Sam - Security and Monitoring

[spalen0]

Scope

Yearn needs a dedicated security team with clearly defined tasks and values. Security and innovation are the main points that differentiate Yearn from other yield aggregators.

Plan

The strategy that lost money didn't have a problem in the code, meaning that the review was done correctly but the problem was in the underlying protocol. This means that the security measures done before deploying the code are on the level but there is a need to monitor the strategy and the protocol after the strategy has been deployed. Building a monitoring system for the underlying protocols must be a high-priority task to ensure strategy safety. The team will also do all internal security reviews of the Yearn ecosystem. All planned tasks are splitted into the following 3 categories.

1 - Internal security reviews of yearn

V3 Strategy Reviews:

1. Strategy Security Reviews: Focus on identifying bugs in production and assessing audit quality.
2. Enforcement of GitHub Actions: Ensure that GitHub Actions for tests are completed and working before moving to production. Create Actions to trigger daily on deployed strategy contracts to verify emergency functions won't revert. This was the problem with Sonne strategy, withdrawals were reverting.
3. Risk Score Attachment: Attach risk scores to issues based on prepared risk assessments and add comments to justify the scores if necessary.
4. Complex Strategies and High TVL: For strategies marked as complex, having significant TVL in production, or being good candidates for external protocol collaboration, the team will add a "Recurring Review" issue to prioritize later review by other team members. The frequency of recurring will depend on the TVL and strategy risk score. A detailed approach will be defined after asset allocation to single asset vaults.

Ventures (yETH, veYFI etc)

The team will do the full reviews of other projects from Yearn ecosystem. Recurring reviews will be done if needed.

Immunefi Management

Yearn Finance has an open bug bounty program on Immunefi. Submitted bugs will be checked and verified by the team. Also, the new contracts will be added to Immunefi as they are deployed and ready for the bug bounty program.

2 - Yearn Risk Assessment Dashboard

Risk Score Framework already defined previously by ySecurity team. All current strategies have assigned risk scores in Excel.
In addition to the Excel sheet and defined risk score parameters, there will be a brand new website for users to check all strategies and their risk scores, as well as the monitoring we are performing for the strategies, if any.

There isn't any active maintenance required other than updating the new scores. However, if this needs any updates or maintenance we will take care of it. These values will be used to define monitoring that has to be set up for the strategy, higher scores must provide higher monitoring. It will also provide valuable information for vault asset allocations.

Display of risk scores will be done through existing Yearn websites in coordination with the respective teams.

3 - Risk Monitoring

The team will work with the strategist on which data should be monitored to ensure strategy safety. Help in building the monitoring system. Tenderly will be used heavily for this with additional custom tools depending on the protocol. An example of a Tenderly alert was the Sonne Timelock controller that was sending alerts for every new scheduled transaction. Another example of custom bots is USDR treasury tracker that helped us to withdraw the funds from Pearl strategy that was tested on ape.tax.

With better monitoring, we can allow more risky strategies but automated actions for existing strategies have to be in place.

Create and manage Telegram monitoring groups for each protocol. Some protocols that are planned to be monitored include:

• Compound V3: track bad debt as protocol health metric and any onchain updates timelock controller (or proposal offchain).
• Aave V3: track bad debt as protocol health metric and any onchain updates governance contracts (or proposal offchain).
• Maker(DAI): sDAI conversion rate, convertToAsset value should only go up. Track PSM (Peg Stability Module) fee rates to verify USDC:DAI is 1:1.
• Lido(stETH): Track market peg in Curve and Balancer stETH/ETH pools. Check slashing in validators.
• Pendle: Monitor the Pendle PT underlying tokens' liquidity to ensure the strategy is not left with PT underlying tokens without liquidity to swap them back to the asset. An example of this would be the depegging of an LRT that has no withdrawals or a hacked protocol's yield token.

Define additional protocols for monitoring depending on asset allocation and configuration that can change. Ajna has only 8M TVL but could be first in line depending on allocation.
Explore future improvements to the current testing suite.

Note

We envision this BR as a recurring BR that we will renew each quarter.

For this one, Tapir has an already approved BR in this timeline. He won't be receiving any payment for the first half month of this BR as he got approved BR for that month.

Deadline

2024-10-30

People

• Spalen
• Tapir

Money

The budget will cover 3 and a half months: 15/07/2024 - 30/10/2024

• Monthly $24k DAI. Tapir's budget for July will cover the first half of the month. He will receive the payment for the other 3 months.
• Infrastracture cost is covered with the total amount.

12 * 0.5 + 24 * 3 = 78

Amount (Total)

78000 DAI

Wallet address

TBD

Reporting

Monthly