Discussion for How to Prevent Attackers with Borrowed YFI

There has been some debate on whether a time-weight to YFI should be weight-building or weight decaying. However, before talking about those, I think we should address something more fundamental: Preventing Attackers from Attacking with Borrowed YFI

I’m bring this up because this popped up when people were debating whether time-weight should be weight-building or weight decaying.

Which means, when the value of YFI drops, instead of costing the attacker like it traditionally would (buy YFI, attack, sell YFI to recuperate some cost). A drop in YFI price after an attack actually reduces the cost of attack if the attacker borrows YFI.

At first, I tried to solve this issue by comparing weight-gain or weight-decay, but after giving it some thought I found:

No matter if the time-weight effect is weight-gaining, weight-decaying or even a combination of the two (gaining to peak, then start decaying), as long as attackers have a cheap way of obtaining 51% of voting power, other than to buy out YFI holders, we lose.

Since there’s no way to stop people from loaning out YFI, I’m thinking we should come up with some novel approaches to discourage borrowing YFI. (Control the borrowers, not the lenders)

As yearn is in its growing stage, the risk of borrowers liquidating is large since YFI price grows with yearn. But as yearn progresses, yearn will turn from a growing project into a semi-stable project. At that point, the price of YFI will become less volatile as well.

And since YFI is a governing token, I’ve placed the importance of governance ahead of the price of each YFI. Instead, I think the price should be attached to the portion of YFI out of all available YFI. Like how each YFI holder can claim a portion of protocol earnings based not on the price of each YFI, but based on how big a portion you hold in the governance contract.

All of this being said, my first, not exactly thought out idea is to introduce truly random rebases (both positive and negative) to YFI. With the idea that each YFI holder retains the same portion of total YFI in their wallets. This raises volatility of YFI and discourages borrowers since they have no idea when they will be liquidated. And YFI holders will still be able to access the same voting power and yCRV reward based on their ratio.

However, I see a lot of issues with this idea (not an exhaustive list):

  • It will be a nightmare to redesign all YFI related SC’s to work with a rebasing YFI
    • Such as the governance contract or even calculation of claimable yCRV
  • Discourages investors who will see a random YFI price everyday
    • Hard to teach the public how if they’re losing nominal YFI, they still have the same voting power and can still claim the same amount of reward
  • Liquidity providers to AMMs might get rekt or might get lots of trading fees
    • Statistically they should have minimum divergence loss if the average price of YFI over a period of time is stable. But short term AMM providers can get rekt.

I expect my rebasing idea to be rejected. I mostly just want to throw at least one idea out to get the ball rolling and bring awareness to prevent attacks from YFI borrowers.


Glad to have helped spark some ideas.

This may be true, but we could ensure the yYFI vault is not lending in a way that could harm governance.

A question on rebasing: would a lending platform try to recalculate borrowing and lending to follow the rebasing amount? If so, then lending would continue with the same risks.

Which raises the questions: how possible is it to borrow 51% voting power and at what cost? Should we be concerned about a financially incentivised bad actor or also someone willing to lose financially but intent on fucking with the protocol?

1 Like

I was betting that the lending amount wouldn’t update with the rebases, since Aave haven’t listed a rebasing token yet. But if they do update together, this would defeat the purpose of using rebasing to discourage borrowing.

If we’re using Aave as an example, it would require around a capital of 1.25x the market cap of YFI and a cost of interest for the duration of vote lock.

But, if we’re dealing with a competing project, they can come up with a scheme that lures YFI with promises of gains bigger than yYFI vault if they deposit their YFI. In that case, I don’t know how much capital they would need, but it would be a lot closer to just the cost of the reward(interest) than 1.25x marketcap.

But now that I think about it some more, this just sounds like what sushiswap tried to do to uniswap, and doesn’t seem like it would be an actual threat to YFI.

Maybe governance can actively borrow from Aave if the portion of YFI on Aave threatens governance. This will be a cost of governance, but the costs ultimately goes back to rewarding YFI holders.

1 Like

I do not think this is entirely accurate. I am not a math person, so please check my work. Since we moved to YFI voting, the most voted YIP was YIP 30 with 8727 total votes. There are currently only 6060 YFI staked in governance. Let’s assume we mobilize against a malicious vote and 10,000 YFI stake and vote against. In that case, 10,001 YFI would be sufficient for the malicious actor to prevail. Assuming a 75% collateralization ratio, a malicious actor would only need 1.25 x 1/3 of the market cap of YFI. Even assuming the malicious actor wanted to guarantee a victory, that actor would only need to borrow 15,001 YFI. In that case it would take 1.25 x 1/2 of the market cap of YFI. Assuming 15k YFI and a market price of $40,000, that is $750,000,000. That is a lot of money, but it would only need to be tied up for a few days under current voting rules. Additionally, interest would only need to be paid for a few days and then the collateral would be released. At a 25% APY, it would cost about $500,000 per day of interest to pull this off. Today there are not 10k or 15k YFI on Aave (there are just over 6k), but such an attack need not use a single borrowing platform.

There may not be anything left on Aave to borrow to counteract such a threat (or at least not enough), particularly if we assume the malicious actor acquires 15,001 YFI (in which case there are simply not enough anywhere to vote against).

You would really have to want to screw with the platform to try this. It is also worth considering what would happen if this was attempted with less than 15k YFI – how fast could we mobilize. Again, I’m not sure how likely this is. Maybe someone has additional thoughts.

Of course, as long as Andre and the multisig are around, they may be able to step in and refuse to implement a malicious vote. But we are moving to a full DAO, and then there would be nobody to step in to save us.

Interestingly, it seems that the best defense may be (1) a high YFI price; (2) a lot of YFI staked in governance and able to vote against a malicious actor; and (3) little YFI available to borrow.

1 Like

I think math looks good. This scenario is definitely capital intensive. I recall reading somewhere that the treasury would buyback YFI? If it had a set price to repurchase YFI (sort of like a share buyback) that could at least keep the price of YFI above a certain threshold, thus keeping attacks capital intensive.

1 Like

If I were unscrupulous and interested in seeing a YFI competitor knock YFI down, I might find some similar minded whales and spend a few million on such a strategy. If there were opportunities to sell YFI short, that would make this even more valuable for the malicious actors. Further, I’ve seen discussions of potential options strategies for vaults, and if there were options for YFI, those could also be used to profit from the fall of YFI.

Also, I think my math exaggerated the interest cost as you would collect interest on the collateral but only pay interest on the amount borrowed ($600,000,000 not $750,000,000).


This problem can generally be easily solved by ensuring that attackers funds are subject to the markets response to the governance decision. A great example of this is the Decred project which has a random unlock time for staked coins. By making it random, the attacker cannot know when their coins will be unlocked and thus they will feel the effect of the outcome in the price. This mechanism is also what keeps Bitcoin secure with ASICs which are the sunk cost and the incentive is to protect the illiquid asset.

In short, the best way to prevent adverse behaviour, is to make it expensive. Make the time-lock post voting indeterminate and/or long period of time (weeks to months) to ensure market pricing effects are felt by staker. Furthermore, staked YFI must be the only form able to vote (no loaned, leveraged or interest bearing derivatives have a say).

1 Like

You are correct that1.25x marketcap wasn’t accurate. I was using a 40% loan-to-value for some reason, but 75% is possible. And since not 100% of YFI is in governance, the portion an attacker would need would be a lot less than 51% of all YFI. These two assumptions are how I got my 1.25x marketcap.

And I also agree the cost is way lower than the capital needed. But I want to reiterate that the capital can be further reduced if they’re not borrowing on Aave. They can have a really low capital requirement that’s not much higher than the cost if they lure YFI through some other mechanisms.

I was thinking more like a pre-emptive measure. Like if Aave pool>Governance stakes, governance borrows until governance has 0.51*(Aave+Gov). But I don’t think this is doable long term since a lot of money would be locked up just doing this and it’s even more incentive to loan out your YFI instead of staking in governance.

I agree strongly with 3. The problem is we can’t always guarantee governance reward is the best reward available to YFI holders. Malicious projects can bleed money and offer higher rewards short term to lure YFI away. That’s why I started with trying to control the borrowers instead of lenders.

I used to disagree with YFI buybacks since we have a fixed amount of YFI and it would raise the barrier of entry for new comers. But if it’s actually required for the security of the protocol (like keep price of YFI growing so borrowers can’t keep up) then we should indeed implement this.

Agreed that the assumption of a malicious actor needing 15k YFI is a ceiling and that the actual capital and cost for the attack could be lower. Assuming about 1/2 of that YFI is needed to be successful, for an attack that uses borrowed YFI, the collateral requirement would be about $400,000,000 (locked for just a few days) and the interest expense (assuming a 25% APY) would be about $200k per day. I also agree that YFI stolen from another platform could be used to attack the YFI protocol and at a lower cost.

To start this thread you confessed that increasing vote power over time or decreasing vote power over time would not be an effective solution:

I think you conceded defeat too soon. With respect to a borrowing attack, for example, we can increase the cost to the attacker with a weight-gaining voting system. Taking a linear 60 day voting power increase time, after 30 days, the attacker would only have 1/2 the voting power they would need to launch the attack compared to what they need now. Compared to our current 3 day lock after voting, 30 days (to get only 1/2 that voting power) would cost 10x as much. For full voting power, it would take 60 days and require 20x as much.

A weight-gaining voting system also helps in the situation where YFI is stolen from another platform. In that case, if the thief intended to attempt a malicious vote (rather than just sell the YFI), we would likely see it in advance, and the increasing voting power over time would give us several weeks to prepare. We could, for example, take a vote immediately after the theft to institute a temporary veto-council of trusted members just to prevent a hostile attack.

You and I both agree that reducing the amount of YFI available to borrow helps prevent this type of attack. We also both agree that governance rewards will usually not provide the yield YFI holders could get moving their YFI elsewhere. A voting attack on the protocol is an existential threat, and we should work to prevent it.

Now an idea that is bound to be disliked: partially split YFI into two (YFI retains most of the financial benefits and gYFI is given governance power); YFI remains fully transferable; gYFI is not freely transferable, cannot be put on a lending platform, and cannot be used for farming.

Working details:

  • give every YFI holder a proportionate amount of gYFI
  • YFI holders receive 90% of protocol’s profits
  • gYFI hoders receive 10% of protocol’s profits to help align interests
  • any changes gYFI holders make to this percentage in their favor is subject to approval by YFI holders
  • YFI remains freely transferable as it is today
  • gYFI is not freely transferable (Is this technically possible? I believe smart contracts could be restricted. We could also use an include/exclude list to prevent known lending platforms from holding the token. Perhaps all transfers would take place on a yearn.finance website.)

I experimented with the idea of weight-gaining, weight-decaying, or a combination of the two as a defence against attackers a bit before I started this thread. I laid out a few criteria and assumptions and here’s what I got.


  • A successful defence is defined as the attacker needing to pay at least 100% of the value of YFI he needs to borrow. (Cost of attack=value of YFI needed)
  • The cost of the attack needs to go back to rewarding YFI holders (transfer of power at fair market value)


  • Time-locking is a variable, and time-weight scales linearly with time locked to a maximum of 1 year, up to 2x weight (just for an example)
  • The weight increases to a peak at 1/2 time locked, and decreases when the YFI signals withdrawal (see graphic)
  • No minimum vote-locking time (at first I thought time-weight itself will be an effective defence so I threw out minimum locking time)
  • YFI in governance on average stake for 1/2 of the maximum stake time

From running these scenarios out I’ve reached a few observations:

  • Both the cost and the capital needed depend on how long the attack lasts
  • Cost and capital are inversely correlated
  • A weight-gaining mechanism adds on to the preparation needed before an attack can occur
  • A weight-decaying mechanism adds to the cost of the attacker in locking up YFI while giving the attacker less power.
  • The cost of attack stays roughly constant no matter how long the attack lasts (High capital, shorter duration. Low capital, higher duration)

The conclusion I reached at the time was:

This doesn’t exactly affect how YFI borrowers borrow, only affects how much they need. The could still borrow and not pay fair value for the voting power no matter which system we use. But rather, it’s affected by how long they need to be in the game. And since there’s no minimum locking time (I assumed we relied solely on weighting for defence), we need to ensure they can’t borrow for longer than a really, really, short amount of time.

^And that’s why I went with the “how to liquidate borrower” route.

But now I think we might be able to manipulate the cost of an attack by making vote-lock time or weight a function of governance reward divided by YFI price.

By making the vote-lock time * governance reward = YFI price, we can guarantee the attack will be costlier than just buying YFI out-right.

But this runs into a problem with absurdly long vote-lock times

Let’s assume YFI’s current return eventually just beats inflation (worse case scenario) and set it at 2%. That would mean we need a vote-lock of 50 years, which isn’t practical.

1 Like

This is all interesting, and it is clear you gave this a lot of thought.

Agreed that the lock times you suggest would not work. But your first criteria may be too strict.

As long as a weight-gaining vote power mechanism significantly increases the cost of an attack – even if it does not require as much as purchasing the necessary YFI – there is a benefit in increasing the cost of that attack. It Lso serves to give governance some time to react to a known future attack (such as if YFI were stolen from another protocol where YFI were being used).

Assuming the costs are not out of reach of an attacker, another method to defend against a malicious actor needs to be developed.

I think this is the most important part of all of this, and why this conversation is not as urgent as it would be if we followed Compound’s model. We have a multi-sig and a core team who can override any “vote” they deem to have been created as an attack on the protocol.

That being said, I’m very glad we’re trying to think of the best ways to protect the protocol.

While I know @Beepidibop’s focus is on borrowers, I truly think the easiest path will be to incentivize lenders. If we can convince token holders to lock up through a combination of rewards and bonus rewards/voting power with longer lockup/holding of the token in governance, I think that could be very effective.

I very nearly posted something similar a few days ago– but thought it would be hated. My idea was to generate two tokens with staked YFI– dYFI (rewards, transferrable) and gYFI (governance, probably not transferrable).

Ultimately, I don’t know what the best solution is to this. Truly, I think the protocol buying YFI back up to distribute to current stakers/voters is one of the best defenses we could have. It supports the price of YFI– making it more costly for an attack, it further concentrates YFI in the hands of those who care about governance and the protocol itself (theoretically), and it also very well may attract more YFI to governance simply by the idea of earning more YFI on your YFI.

1 Like

I believe Andre mentioned moving to a DAO in a matter of weeks. Regardless, we should work on implementing protections for the protocol before we the multisig backup is gone.

That may be true, but I continue to see posts here encouraging more YFI lending, such as by the yYFI vault. By encouraging YFI lending we put the protocol at risk.

Something along those lines would be helpful. Even without a lock, an increasing vote power and increasing rewards over time (maxing out at 60 or 100 days, for example) would go a long way to making an attack more expensive and also encourage more YFI to be sraked in governance rather than lent out.

We both have similar ideas rhat we are confident will be soundly rejected. Maybe we are on to something! I figure many YFI holders will seek the greatest risk adjusted yields they think they can get, which often will be outside governance. If we could allow that drive to contine but keep it from affecting governance votes (through a limited transfer governance token), perhaps we can allow yield seekers to lend and still protect the protocol.


Maybe it’s an idea worth hashing out.

My first question would be, how is voting power transferred between willing parties? My concern is new people can’t be easily on-boarded. But at the same time, as a typical company grows, executive power often separates from monetary stake, developing a tiered power structure. Most stock holders can’t vote on every decision a company makes even if they want to.

1 Like

Good question. Technially, I do not know, but I would be willing to go to a yearn website to buy/sell a gYFI governance token. Present all the warnings you think are necessary (e.g. “gYFI is intended as a governance token and is not intended to be lended. This is the only place to transfer your gYFI, it will not transfer on Uniswap or any other exchange. You cannot send gYFI to an address that has not been approved by yearn, and yearn may withdraw approval if necessary. If this page ceases to exist in the future, you will need to interact directly with the contract and may only trade with previously approved addresses.”).

Lots of good points here. I think the three of us are having quite a nice discussion on this thread :slight_smile:.

I actually didn’t mean “lenders” in the sense that we should incentivize YFI being lent out, but more that we should incentivize those who are lending their YFI to instead do something else (staking).

Regarding everything else…I’m going to take some time to try and think of the best way to tackle this, and then maybe come back with some more concrete ideas.


If we’re going with this route, we’ll need to figure out who gets to decide the whitelist. Does gYFI or dYFI do that through a vote, based on merit, etc.

I would like to avoid a centralized body if possible. But I do think we should have an emergency DAO like Curve that stops operations needing only a few people, probably applicable to each vault.

But maybe these are all addressed in the Aragon DAO Andre’s been bringing up.

1 Like

That makes sense. Yearn, however, is fighting you on this by making it easier to use YFI outside governance – such as in the yYFI vault. In addition, the draw of higher yields elsewhere will always be a factor. We should make staking in governance as easy and rewarding as we can.

Fantastic. I look forward to seeing what you come back with.

1 Like

I agree that as long as we have Andre, a multisig, or other individuals/entities that are willing and able to reject a malicious vote, that we can be less concerned. Eventually those stopgaps may not be available. Things move fast in crypto/defi, so that could come soon.

If we are ok with that type of centralization, maybe we could get comfortable with rules or votes to approve or disapprove addresses. Maybe smart contract addresses are by default not approved without a vote. Maybe known lending platforms are disapproved.

1 Like