Idle Finance

About

Idle Finance is a decentralized yield optimization protocol, live since 2019, that algorithmically allocates user deposits across a curated set of leading DeFi lending and yield protocols (Aave, Compound, Morpho, Lido, Clearpool, Instadapp, and others) to pursue the best risk-adjusted returns. It offers two core product suites: Best Yield, a lending aggregator that continuously rebalances stablecoins into the highest-earning lending pool, and Yield Tranches, which tranche pooled deposits into Senior (protected, lower yield) and Junior (boosted yield, first-loss) risk classes. The protocol is governed by the Idle DAO via the IDLE token and is transitioning its brand to Pareto, a credit coordination protocol.

Where Does Yield Come From?

Idle Finance generates yield in two different ways, depending on which product you use.

Best Yield vaults – Users deposit a single type of asset (like DAI, USDC, USDT, or WETH) into a shared pool. An automated bot running off-chain constantly watches lending rates across different DeFi protocols (Compound, Aave, Morpho, and others) and figures out the best way to spread the pool's money around. When the ideal split drifts from what's actually happening on the blockchain, the vault's smart contract automatically moves capital between those lending pools in one transaction. This rebalancing spreads the gas cost across everyone in the pool and aims to get the highest average return for all depositors. Users don't need to hold any extra LP tokens (pool receipts) or do any additional staking to earn.

Yield Tranches – Here, deposits (such as stETH, stMATIC, DAI, or USDC) are collected into a single strategy that stays market-neutral — for example, Instadapp's stETH pool, Morpho lending markets, Clearpool credit pools, or Lido staking. The returns are then split into two classes:

Senior tranche – Lower, protected yield. The Junior tranche's capital acts as a buffer to shield Senior depositors from losses.
Junior tranche – Higher, boosted returns, but Junior depositors absorb any losses first (first-loss capital).

The yield in these tranches comes from lending interest, automated market maker (AMM) trading fees, and incentive rewards from protocols that distribute extra tokens for farming.

Fees: Best Yield vaults take a 10–15% performance fee on any yield you earn, deducted when you redeem your funds. Yield Tranches take a 10–15% performance fee on auto-compounded rewards, deducted each time rewards are compounded. All fees collected go to the FeeTreasury contract and the Treasury League multisig wallet, both of which are controlled by IDLE token holders. Partners and integrators can receive up to 50% of the fee as a revenue share. There are no deposit or withdrawal fees for users beyond the performance fee.

Persons

Matteo Pandolfi
Founder, CEO
LinkedIn
William Bergamo
Founder, CTO
LinkedIn
Samuele Cester
Founder, CPO
LinkedIn
Francesco Bianchi
Contributor, Treasury League
LinkedIn
Davide Menegaldo
Advisor, Idle Labs / Treasury League
LinkedIn
Salomé Bernhart
Advisor, Treasury League
Emiliano Palermo
Advisor, Treasury League
Richard Thomas-Pryce
Advisor, Treasury League
Evan Mair
Advisor, Treasury League
Thomas Rush
Advisor, Treasury League
Felix Machart
Advisor, Treasury League
Denis Devčić
Advisor, Communication League
Miko Matsumura
Advisor, Communication League
Bakuchi
Developer, Development League
Leonardo Crosato
Contributor, Communication League
Diana Richter
Advisor, Communication League
Ginevra Maggi
Contributor, Communication League

Audits

Audit / Date	Findings	Verdict
Hans Friese04-11-2024 - 06-11-2024	Critical0 High0 Medium4 Low1 Info0	The audit found no critical or high-severity vulnerabilities in the Idle DAO withdraw-queue contracts; the four medium-risk findings and one low-risk finding should be reviewed and remediated before production use, but no immediate systemic threats were identified.
Hans Friese15-10-2024 - 16-10-2024	Critical0 High0 Medium2 Low0 Info0	The audit found no high or critical vulnerabilities, with only 2 medium-severity issues identified in the deposit queue contract, indicating a solid baseline security posture for the Idle Finance idle-tranches codebase. Remediation of the medium findings is advised before deployment.
Hans Friese02-10-2024 - 04-10-2024	Critical0 High0 Medium4 Low1 Info0	No high or critical issues were found, but four medium-severity findings — including a potential DoS and incorrect interest calculations — warrant remediation before deployment. The protocol benefits from a focused manual review that identified actionable risks across vault withdrawals, epoch management, and event emissions.
Hans Friese30-07-2024 - 02-08-2024	Critical0 High0 Medium3 Low4 Info0	The review identified no critical or high-risk issues, and the three medium-risk findings relate to edge cases in epoch and withdrawal logic that should be remediated before deployment. Overall the protocol shows reasonable security posture with all issues being moderate or low severity.
Hats Finance26-10-2023	Critical0 High0 Medium0 Low1 Info0	The audit competition found only one low-severity issue (deposit-limit bypass) and no critical or high-risk vulnerabilities, indicating reasonably solid contract logic; addressing the low-severity finding will further strengthen the Yield Tranches product before deployment.
Hans Friese28-08-2023 - 01-09-2023	Critical0 High0 Medium4 Low2 Info1	The audit identified 4 medium-severity issues (including read-only reentrancy and inconsistent NAV updates), all of which were remediated and verified, resulting in a reasonable security posture for the Yield Tranches contracts. No high or critical risks were present at any point.
CertiK12-10-2021 - 25-10-2021	Critical0 High3 Medium2 Low4 Info0	The audit found no critical vulnerabilities, and the team acknowledged all major centralization/privilege risks while resolving one medium and one minor issue, demonstrating reasonable remediation. However, all 3 major findings remain acknowledged (unresolved), indicating residual centralization risk that users should consider.
Consensys Diligence01-06-2021	Critical0 High0 Medium3 Low3 Info0	The three medium-severity findings (re-entrancy, inconsistent pricing, and harvest price manipulation) represent material risks that the development team claimed to have fixed, though the fixes were not re-verified by the auditors, and the report itself notes that the code's heavy reliance on external DeFi integrations makes manual verification of critical functions like `harvest()` and pricing close to impossible without extensive fuzz and integration testing.
Quantstamp02-12-2019 - 23-04-2021	Critical0 High0 Medium4 Low11 Info18	The Quantstamp audit identified no high-risk vulnerabilities and all medium-risk issues (centralization, access control, redemption bugs) were resolved, resulting in a solid security posture for Idle Finance; residual acknowledged items are primarily design decisions or bytecode-size limitations rather than exploitable threats.
Quantstamp12-10-2020 - 26-10-2020	Critical0 High0 Medium1 Low2 Info4	The audit found no high or critical risks; the one medium issue and the undetermined issue were both fixed, and the remaining low/informational items were either resolved or acknowledged, indicating a reasonable security posture for the scoped contracts. However, the limited scope (three contracts) and intentionally low test coverage on Compound-derived code mean some systemic risks were not examined.

Backers

Idle Finance raised a $1.2M seed round led by gumi Cryptos Capital (gCC). The seed round was joined by Rockaway, and other investors include Consensys, Fasanara, Greenfield One, Longhash Ventures, and The LAO — all listed as trusted partners/investors on the Idle Finance homepage. The seed round was announced in a July 2021 blog post by gumi Cryptos (lead investor), which states that gCC "lead Idle's $1.2M seed round" and that they were connected to the team by Rockaway. No subsequent funding rounds (Series A, etc.) were found on official sources.

Legal

Legal form

Limited Liability Company (LLC)

Registration jurisdiction

Marshall Islands

Status and notes

The operating entity is Idle DAO LLC, a limited liability company registered in the Marshall Islands, as disclosed in the Legal Notice, Terms of Service, and Privacy Policy. The website footer shows © 2025 Idle DAO LLC. The Terms of Service (Section 25) are governed by the laws of the Marshall Islands. The Privacy Policy lists the Owner and Data Controller as "Idle DAO LLC, Marshall Islands" with contact email [email protected]. Legal pages (Legal Notice, Terms of Service, Privacy Policy, Risks Disclosure Statement, Restricted Persons) are all available and accessible on the website.