Weekly Analyst Thoughts
This past weekend, Harvest Finance, a Defi yield farming protocol, was hacked using a Defi transaction mechanism called a flash loan. A flash loan is a specific type of transaction where the borrower must repay the loan in the same blockchain transaction. If the borrower does not repay the full loan (principal + interest), the transaction reverts, so as to seem like the flash loan never happened. Like Harvest, Aave also supports flash loan transactions and credits much of its meteoric 2020 price rise to this feature.
The Harvest Finance attack was executed through the Curve Finance Y pool with a flash loan. As seen below, Harvest’s near $3 billion in volume and over 170% APY raised concerns that there was irregular activity in the Curve Finance pool.
The takeaway from this clever arbitrage on Harvest Finance is that even if a yield farming protocol has multiple layers of audits (as Harvest did), it can still be vulnerable to attacks. So, don’t let the fact that a protocol is audited give a false sense of security when investing in Defi yield farming protocols. Instead, it is safer to diversify risk by investing with several reputable yield farming platforms (Ex: Uniswap, Balancer) to mitigate the risk of lost funds through sophisticated flash loan attacks.
By Jacob Stelter
Disclosures: Not investment advice. It should be assumed that Sarson Funds or its affiliated managers hold positions in all projects that are discussed. It is not possible to invest in any project directly through Sarson Funds, Inc. or its affiliated managers. Any investment product offered by managers affiliated with Sarson Funds should be assumed to be only available to Accredited Investors and subject to the individual terms and conditions of that offering including but not limited to those eligibility requirements associated with U.S. Securities Regulation D, section 506c. Talk with your financial advisor before making any investment decisions or have them contact Sarson Funds directly at firstname.lastname@example.org