A post to discuss the introduction of a risk framework that will standardize future analyses of new underlying markets for integration purposes on the Perpetual Yield Tranches and Best Yield.
Following the 2023 roadmap, presented by @Teo, we would like to discuss the introduction of a risk framework to standardize how the Senior and Junior Best Yield strategies can integrate Perpetual Yield Tranches as new underlying yield sources.
This standard will improve the current Integration Standard requirements and simplify the onboarding of new yield sources into Best Yield strategies.
We envision a risk evaluation structure made part of two main components:
- Risk Framework
- Risk Rating
Before focusing on these two components, it could be beneficial to define the risks associated with DeFi protocols. Risks affecting DeFi protocols can be segregated into systemic risks, or risks that impact a large part or all of the DeFi ecosystem such as currency, regulatory and chain risks, and idiosyncratic risks, or risks that impact a single protocol or group of protocols, such as smart contract, governance, market, financial and oracle risks. Though idiosyncratic risks by nature tend to be unique to a specific platform, exposure to systemic risk factors may also differ substantially per platform.
In this first discussion, we will focus to evaluate the idiosyncratic risks of a protocol. The most common protocol risks mainly rely on these four categories:
|Smart contract||Immutable or upgradeable SC, audits, track record of auditors, number of hacks and third-party protocol dependencies|
|Governance||Team transparency, admin keys control, level of governance concentration and governance-related issues, emergency exit plan|
|Market & Financial||Total Value Locked, complexity, longevity, tokenomics|
|Oracle||Oracle dependencies, oracle fallbacks|
The Risk Framework will represent an evaluation tool to quantify and assess the risk of current and future Best Yield underlying yield sources.
The framework will be constituted of three parts
- Third-party review (33%) considering the reports of DeFi Safety and Exponential. These reviews will ensure that part of the risk rating will be based on independent analyses, avoiding any centralization issue that could affect Idle’s risk-scoring impartiality.
- Internal Security review (33%) focusing on Protocols risks from a smart contract, governance and market perspective. This review will be done by Idle DAO based on publicly available information and will use the same metrics for every protocol analyzed.
- Strategy review (34%) assessing the risks of each specific vertical, such as overcollateralized lending, uncollateralized lending, automated market makers, liquid staking and more.
1. Third-party review
The DeFi Safety and Exponential scores consider the vast majority of the Protocol risks listed in the Idiosyncratic risks section.
|DeFi Safety metrics*||Exponential metrics**|
|Smart contracts and team||(PF) Asset strength|
|Documentation||(PF) Protocol code quality|
|Testing||(PF) Protocol maturity|
|Security||(PF) Protocol design|
|Admin controls||(PF) Chain design|
|Oracles||(PE) Collateralization and leverage|
|(PE) Impermanent loss|
|(PE) Yield outlook|
|(PE) Chain reliability|
* the DeFi Safety score will be time-adjusted, considering when the report was last updated. The older the analysis, the lower the score.
** where PF stands for Protocol fundamentals and PE for Pool economics.
As an example, below we list the reports referred to Idle protocol:
Other external and reputable sources may be included at a later stage.
2. Internal Security review
This review mainly focuses on smart contracts and market/financial risks (see the Idiosyncratic risks section).
|Audit||Number of audits and quality of auditors|
|Bad debt, LP losses||Severity of losses incurred, if any|
|Bug bounty, Insurance||Size of bug bounty program|
|Protocol TVL||Total value locked across all chains (average since protocol inception)|
|Pool TVL||Total value locked on Ethereum (average since pool inception)|
|Protocol longevity||Months of activity|
|Pool longevity||Months of activity|
3. Strategy review
The Strategy component refers to specific risks related to each underlying market integrated into Idle strategies. The strategy score will be composed of a fixed parameter associated with the vertical and a score associated with thematic risks.
Current underlying sources
- Aave, Compound and either Senior or Junior tranches as underlying markets for Best Yield strategies.
- Euler, Morpho, Lido and Clearpool as underlying markets for Perpetual Yield Tranches.
|Overcollateralized lending||Lowest collateral fully diluted value (FDV)|
|Liquid staking||Validator concentration|
|Validators key management|
|Uncollateralized lending||Borrower’s asset under management|
Additional underlying sources
Some future verticals may include option and leverage strategies and support to bridges to allow multi-chain optimization.
|Leverage||Health rate factor|
|Bridge||Bridge key management|
The Risk Framework will assign a percentage score that will be then translated to a letter rating (A-E) based on the protocol risks evaluation, where
- A will be given to the highest-rated protocols in terms of overall risks
- E will be given to the lowest-rated protocols in terms of overall risks
We would like to gather the sentiment of the DAO toward the risk analysis process we sketched.
We value the inputs from our community and users, and would appreciate hearing about any additional metrics that should be included in the framework and specifically in these categories:
- Third-party risk rating sources
- Internal Security metrics
- Strategy metrics
Please remember that this framework should be applicable to the majority of DeFi protocols, hence we suggest not going too much into detail. Ad-hoc analyses could be carried out if needed.