Risk Management
This section outlines the security measures implemented to mitigate various risk factors.
In addition to executing the algorithm for optimal yield allocations, our keeper program must also assess and address certain risks before determining the final allocation.
Risks are generally categorized into two main types:
- Operational Risk
- Lending Risk
Operation Risk
Risks that are related to source code such as when a partner protocol or team has a program update, or when lending platforms are not well audited. In minor cases, the source code changes break the integration, users are unable to perform any vault withdrawals or deposits. In major cases, the vault program or lending protocols may be exploited, losing the tokens in the vaults.
We implement a maximum allocation mechanism that the vault can deposit into each lending pool to mitigate this risk.
All lending protocols’ maximum allocation starts at 100%. We will assess them across a set of criteria which includes the existence of audits, open-source code, insurance funds, main token pools, program multi-sig / verified & non-updatable status as well as the length of integration with Meteora. This set of criteria will eventually be governed by the DAO.
For every criterion not met, we will reduce the maximum allocation allowed to the protocol according to this matrix:
| Criteria | Maximum Allocation Reduction |
|---|---|
| Audit | 20 |
| Open-source | 30 |
| Official Insurance Funds? | 20 |
| Main Pool | 10 |
| Existing integration > 1 month | 10 |
| Program multi-sig / or Verified & Non-Updatable | 20 |
Example: Lending Protocol Xyz (with Audited, Open-sourced, Main Pool, and Program multi-sig)
The score for allocation will be 100-20 (No official insurance funds) - 10 (Existing integration < 1 month) = 70.
The maximum allocation for Xyz will be 70% of total liquidity.
We also limit max allocation in each lending as 30% of total liquidity.
Hermes is not allowed to withdraw funds from the lending protocols to external wallets. In the event that Hermes is hacked, the hackers will only be able to control the flow of funds to and from between the vaults and lending protocols; the principals are still safe in either of them.
Lending Risk
This risk occurs when depositors are unable to withdraw their funds from the lending pools. This is caused when utilization rates of the reserves reach full capacity at 100% where borrowed amount equals the deposited amount, or when the amount of reserves remaining in the lending pools is less than the vault deposits. When this happens, depositors are unable to withdraw funds on demand.
To avoid lending risks, we have developed the following mechanisms to protect principals:
Diversified Allocations
Allocations are stretched across multiple lending protocols to diversify and manage risk, reducing exposure to any single platform.
Active Utilization Monitoring
Hermes continuously monitors the utilization rates of each lending pool. If utilization exceeds the 80% threshold, Hermes is ready to withdraw funds, ensuring a buffer for timely action even in high-demand pools.
Lending Reserve Buffer
Vaults always maintain a buffer in the lending reserve, providing Hermes with additional time to react to liquidity movements and protect principal.