Yearn — yvUSDC-1

Contract Addresses

Core yvUSDC-1 Contracts

Contract	Address	Type
yvUSDC-1 Vault	0xBe53A109B494E5c9f97b9Cd39Fe969BE68BF6204	Yearn V3 Vault (v3.0.2), Vyper minimal proxy
Accountant	0x5A74Cb32D36f2f517DB6f7b0A0591e09b22cDE69	Yearn Accountant (0% mgmt, 10% perf)
Fee Recipient (Dumper)	0x590Dd9399bB53f1085097399C3265C7137c1C4Cf	Claims fees and routes to auctions/splitters

Governance Contracts

Contract	Address	Configuration
Yearn V3 Role Manager	0xb3bd6B2E61753C311EFbCF0111f75D29706D9a41	Standard Yearn Role Manager, manages 37 vaults
Daddy / ySafe (Governance)	0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52	6-of-9 Gnosis Safe — ALL 14 vault roles
Brain (Operations)	0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7	3-of-8 Gnosis Safe — QUEUE, REPORTING, DEBT, DEPOSIT_LIMIT, EMERGENCY
Security	0xe5e2Baf96198c56380dDD5E992D7d1ADa0e989c0	4-of-7 Gnosis Safe — manages via Role Manager
Strategy Manager (Timelock)	0x88Ba032be87d5EF1fbE87336b7090767F367BF73	TimelockController — 7-day delay for strategy additions. Self-governed: timelock holds TIMELOCK_ADMIN_ROLE, so config changes must go through 7-day delay
Keeper	0x604e586F17cE106B64185A7a0d2c1Da5bAce711E	yHaaSRelayer — REPORTING only
Debt Allocator	0x1e9eB053228B1156831759401dE0E115356b8671	Minimal proxy — REPORTING + DEBT_MANAGER

Yearn V3 Infrastructure

Contract	Address
Vault Factory (v3.0.2)	0x444045c5c13c246e117ed36437303cac8e250ab0
Tokenized Strategy	0xD377919FA87120584B21279a491F82D5265A139c

Active Strategies (9 in default queue, 4 with debt)

#	Strategy	Name	Current Debt (USDC)	Allocation
1	0x7130570BCEfCedBe9d15B5b11A33006156460f8f	USDC to sUSDS Lender	12,781,812	40.9%
2	0x694E47AFD14A64661a04eee674FB331bCDEF3737	Morpho Gauntlet USDC Prime Compounder	7,054,474	22.6%
3	0x074134A2784F4F66b6ceD6f68849382990Ff3215	Morpho Steakhouse USDC Compounder	6,692,324	21.4%
4	0x888239Ffa9a0613F9142C808aA9F7d1948a14f75	Morpho OEV-boosted USDC Compounder	4,729,326	15.1%
5	0x39c0aEc5738ED939876245224aFc7E09C8480a52	USDC to USDS Depositor	0	0%
6	0x00C8a649C9837523ebb406Ceb17a6378Ab5C74cF	USDC Fluid Lender	0	0%
7	0x25f893276544d86a82b1ce407182836F45cb6673	Spark USDC Lender	0	0%
8	0x522478B54046aB7197880F2626b74a96d45B9B02	Aave V3 Lido USDC Lender	0	0%
9	0x694cdD19EBee7A974BA8fE3AF8B383bb256F2858	Aave V3 USDC Lender	0	0%

Note: Since the March 2026 assessment, the vault has undergone a significant rebalancing. The USDS Depositor strategy has been fully exited and three Morpho compounders activated. Debt is now split across sUSDS Lender (~41%, Sky/MakerDAO) and three Morpho strategies (~59%), diversifying the vault from a single protocol ecosystem (100% Sky) to two blue-chip ecosystems (Sky + Morpho). Active portfolio management continues with 15+ strategies added and 6+ revoked over the vault's ~13-month history.

Score impact of strategy diversification: All active strategies (sUSDS Lender, Morpho compounders) lend into blue-chip protocols. The diversification from 100% Sky to 41% Sky + 59% Morpho improves concentration risk without changing the dependency quality score — both are top-tier DeFi protocols.

Strategy Protocol Dependencies

Protocol	Strategy	Allocation
Sky/MakerDAO (sUSDS)	USDC to sUSDS Lender	~41% of current allocation
Morpho	3 compounders (Gauntlet, Steakhouse, OEV-boosted)	~59% of current allocation
Sky/MakerDAO (yvUSDS)	USDC to USDS Depositor	0% (exited, previously ~79%)
Aave V3	2 strategies (0% current allocation)	Blue-chip, $30B+ TVL
Fluid	1 strategy (0% current allocation)	Report score 1.1/5
Spark	1 strategy (0% current allocation)	Part of Sky ecosystem

Audits and Due Diligence Disclosures

Yearn V3 Core Audits

The underlying vault infrastructure has been audited by 3 reputable firms:

Auditor	Date	Scope	Report
Statemind	May 2, 2024	V3 Vaults (v3.0.0)	PDF
ChainSecurity	May 4, 2024	V3 Vaults + Tokenized Strategy (v3.0.0)	2 PDFs
yAcademy	Jun 2024	V3 Vaults (v3.0.1)	PDF

Sky/MakerDAO Audits (Underlying Protocol)

Sky (formerly MakerDAO) is one of the most extensively audited DeFi protocols:

Auditor	Coverage	Notes
ChainSecurity	9 audits covering USDS, sUSDS, Endgame Toolkit, LockStake, VoteDelegate	Core security partner
Cantina	10 audit reports including sUSDS (Sep 2024) and USDS (Jul 2024)	Comprehensive coverage
Sherlock	Public audit contest (Aug 2024)	Community audit
Trail of Bits	Core DAI system (legacy MCD)	Historical audit
PeckShield	Core DAI system (legacy MCD)	Historical audit
Quantstamp	Liquidations 2.0	Historical audit
ABDK	Vote Delegate security	Governance audit

LitePSM (used for USDC → DAI conversion): Audited by both ChainSecurity and Cantina.

Strategy Review Process

All strategies go through Yearn's formal 12-metric risk scoring framework (RISK_FRAMEWORK.md), covering:

• Strategy scores: Review level (ySec security review), testing coverage (95%+ for score 1), complexity (sLOC), risk exposure, centralization risk, protocol integration count
• External protocol scores: Audit count, centralization, TVL, longevity, protocol type

Bug Bounty

• Yearn (Immunefi): Active bug bounty. Max payout: $200,000 (Critical). Scope includes V3 vaults. 40 smart contracts in scope. Median resolution: 18 hours
  • Link: https://immunefi.com/bounty/yearnfinance/
• Yearn (Sherlock): Also listed: https://audits.sherlock.xyz/bug-bounties/30
• Sky/MakerDAO (Immunefi): Active bug bounty. Max payout: $10,000,000 (Critical). Scope includes DAI, USDS, sUSDS, PSM, and all core contracts
  • Link: https://immunefi.com/bug-bounty/sky/
• Safe Harbor: Yearn is not listed on the SEAL Safe Harbor registry

On-Chain Complexity

The yvUSDC-1 system is low complexity:

• 4 active strategies on a single chain (Ethereum), across Sky/MakerDAO (~41%) and Morpho (~59%)
• Simple conversion pipelines: Sky: USDC → DAI → USDS → sUSDS (three 1:1 conversions + deposit). Morpho: USDC → Morpho vault (direct deposit)
• No leverage, no looping, no cross-chain bridging
• Standard ERC-4626 deposit/withdrawal
• Blue-chip protocol dependencies (Sky/MakerDAO + Morpho)
• Vault is immutable (non-upgradeable Vyper minimal proxy)

Historical Track Record

• Vault deployed: March 12, 2024 (block 19,419,991) — ~13 months in production
• TVL: ~$31.26M USDC — established with a $50M deposit limit
• PPS trend: 1.000000 → 1.101404 (~10.1% cumulative return over 13 months, ~9.4% annualized)
• Security incidents: None known for this vault or Yearn V3 generally
• Strategy changes: 15+ strategies added over lifetime, 6+ revoked — active portfolio management. Has used Aave V3, Compound V3, Morpho, Spark, Fluid, and Sky strategies. Major rebalancing since March 2026: exited USDS Depositor, activated three Morpho compounders
• Current allocation: Debt split across USDC to sUSDS Lender (~41%, Sky/MakerDAO) and three Morpho compounders (~59%) — diversified from 100% Sky to two blue-chip ecosystems
• Yearn V3 track record: V3 framework has been live since May 2024 (~23 months). No V3 vault exploits

Yearn protocol TVL: ~$220M total across all chains (DeFi Llama, April 2026).

Sky/sUSDS track record:

• sUSDS launched as part of Sky Endgame (2024)
• TVL: ~$6.18B USDS deposited (~$10B+ including all sUSDS)
• No security incidents since launch
• Sky Savings Rate (SSR): currently ~4.0% APY, set by Sky Governance
• Revenue sourced from over-collateralized loans and tokenized Treasury bill (RWA) investments

Funds Management

yvUSDC-1 deploys deposited USDC into yield strategies with 100% capital utilization. Debt is currently split across four strategies in two blue-chip ecosystems: Sky/MakerDAO (~41%) and Morpho (~59%).

Strategy 1: USDC to USDS Depositor (0% — exited, previously ~79%)

Contract: 0x39c0aEc5738ED939876245224aFc7E09C8480a52

Conversion pipeline:

1. USDC → DAI via MakerDAO PSM Lite (0xf6e72Db5454dd049d0788e411b06CfAF16853042) — 1:1 at 0% fee (both tin and tout set to 0)
2. DAI → USDS via Sky DAI-USDS Exchanger (0x3225737a9Bbb6473CB4a45b7244ACa2BeFdB276A) — 1:1, no fee
3. USDS → yvUSDS via a Yearn V3 ERC-4626 vault — earns yield from the underlying yvUSDS vault strategies

Withdrawal pipeline: Reverse path (yvUSDS → USDS → DAI → USDC). If PSM tout fee exceeds 0.05%, the strategy falls back to Uniswap V3 swap with 0.5% slippage tolerance.

Strategy parameters:

• Deposit limit: 100,000,000 USDC
• Max acceptable PSM fee: 0.05% (falls back to Uniswap V3 if exceeded)
• Management: Brain multisig (3-of-8)
• Keeper: yHaaSRelayer (0x604e586F17cE106B64185A7a0d2c1Da5bAce711E)

Strategy 2: USDC to sUSDS Lender (~41% allocation)

Contract: 0x7130570BCEfCedBe9d15B5b11A33006156460f8f

Conversion pipeline:

1. USDC → DAI via MakerDAO PSM Lite — 1:1 at 0% fee
2. DAI → USDS via Sky DAI-USDS Exchanger — 1:1, no fee
3. USDS → sUSDS via Sky Savings vault (0xa3931d71877C0E7a3148CB7Eb4463524FEc27fbD) — earns the SSR (~4.0% APY)

Withdrawal pipeline: Reverse path (sUSDS → USDS → DAI → USDC). Same PSM fee fallback to Uniswap V3.

Strategy parameters: Same as USDS Depositor (100M deposit limit, 0.05% max PSM fee, Brain multisig management)

Strategies 3-5: Morpho USDC Compounders (~59% allocation)

Contracts:

• Morpho Gauntlet USDC Prime Compounder (0x694E47AFD14A64661a04eee674FB331bCDEF3737) — 22.6%
• Morpho Steakhouse USDC Compounder (0x074134A2784F4F66b6ceD6f68849382990Ff3215) — 21.4%
• Morpho OEV-boosted USDC Compounder (0x888239Ffa9a0613F9142C808aA9F7d1948a14f75) — 15.1%

Pipeline: Direct USDC deposit into Morpho lending vaults. No conversion steps required.

Morpho risk profile: Morpho is a blue-chip lending protocol with $6.6B+ TVL, 25+ audits (Trail of Bits, Spearbit, OpenZeppelin, ChainSecurity, Certora), and formal verification. These are simple USDC lending strategies with no leverage — USDC is deposited into Morpho markets and earns lending yield.

Accessibility

• Deposits: Permissionless — anyone can deposit USDC and receive yvUSDC-1 (ERC-4626 standard). Subject to $50M deposit limit
• Withdrawals: ERC-4626 standard. Users redeem yvUSDC-1 for USDC. For Sky strategies: unwinds sUSDS → USDS → DAI → USDC pipeline. For Morpho strategies: direct withdrawal from lending vaults. Both paths are highly liquid
• No cooldown or lock period — unlike yvUSD's LockedyvUSD wrapper
• Fees: 0% management fee, 10% performance fee (taken via accountant during process_report)

Collateralization

• 100% onchain USDC backing — all deposits are USDC, deployed into blue-chip protocols (Sky/MakerDAO sUSDS and Morpho lending vaults)
• Collateral quality: sUSDS (~41%) is backed by over-collateralized loans and RWA (Treasury bills) via MakerDAO. Morpho compounders (~59%) deposit into USDC lending markets with blue-chip collateral
• No leverage — unlike yvUSD's looper strategies, these are simple deposits into savings rate and lending products
• All positions are fully redeemable — sUSDS and Morpho vaults support standard ERC-4626 withdrawal. USDS converts 1:1 to DAI via the Exchanger

Provability

• yvUSDC-1 exchange rate: Calculated onchain via ERC-4626 standard (convertToAssets()/convertToShares()). Fully programmatic, no admin input
• Strategy positions: Each strategy's totalAssets() reads the underlying vault share balance (yvUSDS or sUSDS) and converts to USDC equivalent onchain
• sUSDS rate: The Sky Savings Rate is set by Sky Governance and applied onchain via the pot/ssr mechanism. The sUSDS exchange rate increases continuously based on the SSR
• Profit/loss reporting: Profits are reported by keepers via process_report() and locked for gradual distribution over 10 days (profitMaxUnlockTime). Losses are immediately reflected in PPS

Liquidity Risk

• Primary exit: Redeem yvUSDC-1 for USDC via ERC-4626 withdraw()/redeem(). Triggers reverse pipeline through sUSDS → USDS → DAI → USDC (Sky strategies) or Morpho vault withdrawal (Morpho strategies)
• Highly liquid underlying: sUSDS holds ~$6.18B USDS; Morpho vaults have deep lending liquidity. The vault's ~$31.26M is a small fraction of underlying pool capacity
• PSM liquidity: The MakerDAO PSM Lite provides deep DAI ↔ USDC liquidity at 0% fee. PSM capacity is managed by Sky Governance and typically holds billions of USDC
• No DEX liquidity needed — exit is via the protocol's own pipeline (PSM + Exchanger), not DEX AMMs
• Same-value asset: USDC-denominated vault token — no price divergence risk from the underlying
• No withdrawal queue or cooldown — atomic redemption through the pipeline
• Deposit limit: $50M cap — generous relative to current TVL of $31.26M

Centralization & Control Risks

Governance

The yvUSDC-1 vault uses the standard Yearn V3 governance pattern via the Yearn V3 Role Manager contract.

Governance hierarchy:

Position	Address	Threshold	Roles on Vault
Daddy (ySafe)	0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52	6-of-9	All 14 roles (full admin)
Brain	0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7	3-of-8	QUEUE, REPORTING, DEBT, DEPOSIT_LIMIT, EMERGENCY
Security	0xe5e2Baf96198c56380dDD5E992D7d1ADa0e989c0	4-of-7	Manages via Role Manager
Strategy Manager (Timelock)	0x88Ba032be87d5EF1fbE87336b7090767F367BF73	7-day delay	Strategy additions via Role Manager
Keeper	0x604e586F17cE106B64185A7a0d2c1Da5bAce711E	Bot	REPORTING only
Debt Allocator	0x1e9eB053228B1156831759401dE0E115356b8671	Bot	REPORTING + DEBT_MANAGER

ySafe 6-of-9 multisig signers include publicly known contributors: Mariano Conti (ex-MakerDAO), Leo Cheng (C.R.E.A.M.), 0xngmi (DeFiLlama), Michael Egorov (Curve), and others (source).

Governance assessment:

1. No EOA role concentration — all sensitive roles are held by multisigs
2. Strategy additions go through a 7-day timelock via the TimelockController (delay increased from initial 24h to 7 days on Feb 22, 2025)
3. Standard Yearn governance — same setup used across 37 vaults, battle-tested pattern
4. Immutable vault — no proxy upgrades possible

Programmability

• Exchange rate (PPS): Calculated onchain algorithmically via ERC-4626. Fully programmatic, no admin input
• Vault operations: Deposit/withdraw are permissionless onchain transactions
• Strategy profit/loss: Reported programmatically by keepers via process_report(). Profits unlock linearly over 10 days
• Debt allocation: Managed by both the Debt Allocator (automated) and Brain multisig (manual). Currently split across four strategies
• V3 vaults are immutable — no proxy upgrades, no admin-changeable implementation

External Dependencies

Dependency	Criticality	Notes
Sky/MakerDAO (sUSDS)	Critical	~41% of current allocation via sUSDS Lender. ~$6.18B TVL in sUSDS. Blue-chip, extensively audited, $10M bug bounty. One of the oldest DeFi protocols
Morpho	Critical	~59% of current allocation via 3 compounders (Gauntlet, Steakhouse, OEV-boosted). $6.6B+ TVL, 25+ audits, formal verification by Certora. Blue-chip
MakerDAO PSM Lite	High	USDC ↔ DAI conversion at 1:1 for sUSDS strategy. 0% fee. Deep liquidity. Audited by ChainSecurity and Cantina
Sky DAI-USDS Exchanger	High	DAI ↔ USDS 1:1 conversion for sUSDS strategy. Core Sky infrastructure
Uniswap V3 (fallback)	Low	Only used if PSM fee exceeds 0.05%. Currently not active (PSM fee is 0%)

Dependency quality: Current dependencies are spread across two blue-chip protocol ecosystems: Sky/MakerDAO (~41%) and Morpho (~59%). Both have exceptional audit coverage and track records. This diversification improves upon the previous 100% Sky/MakerDAO concentration. Sky has 8+ years of history and $10M bug bounty; Morpho has 25+ audits with formal verification. All dependencies are top-tier DeFi protocols.

Operational Risk

• Team: Yearn Finance — established since 2020, publicly known contributors. The ySafe 6-of-9 multisig has 9 named signers including prominent DeFi figures
• Governance: Standard Yearn V3 Role Manager — the same governance used across 37 vaults, with clear role separation (Daddy, Brain, Security, Keeper, Debt Allocator)
• Documentation: Comprehensive Yearn V3 documentation. Strategy code is verified on Etherscan
• Legal: Yearn Finance has converted its ychad.eth multisig into a BORG (cybernetic organization) via YIP-87, wrapping it in a Cayman Islands foundation company with smart contract governance restrictions
• Incident response: Yearn has demonstrated incident response capability across 4 historical events (all V1/legacy). V3 framework has not been tested under stress. The $200K Immunefi bug bounty provides a responsible disclosure channel
• V3 immutability: Vault contracts cannot be upgraded — this eliminates proxy upgrade risk but means bugs cannot be patched without deploying a new vault

Monitoring

Existing Monitoring Infrastructure

Yearn maintains an active monitoring system via the monitoring-scripts-py repository. yvUSDC-1 is actively monitored:

• Large flow alerts (yearn/alert_large_flows.py): Runs hourly via GitHub Actions. yvUSDC-1 is in the monitored vault list. Alerts on deposits/withdrawals exceeding threshold via Telegram
• Endorsed vault check (yearn/check_endorsed.py): Runs weekly, verifies all Yearn V3 vaults are endorsed onchain via the registry contract
• Timelock monitoring (timelock/timelock_alerts.py): Monitors the Yearn TimelockController (Strategy Manager) across 6 chains

Key Contracts

Contract	Address	Monitor
yvUSDC-1 Vault	0xBe53A109B494E5c9f97b9Cd39Fe969BE68BF6204	PPS (convertToAssets(1e6)), totalAssets(), totalDebt(), totalIdle(), Deposit/Withdraw events
USDC to USDS Depositor	0x39c0aEc5738ED939876245224aFc7E09C8480a52	totalAssets(), isShutdown(), keeper report frequency
USDC to sUSDS Lender	0x7130570BCEfCedBe9d15B5b11A33006156460f8f	totalAssets(), isShutdown(), keeper report frequency
ySafe (Daddy)	0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52	Signer/threshold changes, submitted transactions
Accountant	0x5A74Cb32D36f2f517DB6f7b0A0591e09b22cDE69	Fee changes, config updates
Sky Savings Rate	0xa3931d71877C0E7a3148CB7Eb4463524FEc27fbD	SSR rate changes, sUSDS TVL

Critical Events to Monitor

• PPS decrease — any decrease in convertToAssets(1e6) indicates a loss event. Should only increase
• Strategy additions/removals — StrategyChanged events indicate portfolio changes (new strategies go through 7-day timelock)
• Debt allocation changes — UpdatedMaxDebtForStrategy and DebtUpdated events
• Emergency actions — Shutdown event on vault
• ySafe signer/threshold changes — governance integrity
• SSR rate changes — Sky Governance may adjust the savings rate, affecting yield
• PSM fee changes — if tin or tout are set above 0, it may trigger the Uniswap V3 fallback path

Monitoring Functions

Function	Contract	Purpose	Frequency
convertToAssets(1e6)	Vault	PPS tracking	Every 6 hours
totalAssets()	Vault	Total TVL	Daily
totalDebt() / totalIdle()	Vault	Capital deployment ratio	Daily
strategies(address)	Vault	Per-strategy debt, last report time	Daily
get_default_queue()	Vault	Withdrawal queue composition	Weekly
getThreshold() / getOwners()	ySafe	Governance integrity	Daily
ssr()	Sky Pot	Savings rate	Weekly

Reassessment Triggers

• Time-based: Reassess in 6 months (October 2026) or annually
• TVL-based: Reassess if TVL exceeds $100M or changes by more than ±50%
• Incident-based: Reassess after any exploit, strategy loss, governance change, or Sky/MakerDAO or Morpho incident
• Strategy-based: Reassess if the vault reallocates into riskier strategies (e.g., leveraged positions). The current score assumes allocation to blue-chip ecosystems (Sky/MakerDAO + Morpho) — a shift to riskier strategies would significantly change the risk profile
• SSR-based: Reassess if Sky Savings Rate drops below 2% (may indicate Sky governance issues) or if PSM fees are introduced
• Governance-based: Reassess if ySafe composition changes (signer additions/removals, threshold changes)

---

Appendix: Contract Architecture

┌─────────────────────────────────────────────────────────────────────┐
│                         VAULT LAYER                                  │
│                                                                      │
│  ┌───────────────────────┐                                          │
│  │  yvUSDC-1 (v3.0.2)   │                                          │
│  │  ERC-4626, immutable  │                                          │
│  │  0xBe53...6204        │                                          │
│  │                       │                                          │
│  │  deposit() / redeem() │                                          │
│  │  totalAssets()        │                                          │
│  └──────────┬────────────┘                                          │
│             │ deploys USDC to 4 active strategies                    │
│             │                                                        │
│  ┌──────────▼──────────────────────────────────────────────────────┐│
│  │  STRATEGIES (by allocation)                                      ││
│  │                                                                  ││
│  │  ┌─────────────────────────────────────────────────────────┐    ││
│  │  │ SKY/MAKERDAO (~41%)                                     │    ││
│  │  │  USDC to sUSDS Lender  40.9%                            │    ││
│  │  │  Pipeline: USDC → DAI (PSM 1:1) → USDS → sUSDS         │    ││
│  │  └─────────────────────────────────────────────────────────┘    ││
│  │  ┌─────────────────────────────────────────────────────────┐    ││
│  │  │ MORPHO (~59%)                                           │    ││
│  │  │  Gauntlet USDC Prime Compounder     22.6%               │    ││
│  │  │  Steakhouse USDC Compounder         21.4%               │    ││
│  │  │  OEV-boosted USDC Compounder        15.1%               │    ││
│  │  │  Pipeline: USDC → Morpho vault (direct)                 │    ││
│  │  └─────────────────────────────────────────────────────────┘    ││
│  │                                                                  ││
│  │  5 additional strategies in queue with 0 debt:                   ││
│  │  USDS Depositor, Fluid, Spark, Aave V3 (×2)                     ││
│  └─────────────────────────────────────────────────────────────────┘│
└──────────────────────────────────────────────────────────────────────┘
                                │
                  deposits into underlying protocols
                                │
┌───────────────────────────────▼──────────────────────────────────────┐
│                    UNDERLYING PROTOCOLS                                │
│                                                                       │
│  ┌──────────────────────────┐    ┌──────────────────────────┐        │
│  │  Sky/MakerDAO            │    │  Morpho                  │        │
│  │  sUSDS: $6.18B TVL       │    │  $6.6B+ TVL              │        │
│  │  SSR: ~4.0% APY          │    │  25+ audits              │        │
│  │  8+ years, $10M bounty   │    │  Formal verification     │        │
│  │  ~41% of vault           │    │  ~59% of vault           │        │
│  └──────────────────────────┘    └──────────────────────────┘        │
│  ┌──────────────────────────┐    ┌──────────────────────────┐        │
│  │  MakerDAO PSM Lite       │    │  Sky DAI-USDS Exchanger  │        │
│  │  USDC ↔ DAI at 1:1      │    │  DAI ↔ USDS at 1:1      │        │
│  │  0% fee (tin=tout=0)     │    │  No fee                  │        │
│  └──────────────────────────┘    └──────────────────────────┘        │
└───────────────────────────────────────────────────────────────────────┘

Data flow: User deposits USDC → yvUSDC-1 vault → sUSDS strategy converts
USDC → DAI (PSM) → USDS (Exchanger) → sUSDS; Morpho strategies deposit
USDC directly into lending vaults. Profits reported by Keeper, locked for
10 days. Withdrawals reverse the pipeline (atomic, no cooldown).

Appendix: TimelockController Role Structure

TimelockController 0x88Ba032be87d5EF1fbE87336b7090767F367BF73 — deployed at block 24,242,692 with admin = address(0). Same timelock used by yvUSD and 37+ other Yearn V3 vaults.

Timelock Roles

Role	Holder	Type	Notes
DEFAULT_ADMIN	No holder	—	Never granted (admin = address(0) at construction). No one can grant/revoke roles outside the propose→wait→execute flow
TIMELOCK_ADMIN	Timelock itself (0x88Ba032be87d5EF1fbE87336b7090767F367BF73)	Contract	Only the timelock can admin its own roles. Config changes (delay, role grants) must go through the 7-day delay
PROPOSER	Daddy/ySafe (0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52)	6-of-9 Safe	Only proposer — no one else can initiate timelocked operations
EXECUTOR	Daddy/ySafe (0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52)	6-of-9 Safe	Can execute queued proposals directly
EXECUTOR	TimelockExecutor (0xf8f60bf9456a6e0141149db2dd6f02c60da5779b)	Contract	Wrapper contract — delegates execution to its internal executor list (see below)
CANCELLER	Daddy/ySafe (0xFEB4acf3df3cDEA7399794D0869ef76A6EfAff52)	6-of-9 Safe	Can cancel pending proposals
CANCELLER	Brain (0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7)	3-of-8 Safe	Can cancel pending proposals

TimelockExecutor Contract

0xf8f60bf9456a6e0141149db2dd6f02c60da5779b — governance-gated wrapper around the TimelockController. Only addresses on its internal executor list can call execute() through it.

Parameter	Value
Governance	Brain (0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7) — only Brain can add/remove internal executors
Internal executor 1	Brain (0x16388463d60FFE0661Cf7F1f31a7D658aC790ff7)
Internal executor 2	Deployer EOA (0x1b5f15DCb82d25f91c65b53CEe151E8b9fBdD271)

Execution Paths for Queued Proposals

All paths require Daddy (6/9) to first propose the operation and a 7-day wait:

1. Daddy (6/9) executes directly (holds EXECUTOR_ROLE on timelock)
2. Brain (3/8) executes via TimelockExecutor contract
3. Deployer EOA executes via TimelockExecutor contract

Why the Delay Cannot Be Bypassed

To change the timelock delay (e.g., reduce from 7 days), an attacker would need to:

1. Control Daddy (6/9) to propose updateDelay() — the only PROPOSER
2. Wait 7 days — Brain or Daddy can cancel during this window
3. Execute via Daddy, Brain, or the EOA — but the operation is already visible onchain for 7 days

DEFAULT_ADMIN was never granted, so no one can grant themselves PROPOSER or TIMELOCK_ADMIN to skip this flow. The timelock holds TIMELOCK_ADMIN but can only act on it through its own propose→wait→execute cycle.