Skip to main content

Security considerations

Euler Earn is designed with security as a priority, but there are inherent limitations and risks that developers and users should be aware of. This document outlines key security considerations when working with Euler Earn.

Known limitations

Share price volatility

When Euler Earn harvests negative yields or toggles a strategy to Emergency status, losses are socialized across all depositors, which causes the share price to drop suddenly. This volatility means that if Earn vault shares are used as collateral in other lending protocols, these sudden price drops could trigger unexpected liquidations. We strongly advise to take this into considerations when using Euler Earn vault shares as collateral or relying on the share price as an oracle input in other systems.

Frontrunning loss socialization

The public nature of blockchain transactions creates an opportunity for sophisticated users to monitor pending transactions, detect incoming negative harvests or strategy emergency toggles, and frontrun these actions with withdrawals. This allows them to avoid taking their share of losses, which in turn increases the burden on the remaining depositors. While the protocol attempts to mitigate this by skipping harvest operations during withdrawals that don't exceed the cash reserve, this only provides a partial solution to the problem and doesn't fully prevent frontrunning.

Interest smearing MEV opportunities

Euler Earn's interest smearing mechanism, while designed to prevent sudden share price jumps, creates potential MEV (Maximal Extractable Value) opportunities. When large positive yields occur, especially after reactivating previously Emergency-marked strategies, they create temporarily high APRs during the smearing period. This allows sophisticated users to deposit funds just before large interest events and withdraw after earning a disproportionate share of the yield. This behavior can feel unfair to long-term depositors, particularly those who suffered the initial loss when a strategy was emergency-removed.

MaxWithdraw/MaxRedeem limitations

The maxWithdraw() and maxRedeem() functions in Euler Earn don't always return the truly optimal maximum amount a user can withdraw. In certain scenarios, withdrawing less than the maximum amount could actually result in more value received, particularly if a withdrawal would trigger a harvest operation that causes a loss. This behavior is intentionally implemented as part of the protocol's design to discourage users from trying to frontrun negative harvests and avoid loss socialization.

Strategy previewRedeem manipulation

Euler Earn relies on the strategies' previewRedeem() function to measure the value allocated to each strategy. However, as noted in the EIP-4626 specification, this value might be manipulable and is not always safe to use as an oracle. If a strategy's previewRedeem() function can be manipulated through techniques like "read-only reentrancy," it could result in over or underestimated values, potentially allowing profit extraction or false loss reporting. Before enabling any strategy, it's crucial to verify that its previewRedeem() implementation is secure against manipulation.

Strategies with fees not properly supported

When Euler Earn allocates funds to a strategy during rebalancing, it records the allocated amount as the deposited amount, rather than calculating the actual value of the received shares. This approach creates problems with strategies that charge fees on principal deposits. Such strategies will register apparent losses at harvest time as the recorded allocation exceeds the actual returned value, and these losses are then socialized among all depositors. To prevent this, avoid using strategies with management fees on principal entirely. For every strategy enabled, ensure that depositing and withdrawing assets consistently increases or decreases the previewRedeem(strategy.balanceOf(this)) value by the same amount of assets.

Performance fee attribution

When Euler Earn harvests positive yields and applies performance fees, these fees are instantly minted to the fee recipient as vault shares, unlike the regular yield which is subject to the smearing mechanism. This means that fee recipients immediately receive shares that will both earn future smeared interest on positive yield and be impacted by any future loss socialization. This approach ties the fee recipient's returns to the ongoing performance of the vault, which may or may not align with intended incentive structures.

Rebalance order sensitivity

The rebalance() function's behavior depends significantly on the order of strategies provided in the function's array parameter. If strategies requiring withdrawals don't come before those requiring deposits in the array, some deposits might be skipped due to temporary cash shortages. This happens because the cash needed for deposits might only become available after processing withdrawals from other strategies later in the array. For optimal rebalancing, always structure the array to process withdrawals first, followed by deposits.

Security best practices

Strategy vetting

Before adding a strategy to an Earn vault:

  1. Verify the strategy is audited and has a track record of security
  2. Confirm the strategy doesn't charge fees on principal, as these will create immediate losses at rebalance time
  3. Test that the strategy's previewRedeem() function cannot be manipulated through flash loans or other techniques
  4. Verify the strategy correctly accounts for rewards

Access control management

Carefully manage the role-based access control system:

  1. Distribute roles to different entities for decentralization
  2. Consider implementing timelock mechanisms for sensitive operations
  3. Regularly audit role assignments and consider revoking unnecessary permissions

Circuit breaker usage

Use the Emergency status feature to mitigate strategy risks:

  1. Monitor strategies continuously for abnormal behavior
  2. Have clear criteria for when to toggle Emergency status
  3. Test the Emergency status toggle in various scenarios to ensure it functions as expected

Testing and simulation

Before deploying to production:

  1. Simulate various market conditions and user behaviors
  2. Test edge cases like extremely large deposits/withdrawals
  3. Verify that performance fees are calculated correctly
  4. Test rebalancing with different strategy orderings
  5. Simulate loss scenarios to understand socialization impacts
  6. Be aware of the 1-day harvest cooldown period when implementing and testing withdrawal logic

Audit status

Euler Earn has undergone 2 audits by yAudit and Spearbit, and formal verification review by Enigma Dark.

All audit reports are available at: https://github.com/euler-xyz/euler-earn/tree/main/audits