How to assess the yield farming risks and benefits of a DeFi project?

This article was published on Steaker by Wilson.

This article is compiled from the checklist that the Steaker DeFi Team confirms before engaging in DeFi Farming. It can be considered our SOP/Checklist for evaluating whether to enter a new DeFi project. Before reading this article, it is recommended that readers first read the following introductions to DeFi and Yield Farming for a more comprehensive understanding of the content.

· DeFi (Decentralized Finance): DeFi is built on the Ethereum platform and executes assets or protocols through smart contracts, combining them into new projects or financial products, hence also referred to as "money Legos." Under this concept, financial services do not have to operate through centralized institutions like banks, allowing users a great degree of participation freedom, realizing the original ideals of "decentralization" and "transparency."
· Yield Farming: Providing liquidity to DeFi protocols to earn rewards (Liquidity Mining), thus operating different DeFi protocols to maximize the return on cryptocurrency assets. This action is metaphorically likened to farming yields.

Many people think DeFi farming is like the Chad DeFi Degen on the right side of the image, just putting money into whichever project has a high APY, but this approach usually does not yield good results; whereas the Steaker DeFi Team is more like the conservative analyst (Virgin DeFi Analyst) on the left side of the image, strategically allocating after thorough research and analysis.

Part 0: Basic Principles for Evaluating DeFi Projects

Many DeFi projects in the market are highly hyped, but incidents of scams or hacks are also frequent. In this situation, how can we select safe and profitable projects? The Steaker DeFi Team examines the following three aspects before deciding whether to engage in liquidity mining, with the content of the smart contract being of utmost importance. We must first confirm that the smart contract is sound before proceeding to the next evaluation step:

1. Smart Contract

A smart contract is a set of code executed on the blockchain, designed for different applications and protocols. It is triggered and executed automatically when the conditions set by the protocol are met, without requiring trust between both parties. Due to the characteristics of blockchain, smart contracts have advantages such as transparency and high efficiency. However, since the code of smart contracts is written by humans, it is essential to pay attention to any suspicious functions; any unnecessary code carries risks. The latter part of this article will delve into key points to watch out for.

2. Token/Economics

Different projects design their own token economic models to ensure good operational modes for the platform and attract more users to provide liquidity. Common aspects include consensus mechanisms, token supply, issuance rules such as inflation rates, fee markets, validator yield rates, and target staking ratios. Some emerging DeFi projects even set voting rules and community governance functions. In-depth research is necessary to uncover investment opportunities and potential risks.

3. Community Team and Management

Every DeFi project has its own team behind it. In the world of cryptocurrency, community management is crucial. It is advisable to assess whether the team is trustworthy. Even if the team is anonymous, one can observe whether they are actively managing the community on platforms such as Twitter, Discord, Telegram, and Medium. These are common community sites where one can observe user activity levels and whether the development team is responsible for the project, thereby reducing the risk of project failure or scams.

Part 1: Smart Contract

"I have always agreed with Elon Musk's principle of first principles. Many ways of doing things have their context, and the context and historical origins have their reference value, which I do not deny. However, sometimes over time or due to changes in the era and technological advancements, when the assumptions change, we must always return to first principles. In the world of blockchain, code is the first principle, so most problems can be discovered or prevented within the smart contract, which is why I place smart contracts first."

Wilson points out the importance of the code within contracts. Next, we can assess whether there are security concerns in the smart contract from aspects such as third-party audits, comparisons before and after project forks, and the settings of the development team.

1. Is there a third-party audit?

When looking at a DeFi project, one can first raise security-related questions, such as: Has this project been reviewed by a reputable third-party auditing firm? Is there a publicly available report? Well-known DeFi projects have undergone audits; if one finds that there has been none, caution is warranted, as projects without audits may carry risks. However, new projects with good returns often do not have such reports because auditing firms move slowly, and by the time the report is out, the returns may have already been diluted, and the annualized yield has decreased.

The Steaker DeFi Team is very familiar with blockchain technology and smart contract development, so they do not wait for reports to take action. They directly check the verified source code on Etherscan, and after assessing the risks and related rewards, they can confirm that everything is fine and proceed to enter the market, securing the latest and safest farming benefits.

2. Is it a fork of another project?

No audit report is fine; if the project claims to be a fork of a well-established project, one can look for related Diff (code comparison) reports, whether provided by the project team or obtained by comparing the code oneself. This method is faster than waiting for an audit report. For example, Cream Swap has actively provided a Diff report with Balancer, showing what parts they modified and what features they added.

Added the ability to move unbound tokens to the control of the liquidity pool manager, which is useful when rewards are distributed to the pool (e.g., COMP or CREAM).

This description indicates that this function was added to remove assets that should not appear in this liquidity pool, usually mistakenly transferred digital assets, which is very useful when unexpectedly acquiring other types of tokens and rescuing users who mistakenly sent the wrong tokens.

3. Are there any suspicious functions? Can the contract's maximum authority holder sell tokens in large quantities?

It is also necessary to check for suspicious functions within the smart contract, such as the ability to alter digital asset prices or mint an unlimited number of tokens, or even the ability to move liquidity pool funds. Any unnecessary functions or code carry risks.

4. Are there protective measures like burning keys or setting time locks?

This is a common practice in the field. The role with the highest authority in the contract is called Admin/Owner, which is usually the address of the deployer of the contract. One can examine which address has the authority to mint, freeze, pause, or burn tokens, or whether this address still has the authority to perform actions that could rug pull users.

Rug Pull in the cryptocurrency world usually refers to when someone with authority sells off a large amount of tokens after everyone has put their money in, withdrawing funds all at once, causing the token price to plummet rapidly.

For players in the YFI series, before engaging in multi-pool liquidity mining, they are very concerned about whether the contract has burned the private key (Burn Key). At this point, one can check whether the Admin's address appears to be one that no one could possibly own, or whether no one can execute functions to increase or move funds. For example, Based Money stated directly on their official website: "The only rule is that no one can change the rules. There is no owner, and since the private key has been burned, the contract cannot be changed. There can be no scam."

If one really looks at the contract, they can verify the above statement, which is a way to gain users' trust.

Another method is to set a time lock. If a project needs to maintain flexibility for future modifications but also wants to gain the community's trust, they will set a time lock, commonly for two to three days. This means that once the project team wants to move all the funds or perform actions that violate the initial agreement, their actions will be revealed on the blockchain, and they must wait two to three days for execution. This time frame is sufficient for the public to react; if any anomalies are detected, token holders can immediately sell their tokens or withdraw their funds.

However, if the project team genuinely intends to update or improve the project, they will first announce it to users, and when making actual changes, users will also be able to see the changes on the blockchain within two to three days.

Part 2: Token/Economics

Remember the first principle: confirm the code of the smart contract. After confirming that there are no issues, this is just the first technical hurdle. The second hurdle is to look at more practical aspects, which we will discuss further below.

1. Applications and Valuation

The type of application of a DeFi project is also very important. One should not rush into the market just because of high annualized yields; each DeFi application has its corresponding valuation and timeline. Currently, applications are very diverse, with hard demands mainly in lending markets, trading markets, contract markets, investment strategy platforms, etc. Projects with long-term demand will generally have higher valuations and better sustainability. Some projects are purely for mining, providing liquidity for platform trading, and once the rewards are exhausted, they have no further plans, leading to shorter timelines.

For example, the lending market projects Cream and Compound have governance tokens with several years of release periods, and collateralized lending and borrowing are foundational to leveraged trading and financial markets, which can be considered "essential needs." These projects also have community governance and liquidity mining mechanisms, making them projects worth looking forward to for several years. If a project is merely a fork of another without its future products, it can only be held for a short time, and its valuation will not be significant because there is no basis for comparison. For instance, Sushi Swap or most projects named after food last year allowed users to participate in mining simply by providing liquidity on Uniswap, but once mined, they could only sell the tokens, with no future governance use.

2. What tokens to prepare before entering the pool

Many DeFi projects require users to deposit tokens into liquidity pools. Before entering the pool, one should consider which tokens to prepare, whether to choose stablecoins, tokens with price fluctuations, or to provide more than one type of token, as this will affect returns.

If it is simply a so-called "free pool," where one can just provide stablecoins and receive tokens, that is a relatively safe and low-risk approach. For example, in one of YFI's pools, one can mint yCRV to stake and receive YFI tokens as rewards from the strategy platform; collateralizing USDT or USDC into Cream/Compound can also yield rewards like CREAM/COMP. These are ways to obtain tokens that can be sold for profit, with the principal being stablecoins that are not affected by volatility, but the annualized yield (APY) is usually lower.

3. Impermanent Loss

In addition to the previously mentioned free pools, another type of pool carries higher risks and rewards, potentially facing impermanent loss (IL).

· Impermanent Loss (IL): In decentralized exchanges, liquidity providers act as both buyers and sellers. The tokens in the pool experience price changes due to trading, affecting the holdings. Therefore, when prices drop, not only is the principal losing value, but forced margin calls can lead to even greater losses.

However, "impermanent" is not as temporary as it sounds; as long as there is an IL pool, users have a high probability of losing money when withdrawing, unless they time their exit perfectly or have taken hedging measures after thorough understanding. However, high risks usually come with high annualized returns, so it depends on whether one can recover the lost funds in a short time while bearing the risk of loss.

When facing a pool, one must be able to discern whether the pool will incur IL, and if so, how to respond. If not, one should also consider other risks, such as slippage in system design, etc.

4. Market Liquidity

This is a point that high-net-worth or institutional users need to pay special attention to. Although DeFi can be quite profitable and has become a hot topic in the cryptocurrency world, the amount of funds is still significantly smaller compared to traditional trading markets. If a large amount of capital is to enter the market, it may dilute the entire annualized yield.

For example, if a pool has about two million dollars in funds and currently offers an annualized yield of 365%, which is very enticing, but then a large investor injects eight million dollars, the annualized yield drops below 70%, which is a significant difference from the expected daily profit of around 1%.

Alternatively, if a large investor mines governance tokens worth one million dollars and wants to sell them, they may find that the largest trading market for this token, Uniswap, has only ten thousand dollars in liquidity. Selling would crash the price to zero, meaning the reward would not be one million dollars, possibly even less than one-tenth. This is also something that should be investigated from the start.

Of course, retail investors will not have this issue; the advantage of smaller amounts is that they do not have to worry about this aspect, but they will face the problem of high gas fees. During the DeFi boom, gas prices were indeed very high, often requiring transactions of 200-1000 gwei to be successfully included in blocks. A successful transaction could cost around 2-10 USD, while other actions like staking, depositing, or withdrawing could also cost 5-100 USD. Completing a complex DeFi operation may require more than one transaction, and it is possible to need to initiate five or six transactions. Therefore, if a retail investor does not have a large enough principal, the profits they can obtain may not cover the costs.

5. Special Rules Set by the Project Team

Next, let's introduce some special rules. Some projects have unique economic rules for their governance tokens, including Halving, Burning, Minting, Rebase, etc. Among these, Rebase carries the highest risk. Here is a brief introduction to these actions.

· Halving: The amount of tokens entering the market as rewards is reduced by half over the same period, meaning the token issuance rate is halved.
· Burning: Token burning refers to the project team permanently removing a portion of tokens, reducing the total supply. This not only decreases the number of tokens circulating in the market but also makes the tokens scarcer, potentially increasing their price.
· Minting: Tokens minted at the time of initial issuance or subsequently decided by the team to increase supply are referred to as Minting, which also represents an increase in total token supply.
· Rebase: Based on market demand changes, when the token price changes, the supply is elastically adjusted, keeping the value of the tokens users hold the same. By expanding or contracting the supply, the token can return to its target price, as seen in mechanisms set by Ampleforth or YAM Finance.

Among them, YAM, which was extremely popular in 2020, improved upon AMPL's token supply rules, anchoring the market price of stablecoins on Uniswap. The number of tokens held by users would increase or decrease with price changes. Some users who did not understand the overall economic concept of this token entered the game, and combined with the rebase bug discovered at that time and a series of events occurring on centralized exchanges, when these issues erupted, it was too late to escape, leading to situations like the screenshot below, where the victim had no idea what happened, and then their money evaporated:

Part 3: Community Management

The final part is a significant bonus point; whether the team has invested effort in managing the community and providing public information is also indispensable.

Is there a listing on mainstream information platforms?

To gauge whether the team has experience and is familiar with the cryptocurrency ecosystem, one can check if they have applied for listings on mainstream information websites. Many projects that only aim for short-term scams or use cryptocurrency and DeFi as a gimmick to issue tokens do not make efforts on these platforms, and some may not even know where to upload their governance token logos. Here are some commonly known information websites:

CoinMarketCap, Coingecko: Cryptocurrency market capitalization ranking and price query websites

DeFi Pulse: A well-known decentralized project market capitalization ranking website

Yieldfarming.info: A website for querying DeFi Degen farming annualized yields

Etherscan: A well-known Ethereum blockchain explorer

1. Who is the team? Who are the investors or well-known KOLs recommending them?

Whether the team is named in the contract, whether there are well-known venture capital investments, and whether there are reputable community KOLs introducing the project are all key factors. However, compared to last year's DeFi boom and the ICO frenzy of 2017, DeFi projects typically have products before issuing tokens, which is quite different from the previous model of issuing tokens based solely on a white paper. Therefore, the evaluation is more complex.

DeFi products are usually smart contracts, so whether the team is named is not as crucial; the main focus is on whether there are issues with the smart contract. Thus, many projects by anonymous teams like Sushi and Based still have many users participating.

However, named teams tend to have a longer-term outlook, as they are under public scrutiny and need to be accountable. Additionally, one can check whether the project has co-signers; for example, Andre Cronje of the well-known DeFi project YFI decentralized the management of YFI minting private keys into a multi-signature setup and recruited many KOLs from the cryptocurrency community as co-signers. This approach has influenced many subsequent DeFi projects to follow suit, such as Cream's co-signers, which include several well-known figures in the cryptocurrency space, including Compound's CEO, Robert Leshner, and FTX's CEO, Sam Bankman-Fried, as well as Kyle Samani from Multicoin Capital. Unlike before, where VCs supported projects by investing money, this time DeFi involves community governance, which also helps make projects more legitimate.

2. Evolution of Mainstream Community Platforms

The way communities are managed has also begun to change, with Discord and Twitter becoming the main platforms. On Twitter, it is essential to continuously interact with various KOLs in the cryptocurrency space and share insights, as project updates are often posted there first. Binance's CEO, Changpeng Zhao (CZ), frequently uses Twitter to post updates. Discord and Telegram are commonly used platforms for cryptocurrency communities abroad, where users of different projects can discuss in channels, allowing one to observe the activity levels of these communities. Medium is a platform for publishing more formal and detailed content, often used for announcing important matters.

Conclusion

With the rise of DeFi, discussions have shifted from the high returns to gradually becoming familiar with the underlying mechanisms. However, as Wilson pointed out in the article, DeFi is a niche market with many opportunities to make money, but the barriers to entry are relatively high, requiring a certain level of expertise to identify truly safe and profitable projects among the myriad of options. In the cryptocurrency world, a day is equivalent to a year in the real world, and the market changes rapidly every day. Those working in the industry will be the first to know about new developments, and by the time many information compilations or educational resources are introduced, the opportunity may have already slipped away, leaving only outdated strategies and inflated token prices. At that point, entering the market may be too late.

The content of this article does not constitute any investment advice; it is purely a sharing of experiences and analyses. Before engaging in any DeFi games, one should conduct their own research and only use funds they can afford to lose.