Vaults

Vaults are onchain smart contracts designed to aggregate user deposits and facilitate allocation into different DeFi strategies.

There are many ways of building vaults and people who develop them tend to have very strong opinions. We prefer to review the landscape with an open mind and evaluate the tradeoffs depending on the need of the customer. We also prefer to focus on fewer platforms and understand them deeply rather than spread ourselves thin and risk operational error with a vault platform we do not dominate.

Today, we operate on two major platforms:

• Morpho

  • Morpho-compliant adapter registries

  • Steakhouse Vaults

• Kamino

We may expand to others if they meet our requirements or if we can reasonably meet a customer need with a different platform.

Structurally, a vault in the general sense is simply a smart contract with two key features:

• Runs on blockchains and is compatible with its tokens

• Simplifies the user experience for someone looking to create a simple risk/return exposure

Types of Vaults

Broadly speaking, there are two different approaches to building stablecoin vaults:

1. Modular

2. Integrated

There is no right answer and each alternative simply offers a choice of tradeoffs. Modular vaults have a smaller risk surface from a smart contract perspective but are generally less flexible. Integrated vaults need more discretion from the operator but are generally able to do far more things than modular vaults.

Examples of modular vaults include protocols like Yearn, Morpho Vaults v2 and Aave v4. The risk surface of each platform varies significantly depending on the size of the codebase. The degree of discretion an operator has can also vary significantly depending on how key roles are configured.

Examples of integrated vaults include protocols like Veda, Aave v3, Makina, etc. The degree to which an operator can exercise discretion varies significantly. For instance, Aave v3 does not have a single integrated operator, relying instead on a DAO to exercise governance.

The key factors to look for when evaluating factors such as operator discretion are mostly around role governance:

• Can the user access their funds at-will?

• Can the user propose their own modifications to the strategies?

• Can the user veto decisions from the operator?

Vaults Steakhouse Vision

In order to be competitive with traditional financial products, vaults should aim to offer better cost efficiency, create new opportunities that wouldn't really exist otherwise and/or provide substantially better risk mitigation and transparency.

To achieve these, our gold-standard view of vaults is that they must offer:

• Onchain net asset value (NAV) accounting

• Automated portfolio strategy

• Strict noncustodiality

Public blockchains, such as Ethereum or Solana can support vaults that offer strong cryptographic guarantees of the above by virtue of the distributed design of the settlement process.

Onchain NAV accounting

The NAV of a vault computes how many underlying assets a share of a vault can claim. In most vaults, it's typically expressed as an 'exchange rate'. Many vaults depend on the operator to strike their own NAV exchange rate.

We view this as a very difficult tradeoff to bear. It offers flexibility to the operator when it comes to valuing complex positions, but offers no opportunity to validate if some positions are offchain or unclear. The premise of operating on DeFi is not whether you can or can't trust the operator, but that you should not even have to consider whether trust is a factor.

Operator-struck NAVs may have been a reasonable industry compromise in the path to maturity. Nonetheless, they're a tradeoff we'd strongly prefer not to have to make ourselves and we lean towards platforms that have an independently struck onchain NAV feature - Morpho vaults are one example.

Automated portfolio strategy

We view strategy automation as a strong value proposition with respect to rule transparency. Users should know what strategy they are being exposed to and it should be cryptographically difficult to modify that expectation.

Automation offchain is hard to translate to onchain transparency. A good intermediate step is extensive use of guardrails and policies that prevent the operator from making discretionary decisions.

There is obviously room for active management but the premise of a DeFi vault, in our view, is to offer opportunities that are more scalable for more users. Strong guardrails are an effective mechanism to align incentives between a vault operator and their users.

Strict noncustodiality

The final and crucial element of a vault value proposition is that the positions are strictly noncustodial. We regularly use the phrase "the user remains in control" to mean this. Users should be able to determine when and where to dispose of their assets or vault positions. They should be able to exercise meaningful control over the options the operator can choose from.

In Morpho, this noncustodiality is enforced through roles, permissions granted to addresses to execute specific functions. If designed well, these roles should be difficult to hack or compromise. A good actor operator is still exposed to the risk of operational security compromise. A good noncustodial setup would prevent a compromised role from damaging user assets.

A good audit for noncustodiality involves checking whether the security levels and scope of any owner / curator roles. The Morpho Sentinel role further protects the users of the vault by allowing curator decisions to be overriden and cancelled. A good audit of the Sentinel role is figuring out who it is. We shy away from setups where the Sentinel or Guardian roles are multisigs or externally-owned accounts. We would certainly avoid vaults where the Guardian role is wholly or partly shared with the curator.

We implement these features at every step. Our Sentinel/Guardian roles are typically onchain Aragon multisigs that any vault depositor can use. When they're not, it's usually because a commercial distribution partner has taken on that role and intends to monitor it if needed.

An example of strict noncustodiality going wrong was Stream Finance, an operator who was able to allocate assets outside of the vault ringfence and eventually lose them, materializing huge losses for vault depositors.