LogoLogo
AddressesAuditsGitHub
  • πŸ“₯Introduction
  • πŸŒ€Products
    • Introduction
    • Best Yield
      • Overview
      • Guides
        • Deposit funds on BY
        • Redeem funds on BY
      • FAQs
    • Yield Tranches
      • Overview
      • Adaptive Yield Split
      • Security
        • Covered risks
      • Guides
        • Deposit funds on YTs
        • Redeem funds on YTs
        • Live YTs guides
          • Lido stETH
      • FAQs
    • Fee structure
    • Get involved
      • Integrators program
      • Institutions program
  • πŸ’»Developers
    • Introduction
    • Networks and codebase
      • Ethereum mainnet
      • Polygon
      • Kovan testnet
      • ERC-4626 standard
    • Best Yield
      • Architecture
      • Deployed contracts
        • Ethereum
        • Optimism
      • Interface
      • Methods
        • mintIdleToken
        • redeemIdleToken
        • redeemInterestBearingTokens
        • rebalance
        • tokenPrice
        • tokenPriceWithFee
        • getAPRs
        • getAvgApr
        • userAvgPrices
        • getGovTokensAmounts
        • getAllocations
        • getGovTokens
        • getAllAvailableTokens
        • getProtocolTokenToGov
      • Edge cases
      • Security management policy
      • Get integrated as yield source
      • Get user earnings
    • Yield Tranches
      • Architecture
      • Deployed contracts
        • Ethereum
        • Polygon zkEVM
        • Optimism
      • Interface
      • Methods
        • AAStaking
        • BBStaking
        • AATranche
        • BBTranche
        • depositAA
        • depositAARef
        • depositBB
        • depositBBRef
        • fee
        • getApr
        • getContractValue
        • getCurrentAARatio
        • getIncentiveTokens
        • lastNAVAA
        • lastNAVBB
        • strategy
        • strategyToken
        • token
        • trancheAPRSplitRatio
        • tranchePrice
        • virtualPrice
        • withdrawAA
        • withdrawBB
      • Integration example
      • Edge cases
      • Security management policy
      • Subgraph
    • API
    • Security
      • Hats Finance vault
      • Hypernative monitoring
      • Immunefi bug bounty
      • Integration Standard Requirements
      • Risk Framework
      • Smart contract audits
  • πŸ›οΈGovernance
    • Introduction
    • Idle DAO
      • Governance process
        • Governance forum
        • Governance dashboard
        • Snapshot IDLE
        • Snapshot stkIDLE
      • Idle Leagues
        • Communication League
        • Development League
        • Treasury League
        • Leagues contributors
      • Treasury
        • Reports
      • Governance guides
        • How to monitor off-chain voting pools
        • How to propose an IIP
        • How to create an on-chain proposal
        • How to delegate votes
        • How to vote for an IIP
      • FAQs
    • IDLE token
      • Distribution
      • Use cases
        • Lending, borrowing & collateral
        • DEXs liquidity provision
      • Buybacks
      • Delegates
      • CoinGecko
    • IDLE staking
      • Prime staking
        • Examples
      • Staking integration
      • Guides
        • How to stake your IDLE
        • How to vote in Gauges
        • How to boost your $IDLE rewards
        • How to give VEV
  • πŸ—‚οΈOther
    • Brand assets
    • Guides
      • How to see IDLE in your wallet
      • Deposit funds through Idle
      • Deposit funds through smart contracts
      • Redeem funds through Idle
      • Redeem funds through smart contracts
    • FAQs
    • Glossary
    • Resources
    • Archive
      • πŸ‘‡Get in touch
        • πŸ›οΈGovernance Forum
        • πŸ†Idle Grants Program
        • πŸ‘ΎDiscord
        • 🐦Twitter
      • Gauges
        • Architecture
        • Deployed contracts
        • Gauges repository
        • stkIDLE repository
      • Gauges
        • Gauges integration
        • FAQs
      • Boost
      • DEXs liquidity provison
      • Risk Adjusted (deprecated)
      • Deployed contracts
      • Idle Smart Treasury (deprecated)
      • Ethereum LP staking (deprecated)
      • Polygon LP staking (deprecated)
      • Flash Loans (deprecated)
      • QuickSwap cxETH-WETH
      • Integrate PYTs
      • Idle Grants program
      • Idle on Polygon
        • Add Polygon network to MetaMask
        • Bridge $IDLE to Polygon
        • Deposit funds on Polygon
        • Add liquidity to $IDLE pools
        • Stake IDLE LP tokens on Polygon
Powered by GitBook

Ecosystem

  • Website
  • App
  • Governance
  • Brand assets

Developers

  • Feedback
  • GitHub
  • Bug bounty
  • Audits

Community

  • Blog
  • Twitter
  • Telegram
  • Discord

Analytics

  • Stats
  • Dune
  • DeFiLlama
  • CoinGecko
On this page
  • Structure
  • 1. Third-party review
  • 2. Internal Security review
  • 3. Strategy review
  • 4. Coverage
  • Risk rating

Was this helpful?

  1. Developers
  2. Security

Risk Framework

Developers > Security > Risk Framework

Last updated 2 years ago

Was this helpful?

This framework aims to standardize analyses of new underlying markets to be integrated into and by quantifying and assessing the risks related to new underlying strategies. It is composed of four sections that lead to a final rating.

Risks affecting DeFi protocols can be segregated into systemic risks or risks that impact a large part or all of the DeFi ecosystem such as currency, regulatory and chain risks, and idiosyncratic risks or risks that impact a single protocol or group of protocols, such as smart contract, governance, market, financial and oracle risks.

Risk
Metrics

Smart contract

Immutable or upgradeable SC, audits, track record of auditors, number of hacks and third-party protocol dependencies

Governance

Team transparency, admin keys control, level of governance concentration and governance-related issues, emergency exit plan

Market & Financial

Total Value Locked, complexity, longevity, tokenomics

Oracle

Oracle dependencies, oracle fallbacks

Structure

The framework is constituted of four parts:

  1. (33%) considering the reports of and . These reviews will ensure that part of the risk rating will be based on independent analyses, avoiding any centralization issue that could affect Idle’s risk-scoring impartiality.

  2. (33%) focusing on from a smart contract, governance and market perspective. This review will be done by Idle DAO based on publicly available information and will use the same metrics for every protocol analyzed.

  3. (34%) assessing the risks of each specific vertical, such as overcollateralized lending, uncollateralized lending, automated market makers, liquid staking and more.

  4. measuring the minimum coverage needed to let the Best Yield deposit funds into the Yield Tranches pools.

1. Third-party review

The DeFi Safety and Exponential scores consider the vast majority of the Protocol risks related to Idiosyncratic risks:

The DeFi Safety score will be time-adjusted, considering when the report was last updated. The older the analysis, the lower the score.

Components:

  • Smart contracts and team

  • Documentation

  • Testing

  • Security

  • Admin controls

  • Oracles

where PF stands for Protocol fundamentals and PE for Pool economics.

Components:

  • (PF) Asset strength

  • (PF) Protocol code quality

  • (PF) Protocol maturity

  • (PF) Protocol design

  • (PF) Chain design

  • (PE) Collateralization and leverage

  • (PE) Impermanent loss

  • (PE) Yield outlook

  • (PE) Chain reliability

2. Internal Security review

This review mainly focuses on smart contracts and market/financial risks.

Type
Description

Audit

Number of audits and quality of auditors

Bad debt, LP losses

Severity of losses incurred, if any (% vs TVL)

Bug bounty, Insurance

Size of bug bounty program

Protocol TVL

Total value locked across all chains (average since protocol inception)

Pool TVL

Total value locked on Ethereum (average since pool inception)

Protocol longevity

Months of activity

Pool longevity

Months of activity

3. Strategy review

The Strategy component refers to specific risks related to each underlying market integrated into Idle strategies. The strategy score will be composed of a fixed parameter associated with the vertical and a score associated with thematic risks.

Current underlying sources

  • Best Yield: Aave, Compound and either Senior or Junior tranches.

  • Yield Tranches: Euler, Morpho, Lido and Clearpool.

Vertical
Metric

Overcollateralized lending

Collateral fully diluted value (FDV)

Maximum borrowed amount

Uncollateralized lending

Credora's borrower capacity

Credora's borrower rating

Liquid staking

Validator concentration

Validators key management

4. Coverage

The Coverage component measures the minimum coverage needed to let the Best Yield deposit funds into the Yield Tranches pools.

This metric behaves differently with respect to the others listed and will be computed on a case by case need. It will be summed to the previous scores obtained with the reviews: Third-party, Internal Security and Strategy.

Risk rating

The Risk Framework will assign a percentage score that will be then translated to a letter rating (A-E) based on the protocol risks evaluation, where

  • A will be given to the highest-rated protocols in terms of overall risks

  • E will be given to the lowest-rated protocols in terms of overall risks

Rating
A
B
C
D
E

Upper bound

100%

85%

70%

55%

40%

Lower bound

85%

70%

55%

40%

0%

The Governance discussion can be found here:

The full analysis is available here:

πŸ’»
Risk Framework (v1)
Risk Framework [PUBLIC]
Yield Tranches
Best Yield
DeFi Safety
Exponential
Protocols risks
Structure
Third-party review
Internal Security review
Strategy review
Coverage
Risk rating
Third-party review
Internal Security review
Strategy review
Coverage