Yearn — yvUSD

Contract Addresses

Core yvUSD Contracts (Ethereum)

Contract	Address	Type
yvUSD Vault	0x696d02Db93291651ED510704c9b286841d506987	Yearn V3 Vault (v3.0.4), Vyper minimal proxy
LockedyvUSD (Accountant)	0xAaaFEa48472f77563961Cdb53291DEDfB46F9040	Cooldown wrapper + vault accountant
APR Oracle	0x1981AD9F44F2EA9aDd2dC4AD7D075c102C70aF92	On-chain APR estimation
Fee Splitter	0xd744B7D6bE69b334766802245Db2895e861cb470	Revenue distribution

Governance Contracts

Contract	Address	Configuration
Role Manager (Vault Safe)	0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7	3-of-8 Gnosis Safe v1.3.0
Deployer/Operator EOA	0x1b5f15DCb82d25f91c65b53CEe151E8b9fBdD271	Fee Splitter governance only (vault roles removed via Safe tx nonce 3130)
Yearn Global Multisig	0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52	6-of-9 Gnosis Safe — has NO roles on yvUSD

Yearn V3 Infrastructure

Contract	Address
Vault Factory	0x770D0d1Fb036483Ed4AbB6d53c1C88fb277D812F
Vault Implementation (v3.0.4)	0xd8063123BBA3B480569244AE66BFE72B6c84b00d
Tokenized Strategy	0xD377919FA87120584B21279a491F82D5265A139c
Yearn V3 Keeper	0x52605BbF54845f520a3E94792d019f62407db2f8

Active Strategies (12)

#	Strategy	Name	Current Debt (USDC)	Allocation	Protocols Used	Last Report
1	0x4c0e...34b	USD3 Pendle PT Maxi	350,758	33.0%	3Jane USD3, Pendle	2026-03-09
2	0xb73a...66d	PT siUSD March 25 Morpho Looper	196,128	18.5%	InfiniFi siUSD, Morpho, Pendle/Spectra	2026-03-09
3	0x5f9D...f89	Infinifi sIUSD Morpho Looper	150,168	14.1%	InfiniFi siUSD, Morpho	2026-03-09
4	0x0e29...626	Morpho Yearn OG USDC Compounder	108,980	10.3%	Morpho	2026-03-09
5	0xf28d...442	syrupUSDC/USDC Morpho Looper	100,000	9.4%	Maple syrupUSDC, Morpho	2026-03-10
6	0x7bf1...d1d	PT stcUSD Jul 23 Morpho Looper	54,000	5.1%	Cap stcUSD, Morpho, Pendle/Spectra	2026-01-28
7	0x7130...f8f	USDC to sUSDS Lender	49,995	4.7%	Sky/MakerDAO	2026-03-09
8	0x2f56...179	Arbitrum syrupUSDC/USDC Morpho Looper	30,000	2.8%	Maple syrupUSDC, Morpho, CCTP	2026-03-10
9	0x9e0A...75b	USDC To Spark USDS Depositor	21,507	2.0%	Spark, Sky/MakerDAO	2026-01-19
10	0x48E6...a93	USDC To SKY USDS Depositor	0	0.0%	Sky/MakerDAO	2026-01-28
11	0x00C8...4cF	USDC Fluid Lender	0	0.0%	Fluid	2026-01-31
12	0x1983...9e	Arb Yearn Degen Morpho Compounder	0	0.0%	Morpho, CCTP	2026-03-04

Note: 5 strategies have been revoked during the vault's ~50-day history, indicating active portfolio management. 6 strategies are in the default withdrawal queue; 6 are active but outside the queue.

Strategy Protocol Dependencies with Existing Reports

Several underlying protocols have been previously assessed in this repository:

Protocol	Report Score	yvUSD Allocation
3Jane USD3	3.5/5 (Medium Risk)	33.0%
InfiniFi	2.8/5 (Medium Risk)	32.6% (two strategies)
Maple syrupUSDC	2.33/5 (Low Risk)	12.2% (two strategies)
Fluid	1.1/5 (Minimal Risk)	0% (currently inactive)
Spectra	2.25/5 (Low Risk)	Used for PT token infrastructure

Audits and Due Diligence Disclosures

Yearn V3 Core Audits

The underlying vault infrastructure has been audited by 3 reputable firms:

Auditor	Date	Scope	Report
Statemind	May 2, 2024	V3 Vaults (v3.0.0)	PDF
ChainSecurity	May 4, 2024	V3 Vaults + Tokenized Strategy (v3.0.0)	2 PDFs
yAcademy	Jun 2024	V3 Vaults (v3.0.1)	PDF

yvUSD-Specific Audits

No external third-party audit specifically covering the CCTPStrategy cross-chain code, the LockedyvUSD cooldown wrapper, or individual yvUSD strategies was found. However, the CCTPStrategy has undergone strict internal review by ySec (Yearn's security team). All strategies go through Yearn's rigorous internal review process (see Strategy Review Process below).

Strategy Review Process

Yearn uses a formal 12-metric risk scoring framework (RISK_FRAMEWORK.md) for evaluating and approving strategies. The framework scores strategies across two dimensions:

Strategy-Related Scores (6 metrics):

• Review — number of Sources of Trust (internal strategist, peer review, expert review, ySec security review, recurring security review)
• Testing — code coverage requirements (score 1 = 95%+, score 5 = <70%)
• Complexity — source lines of code (score 1 = 0-150 sLOC, score 5 = 600+)
• Risk Exposure — potential loss percentage
• Centralization Risk — off-chain management dependency
• Protocol Integration — number of external protocols integrated

External Protocol-Related Scores (6 metrics):

• Auditing — number of trusted audits on external protocols
• Centralization — owner control/governance of external protocols
• TVL — active total value locked
• Longevity — contract deployment age
• Protocol Type — category (blue-chip vs novel vs cross-chain vs off-chain)

All 12 scores are summed and mapped to risk levels (Level 1-4). ySec can make exceptions with textual justification. This is a rigorous, documented process that provides strong assurance for strategy quality even without external audits on individual strategies.

Underlying Protocol Audits

Protocol	Audit Coverage	Notes
Morpho	25+ audits (Trail of Bits, Spearbit, OpenZeppelin, ChainSecurity, Certora)	Blue-chip. Formal verification by Certora
Pendle	6+ audits (Ackee, Dedaub, ChainSecurity, Spearbit, Code4rena)	Well-established
Circle CCTP	ChainSecurity (V1 2023, V2 March 2025, V2 update April 2025, Gateway July 2025)	Trust-minimized bridge
Sky/MakerDAO	Extensively audited across many years	Blue-chip
Spark	Inherits MakerDAO audit coverage	Blue-chip
Cap (stcUSD)	TODO — no specific audit information found in public documentation	~$500M TVL. Assessed internally as risk-2 (non-public report)

Bug Bounty

• Immunefi: Active bug bounty for Yearn Finance. Max payout: $200,000 (Critical). Scope includes V3 vaults (VaultV3.vy, VaultFactory.vy).
  • Link: https://immunefi.com/bounty/yearnfinance/
• Sherlock: Also listed: https://audits.sherlock.xyz/bug-bounties/30
• Safe Harbor: Not listed on the SEAL Safe Harbor registry

On-Chain Complexity

The yvUSD system is moderately complex:

• 12 active strategies across 2 chains (Ethereum + Arbitrum)
• Cross-chain accounting via Circle CCTP (destination chain reports back to origin via CCTP on _harvestAndReport())
• Looper strategies using Morpho for leveraged yield (borrow-against-collateral loops)
• PT token strategies with maturity dates requiring rollover
• Custom accountant (LockedyvUSD) combining cooldown/locking mechanics with fee management
• Multiple protocol dependencies (8+ distinct protocols)
• V3 vault itself is non-upgradeable (immutable Vyper minimal proxy)

Historical Track Record

• Vault deployed: January 19, 2026 (block 24271831) — ~53 days in production
• TVL: ~$3.02M USDC — early stage with a $5M deposit limit
• PPS trend: 1.000000 → 1.004613 (~0.46% appreciation over 53 days, ~3.2% annualized)
• Security incidents: None known for this vault or Yearn V3 generally
• Strategy changes: 17 strategies have been added over the vault's lifetime, 5 have been revoked, indicating active and frequent portfolio management
• Yearn V3 track record: V3 framework has been live since May 2024 (~22 months). No V3 vault exploits

Yearn protocol TVL: ~$240M total across all chains (DeFi Llama, March 2026).

Funds Management

yvUSD deploys deposited USDC across 12 strategies with 100% capital utilization (0 idle). Strategies fall into four categories:

Strategy Categories

1. Looper Strategies (57.9% of TVL)

Strategies that borrow against collateral on Morpho to achieve leveraged yield positions. These include:

• PT siUSD March 25 Morpho Looper (18.5%)
• Infinifi sIUSD Morpho Looper (14.1%)
• syrupUSDC/USDC Morpho Looper (9.4%)
• PT stcUSD Jul 23 Morpho Looper (5.1%)
• Morpho Yearn OG USDC Compounder (10.3%)
• Arbitrum syrupUSDC/USDC Morpho Looper (2.8%, cross-chain)

Looper risk: These strategies are leveraged — they borrow USDC on Morpho against collateral (PT tokens, siUSD, syrupUSDC). If the collateral depegs or the Morpho market becomes illiquid, positions may face liquidation or inability to unwind.

2. Fixed-Rate PT Strategies (33.0% of TVL)

• USD3 Pendle PT Maxi (33.0%) — holds Pendle Principal Tokens backed by 3Jane USD3

PT risk: PT tokens have fixed maturity dates. Before maturity, exit requires selling on AMM (Pendle/Spectra) at potentially unfavorable rates. At maturity, PT is manually rolled over by converting to SY (yield token) via a rollover() call on the strategy — this process cannot steal user funds. If not rolled over, the position simply holds the redeemed underlying.

3. Lending Strategies (6.7% of TVL)

• USDC to sUSDS Lender (4.7%) — deposits into Sky/MakerDAO
• USDC To Spark USDS Depositor (2.0%) — deposits into Spark

Lending risk: Standard DeFi lending risk. Sky and Spark are blue-chip protocols with extensive audit coverage.

4. Cross-Chain Strategies (2.8% active, with inactive allocations)

Two strategies bridge USDC to Arbitrum via Circle CCTP:

• Arbitrum syrupUSDC/USDC Morpho Looper (2.8%)
• Arb Yearn Degen Morpho Compounder (0%, inactive)

Cross-chain risk: Bridge delays (CCTP attestation time), and remote chain execution risk.

Accessibility

• Deposits: Permissionless — anyone can deposit USDC and receive yvUSD (ERC-4626 standard). Subject to $5M deposit limit
• Withdrawals: ERC-4626 standard. Users can redeem yvUSD for USDC. However:
  • 100% of funds are deployed (0 idle) — withdrawals require unwinding strategy positions
  • Cross-chain strategies require CCTP bridging back, which takes time
  • PT strategies may have liquidity constraints before maturity
  • Looper strategies require deleveraging, which may take multiple transactions
• LockedyvUSD: Optional lock wrapper with 14-day cooldown + 5-day withdrawal window. Yields a "locker bonus" but restricts exit timing
• No fees on deposits/withdrawals — fees are taken via the accountant during process_report (performance/management fees)

Collateralization

• 100% on-chain USDC backing — all deposits are USDC, all strategy positions ultimately track back to USDC value
• Collateral quality varies by strategy:
  • Blue-chip (Sky, Spark, Fluid): 6.7% of TVL
  • Established with review (Morpho, Maple, Pendle): used across 70%+ of strategies
  • Medium-risk (3Jane 3.5/5, InfiniFi 2.8/5): 65.6% of TVL — the majority of funds are in protocols with Medium Risk scores
  • Low-risk (Cap stcUSD, internal risk-2): 5.1% of TVL
• Leverage via looper strategies: Borrowing against collateral on Morpho. TODO: verify exact max LTV parameters and liquidation buffers per Morpho market

Provability

• yvUSD exchange rate: Calculated on-chain via ERC-4626 standard (convertToAssets()/convertToShares()). Fully programmatic, no admin input
• Strategy positions: Each strategy's totalAssets() is on-chain. The vault's totalAssets() is the sum of all strategy debts
• Cross-chain lag: For cross-chain strategies, remoteAssets on the origin is updated when CCTP messages arrive (sent automatically by _harvestAndReport() on the destination chain). Between report cycles, the value can be stale — the vault's reported totalAssets() may not reflect real-time changes on Arbitrum
• Profit/loss reporting: Profits are reported by keepers via process_report() and locked for gradual distribution over 7 days (profitMaxUnlockTime). Losses are immediately reflected in PPS

Liquidity Risk

• Primary exit: Redeem yvUSD for USDC via ERC-4626 withdraw()/redeem(). Subject to strategy liquidity
• Zero idle funds: Currently 100% of vault assets are deployed to strategies. Withdrawals require unwinding positions
• Strategy withdrawal constraints:
  • Looper strategies: Must deleverage on Morpho (may require multiple keeper transactions)
  • PT strategies: Before maturity, must sell PTs on AMM (potential slippage). At maturity, manual rollover via rollover() call converting PT to SY
  • Cross-chain strategies: Withdrawal triggers CCTP bridging back from remote chain (hours for CCTP attestation)
  • Lending strategies (Sky, Spark): Generally liquid for immediate withdrawal
• DEX liquidity: No known DEX liquidity pools for yvUSD. The vault is an ERC-4626 token, not traded on DEXes
• LockedyvUSD: 14-day cooldown + 5-day withdrawal window. Shares in cooldown cannot be transferred
• Same-value asset: USDC-denominated vault token — no price divergence risk from the underlying
• Deposit limit: $5M cap limits both concentration risk and indicates early stage

Centralization & Control Risks

Governance

The yvUSD vault uses a different governance pattern from the standard Yearn V3 Role Manager. For comparison, the standard Yearn mainnet vault (yvUSDC-1, 0xBe53A109B494E5c9f97b9Cd39Fe969BE68BF6204) uses the Yearn V3 Vault Role Manager contract (0xb3bd6B2E61753C311EFbCF0111f75D29706D9a41), which is governed by the Yearn ySafe 6-of-9 multisig. The yvUSD vault instead uses a direct multisig as role manager, since the standard Yearn Role Manager manages vault-level governance but does not manage strategy operations — yvUSD's multi-strategy, cross-chain design requires a dedicated operational Safe.

Role Manager: 3-of-8 Gnosis Safe (0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7)

• Threshold: 3-of-8
• Holds all 14 vault roles (bitmap 16383)
• Signers are Yearn team members, spanning core contributors and the security team. Not publicly labeled on Etherscan but confirmed as known Yearn insiders
• No timelock on any actions
• 3,130 transactions processed as of March 2026 — very active multisig Deployer EOA roles — removed: 0x1b5f15DCb82d25f91c65b53CEe151E8b9fBdD271

This EOA (also a Safe owner and the vault deployer) previously held 11 of 14 vault roles directly. Safe transaction nonce 3130 has been executed, calling set_role(0x1b5f...d271, 0) to remove ALL vault roles from this EOA. All vault operations now require 3-of-8 multisig approval.

The same transaction also:

• Accepted management of 8 strategies
• Set LockedyvUSD withdrawal window to 5 days (from previous 7)
• Set keeper on a new strategy
• Adjusted profit unlock timing on another vault

Note: This EOA remains the sole governance address on the Fee Splitter contract (0xd744B7D6bE69b334766802245Db2895e861cb470).

Governance assessment:

1. No timelock on any governance action — changes take effect immediately. The team has confirmed there are no plans to add a timelock at this time
2. No EOA role concentration — Safe tx nonce 3130 has been executed, removing all direct vault roles from the deployer EOA. All vault operations now require 3-of-8 multisig approval. The EOA retains governance of the Fee Splitter contract only
3. Known Yearn team signers — all 8 Safe owners are confirmed Yearn contributors (core team + security team)
4. Independent from Yearn global multisig — the 6/9 Yearn multisig has no roles on this vault, but the separation is by design (strategy-focused governance vs vault-level governance)

Programmability

• Exchange rate (PPS): Calculated on-chain algorithmically via ERC-4626. Fully programmatic, no admin input
• Vault operations: Deposit/withdraw are permissionless on-chain transactions
• Strategy profit/loss: Reported programmatically by keepers via process_report(). Profits unlock linearly over 7 days. Losses are immediate
• Debt allocation: Requires manual intervention by DEBT_MANAGER role (3-of-8 multisig)
• Cross-chain accounting: When report() is called on the destination chain, _harvestAndReport() automatically queues a CCTP message back to the origin. No separate keeper relay required. Can be stale between report cycles
• V3 vaults are immutable — no proxy upgrades, no admin-changeable implementation

External Dependencies

Dependency	Criticality	Allocation	Notes
Morpho	Critical	~60% (6 strategies)	$6.6B TVL, 25+ audits, formal verification. Used for looper leverage and USDC compounding
3Jane USD3	Critical	33.0%	Report score 3.5/5. Unsecured credit-based lending, ~$16M TVL. Highest allocation to a single medium-risk dependency
InfiniFi	Critical	32.6%	Report score 2.8/5. Stablecoin protocol deploying into various DeFi strategies, ~$150M TVL
Maple syrupUSDC	High	12.2%	Report score 2.33/5. Overcollateralized institutional lending, ~$1.7B TVL
Pendle/Spectra	High	Used in PT strategies	$2.1B TVL (Pendle), 6+ audits. PT token infrastructure for fixed-rate yield
Cap (stcUSD)	Medium	5.1%	~$500M TVL. Yield-bearing stablecoin. Internal assessment: risk-2 (non-public)
Sky/MakerDAO	Medium	4.7%	Blue-chip, extensively audited. Stable lending yield
Spark	Low	2.0%	Part of Sky/MakerDAO ecosystem. Blue-chip
Circle CCTP	High	Cross-chain bridge	Audited by ChainSecurity (V1 + V2). Trust assumption: Circle attestation (same trust as holding USDC)
Fluid	Low	0% (inactive)	Report score 1.1/5. Currently no allocation

Dependency concentration: 65.6% of vault funds are deployed into protocols with Medium Risk scores (3Jane 3.5/5 + InfiniFi 2.8/5). This is a significant concentration in higher-risk dependencies.

Operational Risk

• Team: Yearn Finance — established since 2020, publicly known contributors. The Yearn global multisig has 9 named signers including Mariano Conti (ex-MakerDAO), Leo Cheng (C.R.E.A.M.), 0xngmi (DeFiLlama), Michael Egorov (Curve), and others
• yvUSD governance: The vault is managed by a separate 3-of-8 Safe (not the Yearn global multisig). However, all 8 signers are confirmed Yearn team members (core contributors and security team), providing high trust in the governance quality
• Documentation: Comprehensive Yearn V3 documentation. yvUSD-specific docs are now published on the official Yearn docs site, including cross-chain strategy architecture, LockedyvUSD mechanics, and a dedicated APR API service (yvusd-api.yearn.fi)
• Legal: Yearn Finance has converted its ychad.eth multisig into a BORG (cybernetic organization) via YIP-87, wrapping it in a Cayman Islands foundation company with smart contract governance restrictions. The YFI token governs the protocol via YIP proposals
• Incident response: Yearn has demonstrated incident response capability across historical events. V3 framework has not been tested under stress. The $200K Immunefi bug bounty provides a responsible disclosure channel
• V3 immutability: Vault contracts cannot be upgraded — this eliminates proxy upgrade risk but means bugs cannot be patched without deploying a new vault

Monitoring

Existing Monitoring Infrastructure

Yearn maintains an active monitoring system via the monitoring-scripts-py repository:

• Large flow alerts (yearn/alert_large_flows.py): Runs hourly via GitHub Actions. Monitors deposit/withdrawal events via Envio indexer, alerts on flows exceeding $5M threshold via Telegram. Currently monitors 21 vaults across Ethereum, Base, Arbitrum, and Katana
• Endorsed vault check (yearn/check_endorsed.py): Runs weekly, verifies all Yearn V3 vaults are endorsed on-chain via the registry contract
• Timelock monitoring (timelock/timelock_alerts.py): Monitors Yearn TimelockController across 6 chains

Note: yvUSD is not yet added to the monitored vault list in alert_large_flows.py, but the infrastructure is in place and can be extended.

Additionally, Yearn provides a dedicated yvUSD APR API (yvusd-api.yearn.fi, source) that aggregates on-chain vault/strategy accounting with off-chain APR oracle computations. Endpoints include /api/health (data recency), /api/aprs (precomputed APRs), and /api/snapshot (raw strategy cache). A DeBank bundle (portfolio view) provides a consolidated view of all vault fund positions.

Key Contracts (Ethereum)

Contract	Address	Monitor
yvUSD Vault	0x696d02Db93291651ED510704c9b286841d506987	PPS (convertToAssets(1e6)), totalAssets(), totalDebt(), totalIdle(), Deposit/Withdraw events
LockedyvUSD	0xAaaFEa48472f77563961Cdb53291DEDfB46F9040	Cooldown events, configuration changes (cooldown duration, withdrawal window)
Role Manager Safe	0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7	Signer/threshold changes, submitted transactions
Deployer EOA	0x1b5f15DCb82d25f91c65b53CEe151E8b9fBdD271	Fee Splitter governance changes (vault roles removed)
Fee Splitter	0xd744B7D6bE69b334766802245Db2895e861cb470	Governance changes, fee distribution changes

Critical Events to Monitor

• PPS decrease — any decrease in convertToAssets(1e6) indicates a loss event. Should only increase
• Strategy additions/removals — StrategyChanged events indicate portfolio changes
• Debt allocation changes — UpdatedMaxDebtForStrategy and DebtUpdated events
• Emergency actions — Shutdown event on vault
• Signer/threshold changes on the 3-of-8 Safe
• Cross-chain strategy accounting — monitor remoteAssets for staleness (compare to actual on-chain positions on Arbitrum)
• Looper strategy health — monitor Morpho market positions for proximity to liquidation
• PT token maturity — track expiry dates of Pendle/Spectra PT positions
• Underlying protocol health — monitor 3Jane, InfiniFi, and Cap for incidents

Monitoring Functions

Function	Contract	Purpose	Frequency
convertToAssets(1e6)	Vault	PPS tracking	Every 6 hours
totalAssets()	Vault	Total TVL	Daily
totalDebt() / totalIdle()	Vault	Capital deployment ratio	Daily
strategies(address)	Vault	Per-strategy debt, last report time	Daily
get_default_queue()	Vault	Withdrawal queue composition	Weekly
getThreshold() / getOwners()	Safe	Governance integrity	Daily

Reassessment Triggers

• Time-based: Reassess in 2 months (May 2026) given the vault's extreme youth
• TVL-based: Reassess if TVL exceeds $10M or changes by more than ±50%
• Incident-based: Reassess after any exploit, strategy loss, governance change, or underlying protocol incident (especially 3Jane, InfiniFi, or Cap)
• Governance-based: Reassess if the Safe composition changes (signer additions/removals, threshold changes), if a timelock is added, or if the vault migrates to the Yearn global multisig. Reassess if the Fee Splitter governance is transferred from the deployer EOA to the multisig
• Audit-based: Reassess if CCTPStrategy or yvUSD-specific components receive dedicated external audits (should improve Audits score)
• Dependency-based: Reassess if 3Jane, InfiniFi, or Cap experience significant events. Reassess if Morpho looper markets face liquidation stress
• Strategy-based: Reassess if allocation to medium-risk protocols exceeds 70% or if leverage ratios increase significantly