DefiCareDefiCare
Checking auth...

Vesper Finance

About

Vesper Finance is a DeFi yield platform offering "Grow Pools" that enable users to deposit assets and earn passive yield through automated strategies. The platform provides a simple, non-custodial interface for yield generation across multiple chains including Ethereum, Avalanche, Polygon, and Optimism. Users select pools based on asset type and risk tolerance, with funds algorithmically deployed to integrated DeFi protocols.

Where Does Yield Come From?

Vesper Finance generates yield through its Grow Pools. Each pool accepts a specific asset like ETH, WBTC, or USDC. The pool automatically moves that capital to other DeFi platforms using pre-set strategies. These strategies involve activities like lending, borrowing, and yield farming.

The earnings from those activities are used to buy more of the pool's deposit asset. This extra asset is added back to the pool, which grows the value for everyone who deposited.

The platform charges a Universal Fee. This is a 2% yearly fee on the amount you deposited. The fee is taken only from the yield earned, never from your original deposit. At each rebalance, the fee is calculated, but it is capped: if 2% of your deposit would be more than half of the yield earned, the fee is limited to 50% of that yield.

Revenue collected from all Vesper products is used to buy back VSP tokens from the open market. Those bought tokens are then distributed to esVSP holders—people who have locked their VSP tokens—as a share of the platform's revenue.

Rebalancing happens regularly to keep the strategies working. On Base and Optimism chains, it occurs about every two days. On Ethereum mainnet, it's about every ten days. During rebalancing, rewards are collected, swapped into the pool's deposit asset, and the capital is redeployed.

Strategies are built as separate, upgradeable modules. They are given risk scores to help users choose between conservative or aggressive options. For pools created by community members, the strategy author receives 5% of the fees earned by that pool, paid in the pool's native asset.

Persons

  • Gabriel Montes

    Team leader, Project Manager, Senior Engineer

  • Marcelo Morgado

    Blockchain Engineer

  • Martin Bon Foster

    Developer

Audits

Audit / DateFindingsVerdict
CertiK27-10-2020 - 31-10-2020
  • Critical0
  • High2
  • Medium4
  • Low0
  • Info2
The audit revealed two high-risk issues that were resolved, along with several medium-severity implementation concerns, resulting in a generally secure codebase with standard best-practice recommendations addressed before deployment.
Bloq20-01-2021
  • Critical0
  • High0
  • Medium10
  • Low0
  • Info9
The audit revealed multiple medium-risk code quality issues but no critical vulnerabilities, with all findings acknowledged and addressed through recommended fixes prior to deployment.
CertiK15-02-2021
  • Critical0
  • High0
  • Medium0
  • Low0
  • Info0
The audit found only informational code quality improvements with no security vulnerabilities, indicating the payment splitter implementation was fundamentally secure at the time of review.
Coinspect11-01-2021 - 19-01-2021
  • Critical0
  • High0
  • Medium2
  • Low3
  • Info0
This incremental audit found no high-risk security vulnerabilities that would lead to stolen or lost user funds, though two medium-risk issues were identified with one slated for fix and the other accepted as won't-fix.
Coinspect01-02-2021
  • Critical0
  • High0
  • Medium0
  • Low3
  • Info0
No critical or high-risk vulnerabilities were identified in the PaymentSplitter contract; only minor code quality issues were reported and addressed.
Coinspect03-11-2020 - 30-12-2020
  • Critical0
  • High0
  • Medium0
  • Low4
  • Info0
The second audit by Coinspect identified only low-risk coding practice issues, all of which were subsequently fixed. No high-risk vulnerabilities were found, though the auditor recommended improving test coverage and splitting controller roles for enhanced security.
Coinspect30-11-2020 - 01-12-2020
  • Critical0
  • High0
  • Medium1
  • Low1
  • Info0
The audit uncovered one medium-risk vulnerability related to unprotected Uniswap swaps that could enable price manipulation attacks, which the team acknowledged but chose not to immediately fix, and one low-risk coding best practice issue. Overall, no high-risk vulnerabilities were introduced by the new features, but the reliance on external DeFi protocols continues to present elevated systemic risk.
Coinspect14-09-2020 - 30-12-2020
  • Critical0
  • High1
  • Medium1
  • Low7
  • Info0
The audit revealed one high-risk fairness vulnerability that was not fixed, alongside several medium and low-risk issues that were largely addressed, indicating residual design risks but generally improved code quality post-remediation.
Coinspect02-11-2021
  • Critical0
  • High0
  • Medium0
  • Low0
  • Info0
The audit found no security vulnerabilities in the reviewed modifications, confirming that previously identified issues were properly addressed and the new V3 features were implemented securely.
Coinspect20-09-2021 - 11-11-2021
  • Critical0
  • High0
  • Medium3
  • Low1
  • Info0
The audit found no high-risk vulnerabilities, with three medium-impact issues (two fixed, one accepted as design choice) and one low-risk issue fixed, indicating the incremental changes did not introduce critical threats to user funds.
Coinspect07-02-2022 - 20-04-2022
  • Critical0
  • High0
  • Medium2
  • Low2
  • Info0
Coinspect's audit found four moderate to low-severity issues in Vesper Pools' updated contracts, all of which were addressed by the team during the engagement period, resulting in no residual high or critical risks.
Coinspect03-01-2022 - 20-04-2022
  • Critical0
  • High0
  • Medium0
  • Low1
  • Info1
The audit found only low-risk and informational issues, all of which were addressed, indicating the Vesper Pools update had no critical security flaws at the time of review.
CertiK26-06-2021
  • Critical0
  • High0
  • Medium1
  • Low15
  • Info34
This preliminary audit found no critical or high-severity vulnerabilities, identifying only one medium-severity calculation error and numerous minor code quality issues in the Vesper Pools V3 codebase.
Dedaub30-04-2021
  • Critical1
  • High1
  • Medium2
  • Low1
  • Info0
The audit found critical and high-severity sandwich attack vulnerabilities in the resurface and rebalance functions, all of which were resolved before deployment, though some medium and low issues remained open or were marked "wont fix".
Dedaub09-05-2021
  • Critical0
  • High0
  • Medium3
  • Low1
  • Info8
The audit found no critical or high severity vulnerabilities, with all identified medium and low severity issues resolved prior to deployment, indicating a generally secure implementation of Vesper Pools v3.
Dedaub09-05-2021
  • Critical0
  • High3
  • Medium0
  • Low1
  • Info8
The audit found several high-severity issues but all were resolved before deployment, indicating a thorough security review process that addressed critical functionality problems in the multi-strategy pool architecture.
Dedaub06-09-2021
  • Critical0
  • High2
  • Medium6
  • Low3
  • Info7
The audit reveals significant front-running risks in swap operations and several medium-severity issues affecting reward claiming and Compound integration, though many were resolved or dismissed. Overall security posture requires careful monitoring of swap amounts and implementation of recommended fixes.
Dedaub10-11-2021
  • Critical0
  • High0
  • Medium1
  • Low0
  • Info2
The audit found no critical or high severity vulnerabilities, with only one medium issue requiring oracle staleness checks and two minor advisory notes, indicating the Vesper protocol's core security posture was sound for the audited scope.
Coinspect23-04-2021
  • Critical0
  • High0
  • Medium0
  • Low0
  • Info0
The audit found no security vulnerabilities in the incremental changes, though it highlighted that new external dependencies on Keep3r oracle and SushiSwap should be independently assessed for comprehensive safety.
Coinspect17-05-2021
  • Critical0
  • High0
  • Medium0
  • Low1
  • Info0
The audit found no high-risk vulnerabilities and only one low-risk issue with negligible impact, indicating the Vesper V3 modifications maintain security without introducing meaningful threats to user funds.
Coinspect19-05-2021
  • Critical0
  • High0
  • Medium0
  • Low1
  • Info0
The audit found no high-risk security vulnerabilities in the reviewed modifications, with only one low-risk issue that does not represent any exploitable risk to user funds.
Coinspect11-01-2021 - 19-01-2021
  • Critical0
  • High0
  • Medium2
  • Low3
  • Info0
The audit found no critical or high-risk vulnerabilities, with two medium-severity issues identified (one accepted as won't-fix, one scheduled for fixing) and three low-severity code quality issues that were promptly addressed.
Coinspect22-03-2021 - 26-03-2021
  • Critical0
  • High0
  • Medium0
  • Low1
  • Info0
This incremental audit found no critical or high-risk vulnerabilities, with only a single low-severity gas optimization recommendation identified, indicating the reviewed code changes maintain the platform's security posture.
Coinspect07-03-2022 - 31-03-2022
  • Critical0
  • High0
  • Medium2
  • Low0
  • Info1
The audit identified two medium-severity vulnerabilities related to insufficient slippage protection in token swaps, both of which were reportedly fixed, alongside one informational code quality issue. No critical or high-risk findings were reported in this limited-scope review of strategy updates.
Coinspect02-11-2021
  • Critical0
  • High0
  • Medium0
  • Low0
  • Info0
This audit found no security vulnerabilities in the reviewed V2 and V3 changes, with only minor design observations that do not pose immediate security risks.
Coinspect20-09-2021
  • Critical0
  • High1
  • Medium2
  • Low1
  • Info0
The audit identified one high-risk issue with unchecked return values from Convex interactions, along with medium and low-risk findings related to access controls and token accounting. All critical issues were resolved, leaving residual design considerations for external protocol integrations.
Dedaub08-04-2022
  • Critical0
  • High0
  • Medium0
  • Low1
  • Info2
The audit found no critical or high-severity issues in the fee logic changes, with only one low-severity concern about potential overpayment of fees in specific Earn strategies, indicating generally safe modifications to the Vesper Pools protocol.
Dedaub12-10-2021
  • Critical0
  • High1
  • Medium1
  • Low4
  • Info0
The audit identified one high-severity vulnerability in DyDx flash loan callback security alongside several medium and low-severity issues, with some already resolved during the engagement. Overall security posture appears reasonable given the audit focused on code diffs from previous comprehensive reviews.
Halborn03-08-2022 - 05-09-2022
  • Critical0
  • High2
  • Medium3
  • Low2
  • Info3
The audit found several high-risk migration issues and medium-severity vulnerabilities, most of which were resolved by the Vesper Finance team, though one sandwich attack risk remains partially unaddressed but is managed through operational practices.
Dedaub09-03-2022
  • Critical0
  • High1
  • Medium3
  • Low3
  • Info0
The audit found no critical vulnerabilities but identified several high-to-medium severity logic and configuration issues, most of which were resolved by the team. The limited scope focusing only on recent code changes means residual risks may exist in unaudited portions of the large protocol codebases.

Legal

Legal form

Limited company (Ltd.)

Status and notes

Legal documents (Privacy Policy, Terms of Service) hosted on GitHub identify the operator as "Vesper Brewing Co. Ltd." No imprint, company registration number, or jurisdiction explicitly disclosed on official website, docs, or legal files.