Multi-Protocol Risks & Risk Management

Both the Market Neutral Yield Farming strategy and Lending strategy are active strategies that deploys funds with third-party DeFi products/protocols.

For the ‘active’ component of the strategy, the primary risk is contract or infrastructure failures causing drawdowns in the strategy. DeFi is an immature space, as is the infrastructure and systems that support it. As a result, these strategies are exposed to risks of drawdowns due to system failure.

BoF utilizes multiple protocols which introduces third-party risk, which is the risk that a third-party DeFi protocol has an exploit or some form of failure resulting in a loss of user funds, and in-turn a loss for the BoF vault and users. BoF has no control over exploits to third party protocols, though we employ strategies to do our best to mitigate these risks. Each third-party protocol is evaluated for security vulnerabilities and monitoring systems are deployed to monitor the function and solvency of the third-party protocols.

In order to generate maximum yields when Market Neutral Yield Farming and Lending, BoF will utilize a number of third-party protocols. While this maximizes yields, it increases the risk profile for the overall system. For instance, we may deposit initial capital into a money market such as Geist to borrow another token. We take those tokens and deposit them into a liquidity pool in SpookySwap. We take that LP token and deposit it into a yield farm in Liquid Driver to capture more yield. So in this example (which is a very practical example as we are integrated with all of the above for our market neutral yield farming protocol that is on Fantom), the end user is exposed to BoF, Geist, SpookySwap and Liquid Driver. If there is an exploit in any of these protocols, the end user is subject to incurring losses. In an effort to be transparent and to ensure users of the BoF protocols can view relevant information about our products we provide under the "Account Information" tab on each Earn Account tile the protocols that the end user will be exposed to by entering into each Earn Account. This ensures full transparency of where user funds are being deployed and which third party protocols users funds will interact with so the user can decide if that Earn Account is suitable for them.

In order to reduce the BoF protocol risk profile, we are only creating private vaults for use by our users. The risks as compared to public vaults are significantly lower. At a high level this is because users are required to be ‘allow-listed’ in order to interact with the contracts and will be required to successfully pass the Know Your Customer verification process. This is a barrier which makes attacks less attractive. Secondly, flash-loans and flash-bots which are common tools for attackers, cannot be utilized to interact with private vaults. So, while there are always risks associated with DeFi products including BoF, we believe our private vaults will be less attractive to attackers than public vaults.