[Proposal] yPhoon - Add the ability for the yearn vaults to act as privacy mixers

I love this idea a lot and vote for.
Privacy should be human right, not a privilege.
And why not accumulate more fee if Yearn can

Won’t this bring unwanted attention from the lawman?

Tornado supports ERC-20 tokens, a few stablecoins are available for deposit. Just the liquidity is low. I hope it will grow over time.

It would be a good source of revenue if the private transactions are charged a fee.

Id imagine that the fee would just be whatever the vaults charge now…at least to start with. If its quite gas intensive to do the mixing then I could understand an extra charge to cover the extra gas.

No idea, but doing things privately doesnt mean you are doing something illegal.

1. Yes, id like it to be optional. As stated in the spec, the vaults would remain as they are. The yPhoon contract would sit in front of them in the sequence. If you didnt want to mix, you would just deposit as normal using the regular deposit contract.

2. No idea. Although you do raise a good point re: centralised coins, perhaps the first vault to be tested would be a decentralised coin…so not the tether vault, or even yCRV since it has USDT,USDC involved

Great idea, but I agree with @fubuloubu that we should plug into Tornado’s V3 plumbing instead of creating our own.

From the PoV of yEarn, this is UI thing: add a toggle in the deposit interface which when switched, the yEarn shares (which are ERC20 themselves) are automatically deposited to the Tornado contracts and the depositor is handed a note, with a clear warning “keep this note safe”. Upon withdrawal, a similar UI element that allows a user to withdraw by supplying an address and the note.

So there is no need for a connector contract even, it’s all client-side JavaScript (Tornado will probably release an SDK with V3).

This is in fact something all DeFi frontends should do, I have previously suggested to Compound to do the same in their frontend which will turn Compound into a giant mixer. Even though Tornado has cDai in their frontend, the liquidity is so low … which implies this is fundamentally a UI/UX issue, Tornado already created the plumbing.

In light of today’s events, I guess I’m still in support of it…but please consider the optics if there is a hack somewhere and someone bad uses yPhoon. Would that have any price impact (PR impact?) on YFI? Is there a way we can distance ourselves from it?

It’s not us, we’re just plugging into TornadoCash

Hackers gonna hack. They can use Typhoon now, can even cash out to Monero. Whether yPhoon exists or it doesnt, it won’t stop bad people using good things for bad purposes.

I do completely understand your point though. Not sure what the correct approach is. And we can’t start adding wallets to a block list because then we start down the slippery slope of yearn becoming a non permissionless system.

We either have DeFi, true DeFi, where everyone is free to use the tools provided or we start to become centralised/controlled/gatekeeper type entity.

It is a sticky spot

dude love the creativity. super interesting idea and i will vote yes.

Tornado team is busy at the moment but they might look into yUSD integration when they are done with errands.

Maybe (just maybe) people can start fuss on Twitter and show their interest? Or better bug Kirby to do that?

cc @jimsox

I am STRONGLY AGAINST this. While this would bring in plenty of fees, it would also taint the assets of every single person using the vaults because of the arrival of new dirty money that would need to be laundered. Not only will this bring unwanted attention from the authorities, vault users will have a very hard time proving their coins are not dirty come cash out into fiat time.

Yes the precedent for “privacy” can be romantic but long term this will bring plenty of problems. It would also increase complexity, and attack vectors.

I urge you to think long term about this and not just as a short term fee bump.

Open to hearing counter argument as to why I am wrong!

I think this is exactly right. This runs the risk of creating all sorts of problems, not least running afoul of OFAC sanctions. As a purely pragmatic matter, whatever fee increase would come as a result would likely be immaterial relative to the TVL hit (both immediately and in foregoing institutional money coming into the protocol in one form or another).

I’m in agreement with ooinaru and jtr180. In additional to the potential legal aspects, I think it’s off-brand for yearn, and bad for our growth strategy.

Yearn comes across with exceptional integrity. Andre’s fairness in the YFI distribution was unheard of (yes, there are copycats now, but they come off as just that. Andre was fair when the precedent was unfairness - he broke the mold and yearn benefits for it). The transparency from Andre and yearn leadership and the way yearn has been positioned is earnest (look at banteg recently helping Pickle out, or the devs spending their time to get the EMN distribution taken care of in record time - we’re clearly the good guys). Andre’s said he’s making tools that he wants to use, use them at your own risk, he’s stated many times about testing in production and the reason this is necessary, and as yearn’s value grew, when questions were raised about his sole control he handed control to the community without reservation. As a result yearn’s social credit (and YFI’s price) skyrocketed.

A privacy mixer is not a use case that fits this image, it’s quite the opposite of the transparent, earnest organization and has the potential to raise questions about our ethics that have been unquestionable so far.

Regarding strategy, Yearn is out of the bootstrapping phase and is a solid small cap organization. However, the strategy that got us to small cap is not what will take us to medium cap. Without an adjustment in strategies, we’ll stay small cap, or die out.

DeFi is ready for strong institutional investment, the recent news about the Winklevoss twins putting their weight behind DeFi demonstrates this. A privacy mixer is a play to the romanticism / ideals of a certain type of retail investor (or to criminals), it’s not something an institutional investor wants or needs - it’s something they explicitly do not want as they’re held to a different standard, as is the organization that’s providing the services that we provide. We’re clean, we want to stay clean, and we want the clean money to know that yearn is the best place to put it.

After these institutional investors, we’re now looking at mainstream consumers. DeFi hasn’t hit the mainstream yet, nobody’s mother is asking them how to get into DeFi, but we know DeFi’s ready for it, and the time isn’t that far off. When the masses come for the DeFi gold-rush, they’re going want to know who to trust, and who’ll do the best job taking care of their money. If we continue to build on the reputation we already have, we’re not even just the smart choice, we are the default choice. The question will be “Why wouldn’t you use yearn?”

However, they will not do this if yearn is tainted in any way.

I’m all for consumer privacy, but as an institution yearn is, and will be held to different standards as DeFi continues to grow and legitimize, and we must be at the center of legitimate DeFi.

There’s a thread on Twitter that raises the sorts of questions I’m concerned about. Questions I’d rather investors don’t ask in relation to yearn.

Here’s a choice quote:

There is a difference between wanting sovereignty and privacy over your own funds vs enabling criminal activity.

I for one, have no interested in creating something that helps terrorists or human traffickers.

I think we have much to lose, and little to gain, from this move.

This begs the question of “how important is it to the YFI community to stay truly and fully permissionless? Is this a community value where compromises can or should be made?”

I’d personally argue that none of this is truly permissionless without the option of absolute privacy from any interested party. With that said, this functionality doesn’t necessarily need to be integrated on the same Yearn.finance website or even be built by the official Yearn team.

I think it’s worth noting that even if you use TornadoCash, you can still provide transaction history:

With Tornado.cash, you can always provide cryptographically verified proof of transactional history using the Ethereum address you used to deposit or withdraw funds. This might be necessary to show the origin of assets held in your withdrawal address.

This is a great idea. Instead of too easy transfer money, i suggest who ever want to use this service with high volume ( more than 200k$) should holding at least 1 YFI.

I think the idea is great for privacy, im just not sold on implementation going into the vaults design itself since it adds an extra layer of complexity.

It’s perfectly doable in a compose manner where the mixer is in front of the vaults and just takes care of the mixing and its backed by balance in a vault.

This is even currently doable with all vaults, since Tornado Cash supports ERC20s already it would just need an implementation that supports yUSD, yDAI, etc. That is the power of composability, but i think that privacy could be a concern outside the main yield aggregation use case.

Somebody just needs to take the current Tornado cash implementation and adapt it to use yVaults ERC20s i would think.

100% agree, better to use composable approach and take the privacy use case into Tornado itself which is already good at it.