Yearn Finance
About
Yearn Finance is a decentralized yield aggregator that provides automated vaults for passive yield generation. Users deposit assets into yVaults, which are capital pools that automatically deploy funds across various DeFi opportunities. The platform handles yield generation, rebalancing, and gas optimization, allowing users to earn yields without managing complex DeFi strategies.
Where Does Yield Come From?
Yearn Finance generates yield through automated vaults called yVaults. Users deposit assets into these vaults, which then spread those funds across various decentralized finance (DeFi) protocols and strategies. The vaults automatically move capital between different opportunities—like providing liquidity (especially in Curve pools), lending on lending markets, and other yield sources—to optimize returns relative to risk.
Yearn charges two types of fees. A performance fee is deducted from the yield when it is harvested (collected). A management fee, which is a flat annual rate, is taken by slightly reducing the value of each user's shares at harvest time. After a governance update (YIP‑69), fees became dynamic: single‑asset vaults typically have no management fee, while factory‑deployed vaults have a 10% performance fee.
Vaults exist in several versions. Version 1 is deprecated (no longer used). Version 2 vaults are the workhorses, focused on the Curve ecosystem. Version 3 vaults follow a technical standard (ERC‑4626) and use tokenized strategies; these can operate as standalone vaults or be combined into multi‑strategy vaults.
Yield comes from multiple sources: Curve pool fees, CRV token rewards, Convex Finance rewards, interest from lending protocols, and incentives from partner protocols. The system spreads transaction (gas) costs across all users and automatically compounds yields—reinvesting earnings to generate more yield. Strategies report profits and update their debts through efficient mechanisms.
Persons
Mariano Conti
Multisig Signer
Leo Cheng
Multisig Signer
omnifient
Multisig Signer
0xngmi
Multisig Signer
Ephy
Multisig Signer
Lefteris Karapetsas
Multisig Signer
Michael Egorov
Multisig Signer
CryptoHarry
Multisig Signer
Tapir
Multisig Signer
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
StateMind05-02-2024 - 01-03-2024 |
| The audit found no critical or high-severity vulnerabilities, with all medium issues resolved and informational risks either fixed or acknowledged, indicating a generally secure implementation of Yearn V3's tokenized strategies architecture. |
ChainSecurity21-04-2023 - 03-05-2023 |
| The audit revealed no critical or high severity vulnerabilities, with all identified medium and low issues addressed before finalization, indicating a solid security posture for the Tokenized Strategy template framework. |
ChainSecurity11-04-2023 - 04-05-2023 |
| The audit revealed no critical or high-risk vulnerabilities, with all medium severity issues resolved before finalization. The codebase demonstrates good security practices, though several low-risk design considerations remain acknowledged. |
yAudit03-07-2023 - 28-07-2023 |
| The audit uncovered moderate compliance issues with ERC4626 standards and several low-risk vulnerabilities, all of which were addressed by the Yearn team, resulting in a codebase with solid security fundamentals but requiring further testing integration. |
MixBytes01-12-2020 |
| No critical or major vulnerabilities were found; the identified warnings and comments represent moderate code quality and validation issues that were acknowledged and addressed by the Yearn team. |
MixBytes01-12-2020 |
| The audit found no critical vulnerabilities but identified two medium-severity issues (withdrawal lock and re-entrancy) that were promptly fixed, along with several informational improvements, resulting in a well-structured Vyper codebase with enhanced readability over previous Solidity implementations. |
Trail of Bits12-04-2021 - 30-04-2021 |
| The audit uncovered several high-severity vulnerabilities in Yearn v2 Vaults, primarily around input validation and debt calculation logic, though most were addressed with fixes reviewed by Trail of Bits. Residual risks remain in strategy interactions and front-running opportunities that require ongoing monitoring. |
Backers
Based on official Yearn governance forum posts, Yearn explicitly states it does not have investors: "Yearn does not have investors. There are no VCs, no angels, no SPACs, and no SPVs that are pulling the strings in the background." (Source: "How we think about Yearn" post, October 2020). Yearn was launched as a fair launch project with no pre-mine or venture capital backing. The protocol generates revenue from fees and manages its treasury through automated systems and community governance, without traditional investor funding rounds.
Legal
Status and notes
No legal entity, terms of service, privacy policy, or imprint disclosed on official Yearn sources (yearn.fi, docs.yearn.fi, GitHub, governance forum). Yearn is described as "a collective of developers, users, thinkers, and doers" governed by YFI token holders via multisig (9 signers, 6/9 required). Documentation states Yearn contributors and YFI token holders provide no guarantee of safety of funds.