Yield Yak has been live since March of this year and held over $40M TVL at its high-water mark, growing into the #2 project on Avalanche by TVL. In this post, we share our philosophy, actions and plans towards the continued safety of user deposits.
Don’t Lose the Funds
Lost funds, locked funds and stolen funds all have something in common: users lose access to their money. Money locked forever in a buggy contract has the same utility for users as money that was stolen from them.
When Yield Yak started in March as a place for friends to compound Avalanche farming rewards, our security model was simple — don’t lose the funds.
Our challenge building on defi legos, is that our contracts interact with many other contracts. Even with everyone building in good faith, it means something can happen on the stack below us that affects us. Sometimes that stack is fully stable, but more often things like contracts, tokens and dexes change. So what can we do?
Defensive Tactics for Defi Development
Our development approach is defensive. If something isn’t quite right, our contracts don’t carrying out actions with unexpected results. This approach has already saved YY users money on malfunctioning farms.
Another defensive tactic has been to include an emergency eject feature. If we detect that something bad is happening (or about to happen), we can emergencyWithdraw deployed funds from the underlying contracts. This means that users who do not take immediate action to do this themselves could have their funds saved in case of emergency.
We have not had to use this functionality.
If we did need to use this functionality, the funds would only be accessible once we initiate a call to the timelock to recoverERC20and sweep them following a 2-day waiting period in order to distribute them back to users.
“Board of Friends” — Transitioning to Community Multisig
Early in the platform, as our confidence in the contracts grew, we implemented a timelock and transferred ownership of every contract to the timelock.
More recently, we have reached greater and greater TVL, making it prudent to enact additional security best practices. We have already publicly committed to transition ownership of the platform to a community multisig owned by the Yield Yak Board of Friends.
We are working to transition ownership of the timelock to this group of community leaders. The complete transition sits amongst other priorities, like the $YAK token and dex aggregator. As of today, we expect this transition to take 4–6 weeks.
These are our plans and actions today to solve the problem of “don’t lose the funds” without undue trust assumptions and while maintaining appropriate defensive tactics for building on defi.
YY Contract Evolution
The smart contracts holding funds on our platform are not forks. They are purpose-built to efficiently compound assets. In fact, we created a niche category of “interactive” autocompounder since our team is not involved in the compounding process and our community compounds deposits in a fully autonomous and decentralized way.
So far, we have developed a few major versions of these contracts. Each improvement has led to more effective compounding. Recently, a community developer reduced gas costs by 16% on reinvestments, which directly improves YY users’ APY. Our community developers plan to continue evolving the contracts in order to continue delivering the best strategies to YY users.
The reality of iterating YY contracts, plus interactions with many underlying contracts, is that users take risk. As a team, we openly communicate these risks and proactively mitigate them where possible.
Adding an Audit to Our Security Strategy
We believe that audits are one important tool in a broader toolkit for smart contract security. Yield Yak has reached a stage where its code has been extensively reviewed by community members, used in production, and there is little or no change to the core accounting logic of the autocompounders.
We have respect for all findings audits produce. We do not consider an audit a marketing tool or stamp of approval. Even audited contracts find their way on the Rekt Leaderboard.
However, we feel it is the right time for code review by a professional audit firm. We have enlisted the help and advice of Luigi D’Onorio DeMeo (Director: Defi, Ava Labs) for our first audit.
We are grateful for our community’s support and feedback on security.
