Foundational principles for understanding strategy access models in automated yield farming protocols.
LABS
Guides
Permissionless vs Whitelisted Strategies in Yield Optimizers
Chainscore © 2025
core-concepts
Core Concepts
01
Permissionless Strategy
A permissionless strategy is a smart contract vault that anyone can deposit into without approval. It operates on open-source, immutable code that executes a predefined yield-farming logic.
- Open Access: No gatekeeping; any user or protocol can interact.
- Automated Execution: Relies solely on code, not human intervention, for actions like harvesting and compounding.
- Transparent Risk: All strategy parameters and holdings are publicly verifiable on-chain.
- Example: A Convex staking vault that automatically claims and reinvests CRV rewards.
02
Whitelisted Strategy
A whitelisted strategy restricts deposits to a pre-approved list of addresses, typically managed by the protocol's governance or a multisig. This allows for curated, often more complex, financial logic.
- Controlled Access: Deposits are limited to vetted users or partner protocols to manage risk and capital flow.
- Flexible Upgrades: Strategy logic can be paused, updated, or migrated by authorized controllers.
- Custodial Elements: May involve off-chain components or privileged roles for certain operations.
- Example: A Yearn vault employing a novel, experimental leverage tactic available only to whitelisted DAO treasuries.
03
Strategy Risk Profile
The risk profile defines the potential for loss of principal due to smart contract bugs, economic design flaws, or market conditions. Permissionless and whitelisted models distribute this risk differently.
- Code Risk: Both carry smart contract risk, but whitelisted strategies may have faster response to exploits via upgrades.
- Concentration Risk: Whitelisted strategies can limit exposure, while permissionless ones may attract large, volatile inflows.
- Governance Risk: Whitelisted strategies introduce dependency on the integrity and speed of the governing body.
- Key Consideration: Assess if the yield premium justifies the additional trust assumptions of a whitelist.
04
Capital Efficiency
Capital efficiency measures how effectively a strategy generates yield relative to the capital deployed and locked. The access model significantly impacts this metric.
- Permissionless Efficiency: Benefits from deep, composable liquidity and network effects but may suffer from dilution during high gas or low yield periods.
- Whitelisted Efficiency: Can optimize for larger, stable deposits and execute gas-intensive maneuvers not viable for small holders.
- Example: A whitelisted MEV capture strategy requires large, coordinated capital to be profitable, which an open vault could not efficiently aggregate.
05
Composability & Integration
Composability refers to a strategy's ability to function as a reliable money lego within the broader DeFi ecosystem. Permissionless strategies are inherently more composable.
- DeFi Lego: Permissionless vaults can be seamlessly integrated by other protocols (e.g., lending markets, index products) as yield-bearing assets.
- Integration Friction: Whitelisted strategies create barriers, as each integrating protocol must also be whitelisted, limiting utility.
- Use Case: An automated money market using a permissionless Yearn yvUSDC vault as a collateral type to enable leveraged yield farming positions.
06
Governance & Upgradeability
The governance model dictates how strategy parameters, fees, and critical logic changes are enacted. This is a core differentiator between access models.
- Permissionless Governance: Often immutable or changed via slow, token-weighted DAO votes, prioritizing predictability over agility.
- Whitelisted Governance: Typically involves a faster, more centralized multisig or council capable of emergency pauses and strategic pivots.
- Trade-off: Users must choose between the credibly neutral, 'set-and-forget' model and a more actively managed, responsive one.
- Example: A whitelisted strategy's controller can swiftly de-risk by exiting a farming position if a partner protocol is exploited.
Strategy Model Comparison
Comparison of key operational and economic parameters between permissionless and whitelisted strategy models.
| Feature | Permissionless Model | Whitelisted Model | Hybrid Model |
|---|---|---|---|
Strategy Deployment | Any developer can deploy | DAO or core team approval required | Pre-approved templates with optional custom review |
Time to Launch New Strategy | Immediate | 1-4 weeks for governance review | 1-3 days for templated strategies |
Protocol Fee on Yield | Typically 10-20% performance fee | Often 5-15% performance fee | Variable fee (8-18%) based on strategy risk tier |
Capital Deployment Limit | Uncapped, subject to vault TVL | Often capped per strategy (e.g., $50M) | Soft caps with governance escalation |
Security Audit Requirement | Optional; relies on social consensus | Mandatory third-party audit before whitelisting | Mandatory for custom code; templates pre-audited |
Upgrade Mechanism | Immutable or timelock-controlled by strategist | Governance-controlled upgradeability | Multi-sig or committee for emergency fixes |
Typical TVL Concentration | Highly fragmented across many strategies | Concentrated in a few high-conviction strategies | Balanced between core and experimental pools |
Gas Cost for User Entry/Exit | Higher due to complex, unaudited logic | Optimized and predictable | Moderate, optimized for common paths |
How Permissionless Strategy Deployment Works
Process overview for deploying a new yield strategy without requiring approval from a central authority.
1
Strategy Design and Smart Contract Development
Define the strategy's logic and implement it as a smart contract.
Detailed Instructions
Develop a strategy contract that inherits from the yield optimizer's base interfaces (e.g., IStrategy). The core function is harvest(), which executes the yield-generating logic. The contract must manage asset deposits, withdrawals, and interactions with external DeFi protocols like Aave, Compound, or Uniswap V3.
- Sub-step 1: Design the yield loop: Identify the target protocol, the optimal route for supplying/borrowing assets, and the reward token conversion path.
- Sub-step 2: Implement the
deposit()andwithdraw()functions to handle user funds, ensuring they interact correctly with the vault contract. - Sub-step 3: Write the
harvest()function logic, including calls to claim rewards, swap them to the vault's base asset, and reinvest or report profits.
solidityfunction harvest() external override onlyVault { IERC20 rewardToken = IERC20(REWARD_TOKEN); uint256 rewardBalance = rewardToken.balanceOf(address(this)); if (rewardBalance > 0) { rewardToken.safeSwap(rewardBalance, WETH, UNISWAP_ROUTER); uint256 wethBalance = IERC20(WETH).balanceOf(address(this)); _addLiquidityAndStake(wethBalance); } IVault(vault).report(wantEarned); }
Tip: Thoroughly test the contract's edge cases, especially for handling slippage during swaps and managing gas costs, which are borne by the strategist.
2
Contract Verification and Security Review
Ensure the strategy code is publicly verifiable and audited for vulnerabilities.
Detailed Instructions
Before deployment, the smart contract source code must be verified on a block explorer like Etherscan. This transparency allows any user to inspect the logic. While not mandated by the protocol, a professional security audit is highly recommended to protect user funds and the strategist's reputation from exploits.
- Sub-step 1: Compile the contract with the exact compiler version and optimization settings used for deployment.
- Sub-step 2: Use the block explorer's verification tool to upload the source files (
.sol), constructor arguments, and relevant libraries. - Sub-step 3: Review the verified contract page to confirm all functions and state variables are correctly displayed and match your repository.
- Sub-step 4: (Recommended) Engage an audit firm or use automated tools like Slither or Mythril to analyze for common vulnerabilities such as reentrancy or improper access control.
bash# Example command to verify a contract on a forked network using Foundry forge verify-contract --chain-id 1 --verifier etherscan \ --etherscan-api-key $API_KEY \ 0xYourStrategyAddress \ src/Strategy.sol:MyStrategy
Tip: Publish the audit report publicly. Even a solo review using established checklists adds credibility compared to an unaudited deployment.
3
Deployment and Vault Attachment
Deploy the strategy contract and link it to a new or existing vault.
Detailed Instructions
Deploy the verified strategy contract to the mainnet. The deployment transaction will originate from the strategist's EOA or multisig wallet, paying the associated gas fees. After deployment, the contract must be attached to a vault contract that holds user deposits. This can be an existing vault for a specific asset or a new one created for this strategy.
- Sub-step 1: Deploy the strategy using a script or directly via Remix, passing any required constructor arguments (e.g., the address of the vault, keeper, or reward router).
- Sub-step 2: Call the vault's
addStrategy(address _strategy, uint256 _debtRatio)function, where_debtRatiois the maximum percentage of the vault's funds this strategy can allocate (e.g., 10,000 for 100%). - Sub-step 3: The strategist (or a governance vote) must then call the strategy's
setVault(address _vault)function to finalize the two-way linkage, enabling fund flows.
javascript// Example deployment and attachment script using ethers.js const Strategy = await ethers.getContractFactory("MyStrategy"); const strategy = await Strategy.deploy(vaultAddress, keeperAddress); await strategy.deployed(); console.log(`Strategy deployed to: ${strategy.address}`); const vault = await ethers.getContractAt("Vault", vaultAddress); await vault.addStrategy(strategy.address, 5000); // 50% debt ratio await strategy.setVault(vaultAddress);
Tip: Monitor the initial
addStrategytransaction carefully, as incorrect parameters like an excessive debt ratio could risk vault funds.
4
Initial Capitalization and Performance Monitoring
Seed the strategy with funds and establish a keeper for automated harvesting.
Detailed Instructions
A new strategy starts with zero allocated capital. The strategist must seed the strategy with an initial deposit to demonstrate viability and earn the vault's trust. Simultaneously, a keeper bot must be set up to call the harvest() function when it is profitable, factoring in gas costs.
- Sub-step 1: The strategist deposits a significant amount (e.g., 10-50 ETH worth) of the vault's
wanttoken (e.g., USDC, WETH) directly into the vault, which will then allocate it to the new strategy based on its debt ratio. - Sub-step 2: Implement or configure a keeper service (e.g., using Gelato Network, Chainlink Keepers, or a custom script) to monitor the strategy's
harvestTrigger()function, which returnstruewhen a harvest is estimated to be profitable. - Sub-step 3: The keeper automatically calls
harvest()when conditions are met, executing the yield loop and reporting gains to the vault, which mints shares for all depositors. - Sub-step 4: Monitor on-chain metrics like the strategy's Estimated APR, total debt, and harvest frequency using tools like DeFi Llama or Dune Analytics.
solidity// Example harvestTrigger function a keeper monitors function harvestTrigger(uint256 callCost) public view returns (bool) { uint256 harvestProfit = estimatedHarvest(); // Only harvest if profit exceeds cost + premium return harvestProfit > (callCost + (callCost * profitFactor) / MAX_BPS); }
Tip: Strategists are financially incentivized; they typically earn a performance fee (e.g., 10% of harvested profits) and sometimes a small management fee, making effective keeper setup critical.
Whitelisting Process and Governance
A technical walkthrough of the governance and implementation steps for adding a new strategy to a whitelisted vault.
1
Proposal Submission and Discussion
Initiating the governance process to propose a new strategy for whitelisting.
Detailed Instructions
The process begins with a formal governance proposal submitted to the protocol's forum or Snapshot page. The proposer, typically a core developer or a respected community member, must provide a comprehensive strategy risk assessment. This includes a detailed analysis of the target protocol's smart contract risks, economic model sustainability, and potential integration points with the vault's existing architecture.
- Sub-step 1: Draft a Temperature Check post on the governance forum, outlining the strategy's mechanics, expected APY, and risk parameters.
- Sub-step 2: Engage with the community and security researchers to gather feedback on the proposed strategy's attack vectors and economic assumptions.
- Sub-step 3: Formalize the feedback into a revised proposal, often requiring an on-chain vote using the protocol's native governance token (e.g.,
$VE_TOKEN).
solidity// Example interface for a governance proposal struct interface IGovernance { struct Proposal { address strategy; uint256 voteStart; uint256 voteEnd; string descriptionHash; // IPFS hash of the proposal details } function propose(address strategy, string calldata description) external returns (uint256 proposalId); }
Tip: Successful proposals often include a simulation of the strategy's performance under various market conditions, including stress tests for impermanent loss or liquidity crunches.
2
Technical Audit and Code Review
The proposed strategy's smart contracts undergo rigorous security review before approval.
Detailed Instructions
Following a successful governance vote, the strategy's smart contract code is submitted for a formal audit. This phase is critical for whitelisted vaults as they assume liability for user funds. The audit is typically conducted by one or more reputable third-party security firms (e.g., Trail of Bits, OpenZeppelin). The scope includes reviewing the strategy's interaction with external DeFi primitives like AMMs, lending markets, and reward distributors.
- Sub-step 1: The development team finalizes the strategy's
Strategy.solcontract, ensuring it implements the vault's required interface (e.g.,IStrategy). - Sub-step 2: Auditors perform manual code review and automated analysis (using tools like Slither or MythX) to identify vulnerabilities such as reentrancy, logic errors, or oracle manipulation.
- Sub-step 3: The audit report is published, and the development team addresses all critical and high-severity findings. A final commit hash (e.g.,
0xabc123...) is locked in for deployment.
solidity// Snippet showing a common vault strategy interface function function harvest() external override onlyStrategist { // Collect rewards (e.g., CRV, COMP) IERC20 reward = IERC20(rewardToken); uint256 balanceBefore = reward.balanceOf(address(this)); IMasterChef(masterChef).deposit(0, 0); // Claims pending rewards uint256 harvested = reward.balanceOf(address(this)) - balanceBefore; // ... swap, reinvest, etc. }
Tip: Even after an audit, many protocols implement a time-lock or gradual cap increase for newly whitelisted strategies to monitor live performance and catch unforeseen issues.
3
On-Chain Execution and Parameter Configuration
Deploying the approved strategy and configuring its operational parameters within the vault system.
Detailed Instructions
Once audited, the strategy deployment is executed via a multisig transaction or a timelock controller (e.g., 0x5f5...9e3). This step involves deploying the strategy contract to mainnet and calling specific permissioned functions on the vault manager to register it. Key parameters are set on-chain, defining the strategy's operational boundaries and risk limits to protect the vault's total value locked (TVL).
- Sub-step 1: Deploy the strategy contract using a deterministic CREATE2 address or a standard factory. Verify the source code on Etherscan.
- Sub-step 2: Call
Vault.addStrategy(address _strategy, uint256 _debtRatio, uint256 _performanceFee)to whitelist it. The_debtRatio(e.g., 10% or 1000 BPS) limits how much vault capital it can allocate. - Sub-step 3: Set strategy-specific parameters like
minReportDelay,profitMaxUnlockTime, andkeeperaddresses viaStrategy.setKeeper(address)andStrategy.setStrategist(address).
bash# Example CLI command to propose a strategy addition via a governance multisig cast send $GOVERNANCE_ADDRESS \ "propose(address,string)" \ $NEW_STRATEGY_ADDRESS \ "ipfs://QmProposalHash123" \ --from $MULTISIG
Tip: Always verify the debt ratio sum across all strategies does not exceed 10,000 BPS (100%) to prevent over-leverage within the vault.
4
Monitoring, Reporting, and Iteration
Ongoing oversight, performance reporting, and the process for updating or retiring a whitelisted strategy.
Detailed Instructions
After activation, the strategy enters a continuous monitoring phase. Keepers or gelato bots automatically call the harvest() function when gas prices are favorable and profit thresholds are met. The vault's governance community monitors performance metrics (APY, TVL concentration) and risk metrics (collateral health ratios, liquidity) via dashboards and periodic reports. Strategies can be updated or deactivated through subsequent governance proposals if they underperform or if the underlying protocol's risk profile changes.
- Sub-step 1: Monitor harvest reports and transaction logs for successful executions and profit calculations. Check that
Strategy.estimatedTotalAssets()aligns with on-chain reality. - Sub-step 2: Use off-chain monitoring tools (e.g., Tenderly, DefiSafety) to track the strategy's exposure to specific lending pools or liquidity pools.
- Sub-step 3: If issues arise, governance can vote to update strategy parameters via
Vault.updateStrategyDebtRatio()or initiate a full strategy migration by proposing a new version and gradually winding down the old one.
solidity// Example function a governance timelock would call to deactivate a strategy function revokeStrategy(address _strategy) external onlyGovernance { strategies[_strategy].debtRatio = 0; // Stop new deposits // Optionally, call Strategy.migrate(address newStrategy) to move funds }
Tip: Establish clear off-boarding criteria in governance documentation, such as sustained APY below a benchmark or a security incident in the underlying protocol, to streamline the retirement process.
Risk and Security Analysis
Understanding Core Risk Vectors
Smart contract risk is the primary concern for any on-chain strategy. This refers to bugs or exploits in the code that manages deposits, swaps, and withdrawals. Economic risk involves the underlying DeFi protocols the strategy interacts with, such as potential impermanent loss in Uniswap V3 liquidity positions or liquidation cascades in Aave lending pools. Oracle risk is critical for strategies relying on price feeds for actions like rebalancing or leverage maintenance; a manipulated price can trigger incorrect and costly transactions.
Key Points
- Custodial Risk: In permissionless systems, you retain custody of your assets, but you also bear full responsibility for security. In whitelisted vaults, the vault contract holds assets, introducing a central point of failure.
- Transparency vs. Opacity: Permissionless strategies have fully auditable, on-chain logic. Whitelisted strategies may have private components or admin functions that are not fully transparent to users.
- Upgrade Mechanisms: Many whitelisted vaults use proxy patterns for upgrades, which can be a risk if governance is centralized. Permissionless strategies are immutable once deployed, eliminating upgrade risk but also flexibility.
Example
A permissionless yield strategy on Ethereum might automate staking ETH in Lido and then depositing stETH in Aave. You must audit the strategy's contract, the Lido staking router, and Aave's aToken contracts yourself. A failure in any component could lead to loss of funds.
Frequently Asked Questions
The core difference is strategy registration. In a permissionless vault, any developer can deploy a strategy contract that adheres to the vault's interface and immediately begin accepting user deposits, enabling rapid innovation. A whitelisted vault requires the protocol's governance or a multisig to manually approve and add each strategy's contract address to an allowlist before it can be used. This creates a central point of control and a significant time delay for new integrations, but allows for deeper vetting of code and economic security.