Yield Farming in Defi
Yield farming (also known as liquidity mining) describes any system where there is an incentive to deposit a type of token or multiple token types in order to generate rewards in the form of the deposited token or another (usually derivative token). The most common scenario is staking and it also includes providing liquidity in a liquidity pool (in the case of AMMs).
Why is Yield Farming a thing?
My previous article detailing Defi token design covers why staking is important, to summarise the article: Staking is both of critical security importance (for PoS systems) and also to incentivise holding the token. It also provides much-needed liquidity for the token at a gradual rate as opposed to a big ICO dump (which usually results in the price of the token tanking and never recovering). Yield farming is also how investors will share fees generated from the underlying protocol.
In the case of liquidity provision in an AMMs liquidity pool (LP), yield farming which takes the form of LP rewards is essential in providing an incentive to provide liquidity. Without LPs, AMMs cannot function effectively, and instead, a different market-making system would be required, one where a smart contract needs to actively match users wishing to trade tokens (which would result in higher trading fees and more waiting times between trades).
How are returns calculated?
Yield farming is investing, and with investing comes calculating the returns. Generally, estimated return from yield farming is calculated in annualised rates. The rates used are APY (Annual Percentage Yield) and APR (Annual Percentage Return), calculated in the same way it’s done with traditional lending and investing respectively. The difference is, the APR doesn’t take into account the effect of compounding while APY does.
APR
The APR is calculated as:
Periodic Rate x Number of Periods in a Year
So if for a period of one year and a yearly rate, the APR is just the yearly rate.
APY
The APY is calculated by multiplying the periodic interest rate plus one by the number of periods in a year then subtracting one. Why one plus the rate? Because that’s how compounding works. You subtract the one after to get the actual rate. Hence the APY is calculated as:
APY = (1 + Periodic Rate) x Number of periods-1
Here’s an example of the calculation done in Defi on the Ferrum network.
Yield from Staking
How do these rates come into the picture for yield farming? Let’s look at staking. When you stake you are placing your assets into a locked period and getting paid in either the same asset or another asset. If it is the same asset, then usually that payment (the inflation) is put back into your staking funds and thus back into staking. This means for the period your funds are locked, you are compounding on your initial stake.
Yield from LP
For LPs in an AMM, it’s a little bit different. You aren’t guaranteed a yield with your staked two-sided liquidity since it depends on how often the pair in the pool is traded which impacts the fees you receive and hence your return. Furthermore, your overall return is also impacted by the impermanent loss which is guaranteed to occur unlike staking where you are HODLing your asset.
Risks with yield farming
The risks involved with yield farming can be distributed into four broad categories:
Scam Risk
Scams are abundant in the unregulated crypto sphere and yield farming its own set of common scams. With staking and LP provision, to deposit your token into the pool you allow the staking smart contract to access your wallet and transfer your funds into the smart contract leaving your liquidity at the developer’s mercy. And if they choose to withdraw all the funds, you are futile to stop it. The given name for this event throughout the community is “rugpull”.
- Many examples of this existed when BSC initially launched where many .finance clones of Pancakeswap that offered unbelievable high yields would open up staking and dump the tokens onto users. So many of these projects sprung up that a website was made just to track them all: https://poocoin.app/.
- The notorious almost rugpull of Meerkat finance where the team alerted users that they were hacked and funds were stolen. However soon the stolen funds were returned and the hack was revealed to be a social experiment by the team. The more accepted theory was that the team decided not to go through with the rugpull, knowing they might not be able to exit successfully given that the popularity of Meerkat Finance would draw attention from BSC which controls the on and off-ramps to their platform, allowing them to potentially freeze the funds.
- A famous almost rugpull example involves Chef Nomi, the anonymous developer for SushiSwap who sold his Sushi tokens resulting in $14 million worth of tokens. There was a lot of backlash from the community and he ended up returning the funds.
Smart Contract Risk
Unintentional bugs in the smart contract of the token provide opportunities for exploits. This risk is very real for legitimate projects, especially with how relatively new Solidity is as a language and the lack of highly experienced developers. Many companies will offer audits of their code which can certify security to an extent.
- The recent PolyNetwork exploit where the hacker was able to essentially “exploit the cryptography”. A detailed explanation can be found in this twitter thread.
- Although not hack that resulted from a security flaw in the smart contract, the EasyFi hack was the result of the admin keys being stolen from their machine. The founders decided to fork the token to preserve user funds (rendering hacked funds essentially useless).
Ethereum fee risks
Due to the unpredictability of transaction costs on the Ethereum network, locked funds are subject to Ethereum fee risks when investors look to redeem their stake. For shorter periods the risk is low however for a longer-term horizon it can be material. Alternatives to this of course are to look to stake on other chains such as Binance Smart Chain or Polygon.
Price Risk
As with any asset that is illiquid, it is subject to price risk, and with the volatility of crypto, the risk is multitudes higher. If the market value of the tokens obtained from staking plus the initial stake amount is lower than the market value of the initial stake prior to staking, then you have lost money from deciding to stake the tokens.
Whilst the general factors of supply and demand fund flows impacts a crypto asset much like an equity counterpart, the very nature of crypto gives rise to some specific risks:
Flash Loans
Flash loans are a loan unique to crypto-assets and there is no real-world equivalent currently. At a high level, flash loans are borrowing without collateral where the entire loan and reconciliation of the loan occurs in one transaction block. Flash loans only work due to the nature of smart contracts allowing for automatic execution based on conditions. This is a kind of a mechanism that is hard to imagine in traditional finance since loan repayment can only be enforced by a central institution. They provide leverage to any user and scale up standard Defi operations like arbitrage and liquidations. However, with this power comes the side effects. Since flash loans allow anyone to be a whale for a short period of time, with the right timing and transactions malicious actors can launch market manipulation attacks. Scale that further with multiple flash loans and high volume transactions can radically inflate token prices in seconds, forcing massive price volatility.
- The PancakeBunny exploit on BSC where the exploiter manipulated the automated market maker algorithm by sending the price up artificially using flash loans. At the increased price, the exploiter managed to pay off the loand. Read more about that here.
- The hack on Yearn Finance used a flash loan to borrow 215K Ethereum from dYdX that was used as collateral to borrow 134M USDC and 129M DAI fron Compound Finance, they then manipulated Curve Finance’s liquidity pool with the tokens to gain LP fees. here.
Oracle Manipulation
The weakest point in a smart contract is the oracle. The blockchain is unable to gain data from the outside world itself and oracles are the source of truth for smart contracts. Getting accurate price data that is secure and reliable is difficult and hacking an oracle that a blockchain relies on would grant a hacker the ability to subsequently manipulate the smart contract.