SAM BR6 #319
Description
Scope
The SAM team is dedicated to keeping security and monitoring in place for Yearn projects and strategies.
Old BRs:
- Sam - Security and Monitoring #5 #296
- Sam - Security and Monitoring #4 #278
- Sam - Security and Monitoring #3 #252
- Sam - Security and Monitoring #2 #237
- Sam - Security and Monitoring #218
Plan
The team will continue to build and improve a monitoring system for the underlying protocols to ensure strategy safety and conduct all internal security reviews of the Yearn ecosystem. Curating is a big part of current and future work, which brings revenue to Yearn Treasury. All planned tasks are split into the following categories:
1 - Internal Security Reviews of Yearn
V3 Strategy Reviews:
- Strategy Security Reviews: Focus on identifying bugs in production and assessing audit quality.
- Emergency Withdrawals: Continue to add tests for emergency withdrawals on strategies in production. Tests are run daily on the latest fork to ensure emergency functions can be called.
- Risk Score Attachment: Attach risk scores to issues based on prepared risk assessments and add comments to justify the scores if necessary.
Bug Bounty Management
Yearn Finance has an open bug bounty program on Immunefi. Submitted bugs will be checked and verified by the team. Additionally, new contracts will be added to Immunefi as they are deployed and ready for the bug bounty program.
Continue with Bug Bounty program on Sherlock, which covers only strategy-specific code in production.
2 - Yearn Risk Scores
Continue the work on Risk Score Framework, add new risk score values and attach values to Yearn V3 fronted.
Hourly track and evaluate Morpho vaults risk scores. Updated strategy risk scores depending on the monitoring risk score defined here.
Track collateral allocations in Compound and Euler markets that are used by Yearn V3 vaults. Update the strategy risk score depending on collateral risk.
3 - Risk Monitoring
The team will work with the strategist on which data should be monitored to ensure strategy safety and help in building the monitoring system. Tenderly will be used heavily for this, with additional custom tools depending on the protocol.
Create and manage Telegram monitoring groups for each protocol. Governance contracts are also monitored, and we will keep them up to date.
Monitor new markets on Morpho as they get added to Morpho vaults that are used by Yearn strategies.
Extend a list of protocols that we monitor depending on TVL and how much it affects us.
4 - Curating
SAM team is working as curator on Morpho, currently handling TVL $170M+. We are managing 12 vaults on Morpho (4 mainnet, 2 base, 4 katana, 2 arbitrum) with plans to create more depending on the opportunities on current chains. Focus on Katana and Mainnet, where we have the highest TVL. Explore HyperEVM chain for Morpho curating, additional liquidity and asset monitoring is required. Continue to add new markets to current vaults and update supply caps depending on the market conditions to maximize APY while keeping defined risk scores of the vaults. Create new markets that use Yearn V3 vaults as collateral.
With Morpho Vaults V2 live and Morpho Markets V2 in the developing phase, we will focus on learning about new code and potential changes to the current automation for Morpho.
Deadline
2026-01-31
People
- Spalen
- Tapir
Money
- This budget request covers the 3 months monthly compensation for team members and infrastrcture costs.
- One-time cost for Devconnect conference for both team members.
3 * 30 + 4 = 94
Revenue
- Curating: 7x 🔵
Amount (Total)
94,000 USDC (ideally as yvUSDC-1)
Wallet address
0xe5e2Baf96198c56380dDD5E992D7d1ADa0e989c0
Reporting
Once