“When a legit project has done its due diligence and still gets hacked, it’s usually because of the interconnectedness of the space. The more protocols you interact with, the more you risk unintended consequences.” — Alberto Cuesta Cañada, Yield Protocol
Ten weeks after their first Code4rena audit contest, Yield Protocol is back for more.
Yield’s borrowing and lending protocol solves a major pain point in DeFi lending, by offering predictable fixed-rate, fixed-term lending. They opened up their code base to Code4rena’s wardens in late May, 2021 for a security audit competition, and told us it surpassed their expectations, citing the breadth and depth of the research that was performed by the various researchers who took part.
Their upcoming micro-contest (which runs for just three days, starting August 12, 2021) will give security researchers an opportunity to identify vulnerabilities in about 700 lines of code.
We spoke with Yield’s technical lead, Alberto Cuesta Cañada, about his thoughts on DeFi security, naming challenges, and agricultural ambitions.
What are you building, and what sets it apart from similar offerings in the space?
We are building the second version of the Yield Protocol, a fixed rate borrowing and lending platform. We are releasing a platform like MakerDAO, but for fixed rate borrowing and lending of multiple assets.
As with v1, Yield is backed by YieldSpace, a custom Automated Market Maker designed by Dan Robinson and that was the inspiration for many of our competitors. In this second version, we have gone beyond the cutting edge to innovate and offer the best rates and the cheapest transaction costs in the space.
Yield v2 is not a proof of concept anymore; with this version we will grow to one billion users.
Security has become an increasingly vital topic in DeFi. How do you think the ecosystem needs to evolve in order to rise to the challenge?
When a legit project has done its due diligence and still gets hacked, it’s usually because of the interconnectedness of the space. The more protocols you interact with, the more you risk unintended consequences. There is a virtue in simplicity: less is more, and that needs to be constantly pursued.
“You shouldn’t worry about the wardens finding many issues in your code; you should worry about them not finding enough issues in your code.”
It takes courage to undergo a public audit by a swarm of anonymous security researchers. It also says a lot about how much you prioritize security. What advice would you give to those on the fence?
Traditional audits are also public, any issues go into the report. I was equally scared when I got first audited by Trail of Bits for v1. Besides, you shouldn’t worry about the wardens finding many issues in your code; you should worry about them not finding enough issues in your code.
What do you geek out about, beyond DeFi?
My geekiness has changed as I’ve changed. I was into motorbikes in my 20s, competitive sailing and personal finance in my 30s… now I’m into gardening and farming. When you are a nerd, you are a nerd with everything you do.
What DeFi project name do you wish you’d thought of first?
We thought of our name before anyone else, and then a million projects with zero innovation got Yield in their name. We are still quite salty about that.
We had the same problem with token names. We chose yToken for our zero-coupon bond tokens before André Cronje released anything, but then he released Yearn before we released v1 and had to change our token name. We chose eTokens, and then André picked up that name as well before we went public! Finally we settled for fyTokens, which we are very happy about.
Learn more about Yield:
- Website: yield.is
- Twitter: @yield
- Discord: discord.gg/JAFfDj5
Yield’s $30,000 USDC security audit micro contest kicks off August 12, 2021 and runs for three days. Details at code4rena.com.
The Ones in the Arena spotlights emerging and established DeFi projects and their founders, with an eye to celebrating and learning from them. The series’ name is inspired in part by Teddy Roosevelt’s famous quote, which has a central place in Code4rena’s philosophy.
