Reasonable measures have been taken to mitigate the risks of the protocol, but there are still risks involved. This page is meant to help you understand the risks and make an informed decision. You should do your own research before using any DeFi protocol including Yama. This is not an exhaustive list.
This is a risk people who leverage up take on. You pay interest on the amount you borrow, which means that to make money, your collateral has to increase in value more than the interest rate. Your profits depend on the price movement of the collateral, including yield.
❗❗IF THE PRICE OF THE COLLATERAL GOES DOWN TO THE POINT WHERE THE VAULT GETS LIQUIDATED, YOU WILL LOSE ALL YOUR COLLATERAL❗❗
You can track how close you are to liquidation using the borrow utilization listed on the borrow page. Additionally, you can see the liquidation price on the vault page, which is the price at which the vault will be liquidated if the price of the collateral drops to that level.
Smart contract risk
Yama Finance underwent an audit by Hacken. The GLP price feed is obtained directly from the GMX protocol on-chain instead of using oracles. These factors are part of the initial contributors' strategy to help reduce the risk of smart contract exploits. With that said, there is always a risk that a critical vulnerability exists for any DeFi protocol including Yama. Also, not all live smart contracts have been audited by Hacken. Feel free to look at the source code yourself.
It is important to note that many exploits targeting lending protocols fall into three categories:
- Reentrancy (e.g. Fei hack)
- Price manipulation on open markets (e.g. Avi's exploit of Mango Markets)
- CREAM-style price manipulation of a vault token where you deposit more of the token than its total supply by borrowing and redepositing, then artificially inflate its price (e.g. CREAM, Lodestar Finance, Aave xSUSHI incident)
The development process has taken into account these exploits, and the risk of their occurrence has been mitigated in the following ways:
- The risk of reentrancy is alleviated in different ways. State changes are made before removing collateral or borrowing, and after adding collateral or repaying debt. That by itself should make a Fei-style exploit impossible. Additionally, added tokens also have to be approved by governance, which means that by default, there is no way for an attacker to call external code during this process, which is also needed for a reentrancy exploit.
- The protocol aims to never support collateral for which this type of attack would be feasible. At launch, the protocol only supports borrowing against GLP, which is an index token whose price is pegged to the price of the underlying assets. This means that the price of GLP is not subject to manipulation on open markets, unless someone has enough capital to manipulate the price of the underlying assets (BTC, ETH, etc.) significantly enough. The risk of this is quite low, as a 10% change in the non-stable underlying assets' prices is needed to move the price of GLP by 5%. This cannot be done with flash loans, since the prices are determined using off-chain oracles. An institutional actor would need to trade billions of dollars on the open markets and eat significant slippage to do this, with a high probability of failure. The risk of this is low.
- A vault wrapper is used for GLP. However, this type of attack requires the ability to borrow the vault token from the protocol. This is not possible, as users can only borrow Yama against their collateral. Therefore, this type of attack is not possible against Yama.
This is a risk the lenders and holders of Yama take on, but not necessarily the borrowers. This risk is common to all CDP protocols.
Under normal circumstances, vaults that become undercollateralized will be auctioned off. Auctions start slightly below the value of the collateral auctioned off so that liquidations can be instant. Liquidations are permissionless, and the liquidators assume no risk for the protocol's outstanding debts. This makes the liquidation system resilient.
However, if the price of the collateral drops too quickly, the protocol has to write off much of the debt. This is called bad debt. Depending on the scale of this, the protocol may be able to cover the losses through revenue, or it may be rendered insolvent.
Assume GLP has a collateral ratio of 106%, and liquidations reclaim 99% of the value of the collateral due to slippage. Then the value of GLP would theoretically have to drop by 5% before a liquidation occurs (which usually takes seconds) for bad debt to happen. As of Feb 13, 2023, GLP has never dropped 5% or more in a single day. However, if the chain experiences a significant outage, liquidations would take longer, increasing the likelihood of this scenario.
PSM stablecoin risk
This is another risk the lenders and holders of Yama take on. After a user mints Yama using the PSM, the minted Yama is backed by the USDT in the PSM. If USDT depegs, it will also affect Yama.
During black swans like the USDC depeg, it is not uncommon for most decentralized stablecoins to depeg. Dai has direct PSM exposure to USDC. Other CDPs support USDC or USDC LP tokens as collateral. Stablecoins that are very decentralized like Liquity still depeg due to significant market volatility. Having a PSM linking Yama to a fiat stablecoin that doesn't depeg can actually reduce the risk of Yama depegging versus other decentralized stablecoins because it strengthens liquidity.
This means that if USDT unpegs, Yama will be more affected than most other stablecoins. If USDC unpegs, Yama will be less affected than most other stablecoins.
Lack of liquidity
This is another risk the lenders and holders take on. USDT can always be converted to Yama as long as the governance-controlled PSM limit has not been reached, but Yama can only be converted to USDT if there is enough money in the PSM. Therefore, during times of significant capital outflow, it is possible for PSM redemptions to drain the PSM. This would make it difficult to redeem Yama for USDT.
If this occurs, it should be a short-term phenomenon assuming governance is acting rationally and the amount of bad debt is not significant. This is because the interest rate can be raised to incentivize lending and disincentivize borrowing.
Note that this risk is applicable to all decentralized stablecoins, and centralized stablecoins when redemptions are unavailable. PSM incentives reduce the risk of this happening for Yama versus other stablecoins, but Yama's high leverage counteracts this to some extent.
Until on-chain governance is implemented, protocol maintenance such as the addition of new collateral types is performed by a multisig. However, since this uses a timelock contract, if the multisig holders are malicious or their wallets gets compromised, the changes would take time to take effect. This should give the community time to react. The timelock delay is 2 hours as of August 26, 2023.
An exception to the time lock is interest rates, which can be set to any value between 0% and 100% immediately. This exception has been implemented to allow the protocol to quickly react to market conditions. As interest is calculated per-second, this should not pose a significant risk to users.
Another exception is ownership of new vault collateral types. YPlvGLP and YsnrLLP have been migrated to the timelock, but by default, the aforementioned multisig has ownership of the smart contract for new vault collateral types.