Proposal: Direct % of rewards towards socialized insurance fund

Not opposed to adding additional mechanisms for growing the fund. I basically just think it needs a risk-free baseline of BTC/ETH to start. Once it’s over a certain amount, we should use the excess in strategies to grow it.

I think the last 24 hours’ events highlight how important this proposal will be for the Yearn ecosystem and the DeFi space as a whole. Had our awesome team not been able to close the vulnerability last night, this fund would have eventually been needed to be used to compensate losses. I think it’s important that we get it started ASAP. Kucoin had funds set aside to use for this purpose, but if this were to happen to us here at this point we’d be pretty fucked. We could obviously mint more YFI to sell and cover incidents like this like MakerDAO does, but this is a much better solution IMO.

The entire idea is to help protect each other, so sorry pure capitalists, this is a great idea.

I think if people read the Kucoin story that broke a day ago they would understand how important this is. The Kucoin users were made whole by the exchange and even though it is a centralized exchange I was glad to hear that no users lost funds since the exchange was covering all losses through their insurance fund.

I get the impression that many here do not realize the timeframe it would take to fill the insurance fund.

Let’s assume the vaults generate profit at about 15% APY, 5% of which is taken as a fee, which amouts to 0.75% of capital in the vaults. The OP mentions setting aside 1% of “rewards”, referring to the fees (based on the diagram). This would be 0.0075% of AUM per annum. As the largest vault (yUSD) constitutes about half of the total liquidity in vaults, it would take over 600 years for the insurance fund to be able to fully indemnify that vault against loss (static projection).

In the case of a systemic risk event like the “USDT rugpull” the OP mentions, multiple vaults would sustain losses at the same time, making the insurance fund even more inconsequential to the total outcome.

The above doesn’t account for withdrawal fees (which will come significantly down over time), but even so, this proposal is best viewed as a marketing ploy and not as a serious method of providing insurance.

Promises of insurance funds and buyback guarantees were used by many actors in the European peer-to-peer lending industry to grow AUM rapidly in recent years, showing that this marketing strategy works. Investors in those companies have sustained large losses this year, illustrating well how reliable such guarantees are.

You have some good points re USDT rugpull and it would be great for marketing, but you are assuming vault size/revenue is going to stay as it is now, when we haven’t redefined our overall fee strategy yet and the yETH vault is not open, so that 600 year scenario is not really a realistic representation of what we can expect going forward.

With that said, I agree 1% may not be enough, but even if we had to increase it to 5-10% of rewards (we could start higher and reduce it as AUM grows) to make this functional in the short term, I still think it would still be worth it. It’s interesting you are saying this concept doesn’t work when an insurance fund saved an exchange’s users literally just yesterday. You seem to take the position of “if it can’t cover everyone 100% immediately, it’s not worth doing.” In the short term, what we could do as a last resort to make up for any shortfall between the fund and losses needing to be covered is a MakerDAO style of mint/auction of YFI.

If we assume the vaults grow over time, then the protection will be even more inadequate, as the funds collected during the time when the vaults were smaller will be even less able to cover the vaults in the later years when they’re relatively larger.

The KuCoin futures insurance fund has about $600k in it (though I don’t know if there are multiple insurance funds in different parts of KC), so it is inadequate for the job and KC is dipping into its own capital. Yearn does not have significant capital reserves to dip into.

There is also the question of what exactly should be covered by such a scheme. This proposal leaves everything to the discretion of the multisig. One could ask why Yearn needs to cover losses in the event of a USDT depeg, as it is a loss entirely external to the vault ecosystem. For example the yUSD vault would keep increasing in yCRV terms even in such a situation, even though yCRV itself would collapse. Would any bank or fund reimburse losses caused by a weakening currency of denomination? Clearly that is not the case.

A cover restricted to smart contract bugs / exploits is already available from Nexus at prices set by the free market. An overlapping socialized insurance fund could interfere with price discovery. It would also cause naive investors to pile into the most risky vaults, mirroring the similar development I mentioned in the P2P sector.

Ah I didn’t realize KC insurance fund was so small. Even if there are other wallets, they likely aren’t much bigger. In the event of a loss like theirs (~$150MM), we would effectively be doing the same thing by minting YFI to sell to cover (though I don’t know who would buy $150M at that point unless our market cap was much higher than it is now). I agree USDT depeg would actually not fall under this coverage. You make some good points.

I think the only way to make this proposal workable, is to increase fees paid by users. That is not necessarily an untenable idea. I’d suggest extending the yInsure product to provide liquid insurance for yVaults, rather than making it a built in feature of the vaults themselves. Lets users decide, if they’re willing to sacrifice yield for safety.

Agreed. I actually hadn’t really thought much about how this would compete with our own yInsure product that uses Nexus Mutual as underwriter. If we could somehow use that to do something like this, that would be pretty cool and benefit everyone. If anyone has ideas on how that might work, we should explore it. Perhaps a pool of bulk NFT insurance that users could choose to buy into instead of individual NFTs? IIRC coverage now is mostly split in huge blocks.

Hi guys! I just joined the community and I´m a proud hodler of YFI since a few days. This project is amazing and THIS topic here is exactly the right discussion so I´ll share my thoughts and hope they add value.

First of all, I´m not a programmer but a finance guy so I will focus on these aspects and hope someone smarter than me can figure out how to pour things into code when the time comes…

In finance it´s all about safety and trust. When we talk about the masses then risk aversion, not greed, is the strongest influence on investment decisions. And in the long run yearn.finance aims towards the masses as far as I understand. So I think it´s not only a marketing gimmick but it´s real added value and a customer magnet when offering an inbuilt safety net for certain risks. As mentioned by @Dankmonty in the OP, a well sized insurance pool can work as a moat for this project against forks and this moat grows over time.

To summarize and expand on the risks mentioned in this thread:

1. smart contract risk of the yearn.finance backbone, affecting all pools and vaults
2. smart contract risk of individual vaults
3. smart contract risk of the tokens or plattforms used in a strategy (Aave, Balancer, Compound etc.)
4. pegging/collateral risk of stable coins (especially USDT)
5. address freezing risk due to centralized control of certain coins (USDC, WBTC, USDT, etc.)

Which risks should the YFI community insure?

1. To my knowledge the underlying infrastructure has been audited and probably tested by numerous hackers already. If this fails, YFI is probably dead, no matter the insurance pool. Fingers crossed!
2. Individual vaults are not created equally (correct?) so there could be bugs and vulnerabilities. The insurance of this risk must be first priority because yearn´s reputation builds on those products.
3. For this risk there are insurance offers from projects like Nexus Mutual, so I like the current approach with the “Cover” option. On the other hand this is very expensive, if not prohibitive over a longer time. So this could be considered as a second priority.
4. One can argue that investors should know and bear the risk of a failed peg because they invest in these stable coins (in particular USDT and DAI are at risk here). However, USDT and DAI are central to most Vault strategies, so they are an integral part of yearn at this point. Therefore I wouldn´t deny some responsibility of the YFI community for investor´s loss if a peg blows up. Though, investors still need to be aware and be somewhat responsible for the risk they take, so this would be third priority.
5. I assume if this risk manifests itself, the whole DeFi space is set back to square one for a while. Investors in DeFi have to take this risk for the time being.

Takeaways:

• Insurance is very important
• only insure risks that make sense to insure
• Have a 3-tiered insurance fund (3 pools)
• Allocate different portions of the insurance inflows to these pools according to priority. For example 60% to “Risk 2”, 25% “Risk 3”, 15% “Risk 4”

Next step: financing the pools

There needs to be a balance between raising funds fast enough to bootstrap insurance liquidity and cost burden on returns. The incentives must remain in favor to use yearn.finance over other protocols.
Also there needs to be a balance between the different actors: Investors, Vault creators and YFI holders.

As the target size for the total insurance fund (pool 1,2,3) it makes sense to reach a value equal to the 3 largest vaults combined, or some arbitrary % of TVL. (50%?) Because of the nature of the risks we cover, it wouldn´t make sense to go all the way up to 100% TVL.

As far as I understand, the fee structure of yearn.finance can be altered flexibly by governance decisions.

In this case I would suggest the following financing dynamic:

1. In the start, investors pay an additional 2% Gas subsidy fee (7% total) which goes into the insurance fund
2. Equally, YFI holders only receive 3% of the 5% gas subsidy and put 2% into the insurance fund
3. To hold vault creators accountable, 30% of their earnings go into the insurance fund as well.
4. These higher burdens are in effects until the fund reaches 10% of its target size and are then reduced by 10% as a step-up function. So they are reduced by another 10% when the fund reaches 20% of target value and so on. That means at 90-100% the additional fees would only be 0.2% gas subsidy from investor´s and YFI holders and 3% of earnings from vault creators. At 100% of target value, there will be no additional fees for as long as the fund remains at or above this 100% of target. (It´s a moving target so it will be on/off)
5. The insurance fund invests equally into all yearn vaults in order to help grow itself and diversify. Since we don´t assume that global shutdown risks occur, it would not hurt the fund too much if one or two vaults get compromised. However, the average yield would help quite nicely to compound the fund. If a more conservative strategy is desired we could just allocate 50% equally to vaults and keep 50% in some other forms (BTC, ETH, stablecoins…) This also incentivizes vault creators to build for yearn.finance instead of other protocols because they will receive insurance funds into their vault right away, thus receiving instant income. (after governance voting to include the vault into the insurance fund)
6. Since the insurance fund is investing and growing itself even if at 100% target value, we should implement a spillover function, for example at 110% target value. All funds beyond that mark will be put into the YFI reward pool. The spillover threshold should sit a good percentage over 100% to allow growth of TVL without immediately triggering additional fees again. Meanwhile this mechanic allows for distribution of locked capital to the YFI holders in case the protocoll shrinks temporarily.

The insurance case:

Let´s assume one of the insured risks manifests. How do investors get their compensation?
Perhaps there is a way to automate this in the smart contract? That way, funds could be distributed immediately to the contributing addresses according to the lost value.
Or there would be a “request insurance claim function” like at nexus mutual, which then has to be confirmed by the YFI governance. Personally I prefer the first if possible because it removes trust but the latter should work as well.

Now, let´s assume the insurance fund didn´t grow large enough to cover all the claims.

There are 3 options to handle the situation:

1. Just pay out whatever is in the insurance fund at a pro rata basis. Sorry, investors.
2. Mint YFI tokens, sell at the market and compensate investors.Sorry, YFI holders.
3. The insurance fund mints a special token that is an IOU to the investor and is redeemable at any time for its value from the insurance fund. I got this concept from PTF and I think it´s brilliant, because the insurance fund is most likely replenishing at a nice rate so people can have trust in the future redemption of their claim.
   You find more about this concept in the token whitepaper of PTF: https://power.trade/fuel-token/

Alright, sorry for the wall of text, I hope it is of value.

Cheers, and keep up the great work!

You have some good ideas here! I like the scaling/spillover mechanism and the insurance fund IOU token rather than minting more YFI. I’m not sure I understand the need to split the fund into different parts for the different risks, though. Why wouldn’t they just be commingled?

We probably need to do some analysis to see how quickly we could get this insurance fund bootstrapped to an acceptable size in different fee scenarios. As of now, it is unclear whether governance will be keeping the 5% harvest fee (as well as whether that is currently being paid before or after gas costs) or moving to a 5-10% performance fee on profits.

Thanks for the friendly feedback!

To your question about splitting the insurance fund:

Even I´m torn between putting everything in one pool or splitting up so lets discuss.

The idea to split the fund in 3 pools ensures that in case of multiple risk scenarios playing out within a short period, there would be enough capital to compensate different investors. Like a peg failing and having a vault hack, e.g. yETH, in the next week. If you only have one insurance pool, this would probably be drained by the peg failure already because that causes massive damage. But since guaranteeing a peg is not the primary concern of yearn.finance it would not be logical to reimburse for this loss and not having anything left for the case when we mess up ourselves. By splitting the pool, it would guarantee that in this case only 15% of insurance funds are gone in the first moment and 60% are still there for the vault hack. So splitting up the insurance found guarantees that we always have backup funding according to our priorities. (examplary percentages)

Of course an alternative is to just focus on our platform and leave the other risks uninsured. However, coming from a market development side again, insuring pegs and external smart contract risks lifts us to the assurance levels of centralized players like Celsius, Blockfi or Nexo. These guys have built great reputation in the private and institutional space because they feature things like a peg guarantee on any stable coin. Attracting professional money and getting them out of CeFi is easier if you can make them feel safe, although it may not be 100% safe. So I think we should insure these risks to some extent but have safeguards in place so the insurance pool doesn´t get killed by a black swan that we had no influence on.

On the fee side:

I made a rough excel tool to simulate the insurance growth. It´s tough to bootstrap this in a meaningful way without increasing the fees very much. I was understanding the gas fee like a performance fee - at least that´s what I´ve read somewhere earlier. But I´m delving into this project only since 3 days so possibly that´s wrong or outdated… Anyways, in the excel I included a performance fee and the withdrawal fee. (assuming 1 turnover, in and out, of all capital per year) Feel free to play around.

Thanks for elaborating on that. Makes sense. Imo we should probably remove the depeg risk from our priorities entirely (especially USDT), considering how much of a challenge this will be to fund the other risks to a meaningful degree in a reasonable amount of time.

I took a quick look at a few projects and it looks like the CeFi lending platforms have surprisingly weak insurance coverage:

Nexo’s is $100M and it looks like it only covers hacks and employee theft of their custodian, Bitgo. Says nothing about using their balance sheet for anything; shady imo

Celsius’ terms of use say there is no insurance and just the company’s balance sheet will be used to cover losses and it may not be enough to do so

BlockFi has insurance through Gemini but coverage is not specified

Beyond this surprisingly weak insurance for CeFi (BlockFi seems to be the most secure despite being vague), I’m assuming stakeholders would have to dig into their own capital to reimburse clients and save their respective companies.

The question to whether this is really viable lies in whether we can reasonably finance the fund, while still ensuring enough rewards flow to governance to compensate/incentivize that pool adequately. I think starting with a higher portion of fees going to this fund from governance and strategy creators would be necessary for funding, but I think many are reluctant to introduce more complexity to the fee structure that the common end user has to understand (simple is best). For example, the community was considering getting rid of the 0.5% withdrawal fee entirely for simplicity because there are now projects (Curve, SnowSwap) with functionality being implemented allowing their users to swap in and out of vaults without paying the fee. A flat 5-10% harvest or performance fee seemed to be the way fees were heading, but that’s still TBD

I’m curious to see the community’s sentiment on how important they view this insurance fund for the long term Yearn ecosystem (aka is this vital enough to redirect 20-40% of rewards initially?). Establishing this fund would cement this protocol further as a DeFi market leader, as few other DeFi protocols could compete with that kind of assurance of safety for users’ capital, but we would hurt governance reward yield in the short/mid term significantly until spillover.

Yes I agree with dropping the depeg risk. Although having it insured would be nice to have, the calculation clearly shows how hard it is to acquire meaningful insurance coverage in relation to TVL.

Thanks for looking into the CeFi lending more closely. Not really surprising that they market their insurance as more as it really is. In that regard, we would be ahead of the competition already, just the funds must be accumulated.

In terms of fees, I agree with the notion to drop the 0.5% withdrawal fee. It creates barriers for capital to flow freely which is the opposite idea of DeFi. As long as yearn.finance has a strong USP, the capital will stay here either way. But it could flow more freely between our vaults which is great. Also the withdrawal fee probably doesn´t add that much value for YFI holders anyways.

When it comes to funding and short term cuts to YFI holders I don´t see it as a problem from a business development point. I mean, which tech startup pays a cash APY yield of 3-5% after 2 months of existence? This is completely out of reality. Reallocating a portion - even a big portion - of the YFI rewards short term in favor of long term adoption, growth and increased earning power is even a must-do in my opinion. Especially since in-house insurance catapults us into a different league of quality. There are simply no competitors in that arena so yearn.finance would be THE protocoll for professional money to look into.

Also businesses that want to build on top of yearn.finance would absolutely love this insurance capacity. Think of a small private pioneer bank or fintech company building a nice Web-App with their tech in the background connecting client´s funds to yearn.finance. The frontend user would not even need to handle crypto technology, the bank takes a nice cut out of the yield and yearn.finance wins a lot of TVL. Now suddenly the competing game opened up to all CeFi and more companies follow. These things will happen down the road if we plan carefully. But without insurance there is no way for that first bank´s CEO to take on the risks that he can´t control and probably doesn´t even understand.

Again, YFI holders, developers and investors all profit from a safer yearn.finance so all of them would have to contribute to the insurance fund.

We have the chance to be the Amazon of DeFi. I hope people understand the long term potential and are not mislead by short term greed. I hope they also understand, that in order to achieve this, we YFI holders have to make short term sacrifices.

I agree! Today’s events highlight how this fund can help the protocol deal with any PR disasters in the future

So it looks like governance income is going to be 50bp on AUM in v2. Unclear at this point if this is better or worse for governance cash flow than what was in place before. I’m thinking better. @DeFiChad When you have some time, could you update that spreadsheet from before (link expired) with only the 50bp AUM fee to see what that looks like?

This doesn’t make any sense, the amount in the fund will never be able to make a dent in case of lost funds in any of the vaults/strategies.

The amount of money necessary to make up for the loss of funds which may be due to external factors (dollar peg, blacklisting tokens, etc.) would have to be so large that nobody will actually be willing to forego so much yield to HOPEFULLY make people whole. Instead, we should direct people to other solutions like options, cover, and so on. Let people self-insure because it is the only practical solution.

Also, I think we should put to rest the idea that any institutional investors will ever get involved with something that is decentralized (i.e. outside of their control) and open (i.e. able to be audited). They have no reason to get involved with anything that they cannot monopolize. So, please let us not entertain the idea that the likes of Fidelity or Vanguard are going to ever offer Yearn Vaults to their customers.

We clarified in the thread that we wouldn’t be protecting against dollar peg or external factors and just hacks and smart contract issues. I agree that it is a lot of yield to direct to this, but it would create a moat here once the fund was large enough… sort of the equivalent of FDIC for yearn deposits. Short term vs long term thinking here.

I don’t understand why you guys seem to think there is immediately going to be a 100% loss of all YFI user funds that will need to be covered. This fund will clearly state to the user that it will cover as much as possible per user affected. This last fiasco was ~15 million dollars, of which only 8 were refunded and the protocol’s reputation was wrecked as a result.