Skip to main content

Risks

Reasonable measures have been taken to mitigate the risks of the protocol, but there are still risks involved. This page is meant to help you understand the risks and make an informed decision. The DeFi space is full of risks, so you should do your own research before using any DeFi protocol including Yama. This is not an exhaustive list. These risks may lead to the loss of funds.

Directional risk

This is a risk people who leverage up take on. You pay interest on the amount you borrow, which means that to make money, your collateral has to increase in value more than the interest rate. Your profits depend on the price movement of the collateral, including yield.

IF THE PRICE OF THE COLLATERAL GOES DOWN TO THE POINT WHERE THE VAULT GETS LIQUIDATED, YOU WILL LOSE ALL YOUR COLLATERAL

You can track how close you are to liquidation using the borrow utilization listed on the borrow page. Additionally, you can see the liquidation price on the vault page, which is the price at which the vault will be liquidated if the price of the collateral drops to that level.

Smart contract risk

Yama Finance underwent an audit by Hacken. The GLP price feed is obtained directly from the GMX protocol on-chain instead of using oracles. These factors are part of the initial contributors' strategy to help reduce the risk of smart contract exploits or bugs. With that said, there is always a risk that a critical vulnerability exists for any DeFi protocol including Yama. Also, not all live smart contracts have been audited by Hacken. Feel free to look at the source code yourself.

It is important to note that many exploits targeting lending protocols fall into three categories:

  1. Reentrancy (e.g. Fei hack)
  2. Price manipulation on open markets (e.g. Avi's exploit of Mango Markets)
  3. CREAM-style price manipulation of a vault token where you deposit more of the token than its total supply by borrowing and redepositing, then artificially inflate its price (e.g. CREAM, Lodestar Finance, Aave xSUSHI incident)

The development process has taken into account these exploits, and the risk of their occurrence has been mitigated in the following ways:

  1. The risk of reentrancy is alleviated in different ways. State changes are made before removing collateral or borrowing, and after adding collateral or repaying debt. That by itself should make a Fei-style exploit impossible. Additionally, added tokens also have to be approved by governance, which means that by default, there is no way for an attacker to call external code during this process, which is also needed for a reentrancy exploit.
  2. At launch, the protocol only supported borrowing against GLP, which is an index token whose price is pegged to the price of the underlying assets. This means that the price of GLP is not subject to manipulation on open markets, unless someone has enough capital to manipulate the price of the underlying assets (BTC, ETH, etc.) significantly enough. The risk of this is quite low, as a 10% change in the non-stable underlying assets' prices is needed to move the price of GLP by 5%. This cannot be done with flash loans, since the prices are determined using off-chain oracles. An institutional actor would need to trade billions of dollars on the open markets and eat significant slippage to do this, with a high probability of failure. The risk of this is low. The protocol supported ARB (which is susceptible to this attack) for a period of time but it has since been deprecated.
  3. A vault wrapper is used for GLP. However, this type of attack requires the ability to borrow the vault token from the protocol. This is not possible, as users can only borrow Yama against their collateral. Therefore, this type of attack is not possible against Yama.

Bad debt

This is a risk the lenders and holders of Yama take on, but not necessarily the borrowers. This risk is common to all CDP protocols.

Under normal circumstances, vaults that become undercollateralized will be auctioned off. Auctions start slightly below the value of the collateral auctioned off so that liquidations can be instant. Liquidations are permissionless, and the liquidators assume no risk for the protocol's outstanding debts. These factors help reduce the risk of this, but it remains always possible.

Another risk to consider that while liquidations are permissionless, in practice, it is likely only a very small number of entities are running liquidators. This increases the risk of liquidations not occurring.

However, if the price of the collateral drops too quickly, the protocol has to write off much of the debt. This is called bad debt. Depending on the scale of this, the protocol may be able to cover the losses through revenue, or it may be rendered insolvent. There is also a risk that technical issues (e.g. issues with liquidator clients or smart contracts reverting) may cause the liquidators to not function when required.

It is important to note that external smart contracts may compromise the integrity of the protocol. For instance, if GLP cannot be redeemed due to illiquidity or another smart contract reverts, it can lead to bad debt.

Assume GLP has a collateral ratio of 106%, and liquidations reclaim 99% of the value of the collateral due to slippage. Then the value of GLP would theoretically have to drop by 5% before a liquidation occurs (which usually takes seconds) for bad debt to happen. If the chain experiences a significant outage, liquidations would take longer, increasing the likelihood of this scenario.

PSM stablecoin risk

This is another risk the lenders and holders of Yama take on. After a user mints Yama using the PSM, the minted Yama is backed by the USDT in the PSM. If USDT depegs, it will also affect Yama.

During black swans like the USDC depeg, it is not uncommon for most decentralized stablecoins to depeg. Dai has direct PSM exposure to USDC. Other CDPs support USDC or USDC LP tokens as collateral. Stablecoins that are very decentralized like Liquity still depeg due to significant market volatility. Having a PSM linking Yama to a fiat stablecoin that doesn't depeg can actually reduce the risk of Yama depegging versus other decentralized stablecoins because it strengthens liquidity.

This means that if USDT unpegs, Yama will likely be more affected than most other stablecoins. If USDC unpegs, Yama will likely be less affected than most other stablecoins. However, remember that USDC unpegging can indirectly affect Yama or affect it through collateral insolvency. Unusual market conditions can cause many issues for lending protocols like Yama.

Lack of liquidity

This is another risk the lenders and holders take on. USDT can always be converted to Yama as long as the governance-controlled PSM limit has not been reached, but Yama can only be converted to USDT if there is enough money in the PSM. Therefore, during times of significant capital outflow, it is possible for PSM redemptions to drain the PSM. This would make it difficult to redeem Yama for USDT.

If this occurs, it should be a short-term phenomenon assuming interest rates are set rationally and the amount of bad debt is not significant. This is because the interest rate can be raised to incentivize lending and disincentivize borrowing. But if combined with other factors such as bad debt, unusual market conditions, or bugs, this may not be the case.

Note that this risk is applicable to all decentralized stablecoins, and centralized stablecoins when redemptions are unavailable. PSM incentives reduce the risk of this happening for Yama versus other stablecoins, but Yama's high leverage counteracts this to some extent.

Centralization risk

Until on-chain governance is implemented, protocol maintenance such as the addition of new collateral types is performed by a multisig. However, since this uses a timelock contract, if the multisig holders are malicious or their wallets gets compromised, the changes would take time to take effect. The timelock delay is 2 hours as of August 26, 2023.

An exception to the time lock is interest rates, which can be set to any value between 0% and 100% immediately. This exception was implemented before the introduction of dynamic interest rates to allow the protocol to quickly react to market conditions.

Another exception is ownership of new vault collateral types. YPlvGLP and YsnrLLP have been migrated to the timelock, but by default, the aforementioned multisig has ownership of the smart contract for new vault collateral types.