault into multiple risk tolerances too. The nice thing about this idea, if it’s possible, is it could cohere even more collective intelligence within the yearn community.

May I propose an alternative. Perhaps I’m simply not as smart as most here but I like finding simple solutions that my kids will understand. @tracheopteryx I may have just ripped off your last post so I apologise if what I’m about to say is the same. Please take this then as a layman reiterating to validate my understanding.

Can we:

1. Take all existing, staked YFI and move it to a yVault

2. Participating YFI holders receive yYFI

3. yEarn rewards to be distributed to yYFI holders instead of YFI holders (this maintains reward flow to existing YFI holders THAT have also staked. Further, this differentiates between those that have staked and those that have not)

4. Implement a simple strategy against our vaulted yYFI

5. Use all yield earned in yYFI vault to buy YFI on the open market.

6. Where or when no YFI exists on open market, yYFI yield is added to rewards flow.

The expected outcome:

• YFI on open market is redistributed to YFI holders that actually want to stake in YFI system and away from speculators

• Incentivises holding YFI, staking AND voting to receive rewards.

• Creates a feedback loop that encourages participants at all levels.

Risks.
This will initially lead to more centralisation of YFI but I trust amendments in the future may mitigate this.

Thoughts are welcome

Thank you for helping think through the details @iTo , I think we’re aligned and your revision helps clarify it for me. I’d like to write this up together as a proposal if you think that makes sense?

But first wondering if we can get some more technical validation on this as a sanity check. Anyone?

Sure. @tracheopteryx All for it.

I’m particularly keen to hear from others, what the risks are in implementing such a feedback loop as the one above.

I think it’s potent, but I fear potency may create unforeseen consequences.

Thank you for your ideas, but I considered this model before arriving at the one I proposed and found many disadvantages:

1. By “distributing yEarn rewards to yYFI holders instead of YFI holders” you are separating platform income from the governance token, which diminishes the market value of the governance token. I believe high market value can secure the platform better than low market value. You are also detaching the interests of the governance tokenholders (YFI) from the interests of the rewards tokenholders (what you call yYFI), as there would be nothing stopping yYFI holders from selling their yYFI on the open market. I prefer the owners of the governance token have a direct interest in maximizing platform profitability; otherwise, what are their interests and how do they align with my own?

2. Not to mention, we want people to receive their share of the platform revenue when they actually participate in governance. What would the purpose of a token existing outside the governance contract be, when we want to determine eligibility for rewards based on presence (and participation) in the governance contract? How would that even work?

3. Another disadvantage that you have to consider is that your yYFI model is not scalable. If, as I predict, more third-parties will implement “fair launches” through a form of staking, a single yYFI token - whether controlled by a vault or a “DIY” investor - could not easily participate in more than one opportunity at once. This would severely limit the returns of the kind of yVault you propose for yYFI. This is why I proposed a new way of doing things, by encouraging or even facilitating third parties in creating bridge tokens, what I called “farming rights” tokens specific to their platforms.

4. From the perspective of security, which was my original purpose for this thread, it is clearly preferable to have distinct tokens for each third-party that desires to interact with YFI holders. If the yYFI rewards token in your model were subjected to a theft or a smart contract error, think about some of the problems:

• Would we want to keep sending a potentially large share of our rewards to a thief or a blackhole forever? Since it would be separated from the governance token, but remain the recipient of rewards, there would be no way to stop the revenue from bleeding out for eternity.

• Would the person who lost their rewards token even care to come back to redeem their governance tokens? Since their profit incentives have been lost, you would probably find a lot of people abandoning their governance tokens. Or for that matter, would they be allowed to reclaim their governance token without surrendering their yYFI reward token?

5. One point I do agree with is that there could be a yVault that reinvests profits into YFI purchases on the open market, but this idea isn’t necessarily dependent on the rest of the ideas we’re discussing being implemented.

I ask that you give more thought to the concept I proposed originally. If a third-party platform like Yam goes down, taking with it tokens that are essential to our platform (like a rewards token), it could take us down as well. If it takes tokens that were minted specifically for our interaction with that platform, it wouldn’t affect the continuity of Yearn.

In this new world of DeFi which we are helping to create, we have to train ourselves to think about the potential of catastrophic, systemic failure, and do everything we can to avoid it. People are demonstrating that they are reckless in the face of greed, and we can’t change human nature, but we can design a system that minimizes the dangers it presents to the ecosystem.

I’m totally open to ideas here and not sure at all about our version, so glad to work through this more. Here are some thoughts:

yYFI would just be a LP token representing a share of actual YFI in the governance pool. As of YIP-36 all system rewards are being used for operational capital, but in the future it’s likely some would go back into the governance pool to reward YFI holders who stake their YFI to vote. This is already “separating platform income from the governance token.” At no time have all YFI holders gotten system rewards. Only YFI holders that have staked have received awards. yYFI would just represent staked YFI so the fees would flow the same way they always have.

That would still happen.

To represent your share of the liquidity pool so the liquidity pool can be invested while you remain staked to vote. (The yYFI wouldn’t be invested, it would be locked after a vote.)

That would still happen. People that stake their YFI for governance would be rewarded in the same way. Except now that staked liquidity can be invested.

I’m not sure I understand this? In the model I suggested the YFI pool would be invested, like the yCRV in the yVault. I think the yYFI would need to be locked after a vote as YFI is now. But other than that, it could be traded.

How does this model reduce the systemic risk I have described?

That’s another problem.

I’ve had similar thoughts. But the key here is to figure out how to earn yield on YFI. And in order to do that, I think we need the ability to use it as collateral for stablecoins (eg via Aave). So we need to get YFI on Aave first.

I usually follow the discussions, but this one seems more complicated than most. As long as YFI holders can withdraw, is there anything preventing another defi team from offering rewards for staking YFI?

It seems that there is value in encouraging YFI Holders to keep their YFI staked within the YFI/yearn system. If so, how can we provide incentives to do that? If YFI share of yearn fees were high enough, there would be less financial incentive to chase outside yield. But it would be difficult to compete with 1000% APY.

One idea would be to increase the share of yearn fees for YFI that has been staked longer. For example, YFI staked 1 week counts as 1 share, 2 weeks counts as 2 shares, 3 weeks 3 shares, etc. up to a cap (maybe 10 weeks). This would incentivize longer term staking of YFI in the governance pool.

Now to boost the fees availabe – there were some ideas above about pooling funds and using those funds for yield farming. Yearn already offers that in the yvaults and will develop new yield generating products over time. We should consider putting some funds in our own products.

You’re exactly right, and we’ll especially never be able to compete with new platforms that pop up and offer astronomically high initial APY during their debut period (like YAM). And those are the most dangerous ones from a security standpoint, but people will always chase after them.

A great idea. You could also require funds to be staked for a probationary period, several weeks even, before being eligible for rewards.

Still, these are barriers, rather than benefits, and many people may still find it worthwhile to chase the sky high returns and never come back to the governance pool because of the barriers. Because of this, I think it would also be beneficial to devise some kind of system for other platforms to interface with Yearn and offer redeemable farming rights to YFI holders. Absent such a system, other platforms will have an excuse to invite Yearners to simply deposit their raw YFI, and eventually there will be a huge exit scam.

Here’s my understanding of the risks you point out:

1. Risk 50+% of YFI tokens get staked in something like YAM, there’s a bug, and they are lost forever making YFI ungovernable (too hard to get quorum)
2. Risk of YFI getting stolen somehow, a hostile takeover
3. Risk of bugs in yearn code
4. Risk of people staking YFI in stuff like YAM and not governing yearn

Let me know if I’ve missed or misunderstood your concerns.

I think for 1, even if that happened, the community would rally to lower the quorum.

For 2 that could happen in a bunch of ways—I haven’t worked through all the game theory on hostile takeovers, and would love to learn more there, but I think the main deterrent here is that good products and DAO governance are actually what creates the value in YFI and it’s in everyone’s incentive to support that.

For 3, that’s a persistent risk. I don’t think that’s what this thread is about.

And for 4, yes this is what I think we are all thinking through here and all the ideas in this thread are attempts to solve it. The farming rights idea would solve this by earning on liquidity from yamYFI. The vVault idea would solve it by earning from liquidity on YFI.

With the yamYFI idea – if they were lost, wouldn’t the YFI be lost too? It would need to be bound to the YFI via contract or else have no value. If there was a way to have both yamYFI and YFI then yamYFI has no value (eg if some yamYFI were locked in a contract you can’t just release the linked YFI since there are now two equal value tokens. The yamYFI was not burned). Eg If you lose wETH you don’t get your ETH back. I’m curious if there’s a way to both ensure the value of yamYFI and allow for the YFI to be recoverable in the case of smart contract error. Possible?

Let’s also remember that amidst 1% per hour APY a giant chunk of YAM farmers unstaked to earn nothing in order to pass a proposal. That’s amazing to me, and hugely important. For us it means it’s more likely that as long as YFI is creating value, no matter what other temporary tubers offer 10000% APY, people will come back to govern. Also, YAMs will come and go, and god bless 'em, but yearn has real tools making real money outside of speculation and money games.

I ask sincerely: would redeemable farming rights be sufficient to persuade other platforms not to entice YFI itself to flow to their platform?

I would characterize an increasing share of fees over time to be a benefit rather than a barrier, but I agree that however it is described, some may take their YFI and potentially be scammed, thereby putting YFI governnance control in the hands of a bad actor. Which brings us back to my questions: As long as YFI holders can withdraw, is there anything preventing another defi team from offering rewards for staking YFI? And, are redeemable farming rights sufficient?

Yes that is what im curious about as well. It would be like packaging away selective rights into a different token. For example yamYFI would give the staking rights for only the YAM project. No use outside of it. The backing YFI token will be locked in the Yearn governance contract.(the assumtion is that only the YFI tokens that are staked in the governance contract would be eligible for this feature).

Side note: I believe quorum is calculated based on YFI in the governance pool and registered to vote. If so, the loss of YFI would not directly affect quorum.

You understand my concerns perfectly. (Except for #3, which, as you said, is a risk every platform has to accept - not worried about that).

The yamYFI idea wouldn’t have to have any kind of persistent connection to YFI, so if it disappeared, it wouldn’t affect YFI. They would simply be issued or redeemable - redeemable might be better, so unwanted tokens don’t just start clogging up everyone’s wallets - to any wallet in possession of YFI at the chosen time of their creator. Since a large part of the purpose of these distributions seems to be to ensure fair launches, my thinking is it wouldn’t need to be attached to underlying value once it was created. But it would have a value in its own right, because it was distributed to stakeholders in a valuable platform, and can produce yields.

Excellent questions, and yes, I’m sure that there would be attempts to attract “real YFI” for staking. But if there were a different system devised, which became customary, and in spite of this a third-party invites stakers to bring real YFI to their platform with promises or added benefits, these inducements might be considered unusual and suspicious.

And that’s the other thing, I don’t know if farming rights would always be satisfactory, but I’m not sure in what cases they wouldn’t be. For example, in the case of Yam, I wonder how this would have been any less functional for the purposes of their fair launch than actual YFI.

yamYFI wouldn’t have YFI’s value unless they were bound together — otherwise it’s a new token with its own independent value.