- An automated DeFi hedge fund.
- From DeFi Prime (12-10-2020):
Audits & Exploits
- Bug bounty program can be found here (live since 2-12-2020) with a max of $200.000.
- Scored a 55% on DeFi Safety (9-2020); "No audit is complete, as they clearly indicate, though one may be in process." Got an update to 67% (25-1-2021); "Two good audits, with corrections as appropriate are visible. One from
Peckshieldand one from Haechi." With the comment: "Using our latest process and taking into account their audits; 67%. Still low on docs and testing."
- Since then it looks like they had two more audits done, by Least Authority and by Certik.
- From Blockthreat (17-10-2021):
"Reportedly, arbitrage manipulation using a $50 million flash loan enabled the attackers to stretch the price of the stablecoins on Curve’s Y pool. The hackers then used the stablecoin and BTC pools on Harvest Finance to obtain a greater amount of stablecoins in exchange for the highly-priced tokens on Curve.
In less than seven minutes, the attackers drained $24 million from Harvests’ liquidity. The total volume of trading on Curve’s USDT and USDC shot from $10 million to over $2.7 billion during the exploit.
The nature of the attack has been discussed in detail in the academic paper by researchers from Imperial College London (ICL). It outlines how to use flash loans to manipulate the price of token pairs and drain liquidity from DeFi pools."
- From this article (26-10-2020):
"Harvest Finance has placed a bounty of $100,000 on [the] hacker that attacked the protocol’s liquidity pools."
"Once the team realized an attack was underway, they tried to thwart it. The team immediately withdrew all the funds from the shared pools to a secure vault. They also blocked deposits to the stablecoin and BTC vault. As the fallout continued, Harvest also published the BTC addresses where the stolen funds were stored. They then asked the major exchanges to blacklist these addresses.
After they stopped the bleeding, Harvest put a $100k bounty on the hacker’s head. Furthermore, they promised to up the ante to $400k if the funds were returned within 36 hours."
"Highlighted by independent DeFi researcher Chris Blec, Harvest Finance has one admin key for making changes to the smart contract. Essentially, the owner of this key can perform a variety of changes, from strategies to orchestrating a rug pull. The FARM governance community is powerless in the current arrangement. Harvest Finance developers refuse “to spend time chasing Defi influencers around to approve transactions.”"
"Harvest has deployed timelocks on all vaults that function as follows:
- If the devs wish to change the investing strategy, they must first deploy the new strategy to the blockchain.
- Next they "announce" the strategy change, which emits a web3 event that can be read by chainwatching bots.
- Users have a specified amount of time (currently 12 hours) to examine the new contract and withdraw funds if they wish to opt out.
- Any time after the specified period has elapsed, the deployer may choose to either accept or reject the strategy change."
Council of 69
- From their docs (6-2021):
"It is an initiatve to bring even more yields💰 for Harvest Finance farmers by investing in strategic early stage ventures. The way The council of 69♋ works is :
- A savvy community member suggest a deal and organizises a community vote to move the deal further (1000FARM votes needed)
- The Harvest council of 69 performs a due dilligence and makes a decision
- 💰 After a successful invesmtnt the member who suggested the deal gets 10% in a liquidity even, while the remaining 90% go to the Profit Share pool to be distributed among the Harvest Farmers."
"Check the investments made by the Council of 69:
- $50,000 in Perpetual Protocol at $0.50/PERP (Snapshot Vote; Vesting Stream 1; Vesting Stream 2)
- $50,000 in Benchmark for BMK at seed price with 1 year vesting (Medium Post)
- $50,000 in AP Wine for $0.30/APW, vested over 2 years (Snapshot Vote)
- $15,000 in Babylon Finance at $10/BABL with 3 year vesting after 1 year cliff (Snapshot Vote)
- CompliFi - Terms are private until vesting has completed after 6 months"
- FARM has a total supply over 4 years of 690,420.
- Harvest was completely bootstrapped, with no VCs and no premine.
"10% of minted FARM goes to the treasury on a weekly basis
20% of minted FARM goes to the devs
At the moment, most of this FARM is only sold when funds are needed"
"FARM is Harvest’s governance token. And FARM token holders not only get to vote on the future direction of the protocol, but they also receive incentives to provide liquidity. Moreover, they get to participate in profit sharing from yield farming revenue. Cashflows come from Assets Under Management while protocol profits keep incentives aligned for users to hold a stake and govern."
- From the FAQ (5-2021):
"Contracts are [open source]; frontend UI is not currently (to slow down clones)"
- From the FAQ (6-7-2021):
- FARM is a cashflow token for Harvest. It is available on Uniswap.
- iFARM is a yield-bearing token for Harvest. It can be acquired by depositing into FARM on the front page with Use iFARM checkbox.
bFARM is the equivalent of FARM on Binance Smart Chain. bFARM can be swapped to FARM and back using Anyswap bridge
fDAI, fUSDC, fWBTC, and other f-tokens are the yield-bearing versions of the corresponding assets which are being automatically farmed by Harvest. When Harvest generates yields, 70% of these yields are used to increase the value of these tokens. You can redeem them at any time for DAI, USDC, WBTC, and so on.
- From the website (7-6-2021):
"GRAIN is an asset that is supported by 0.5% of harvest emissions."
"There's a dev wallet with 36k FARM. In total that's about ~80k FARM controlled by the devs."
- Whitepaper can be found [insert here].
- Code can be viewed here.
- Built on: Ethereum
- From Ivan on Tech (7-11-2020):
How it works
- From the FAQ (6-7-2021):
"We automate farming by doing regular harvesting of crops on over 100 different farms.
When Harvest generates yields, 70% of these yields are used to increase the value of the deposits. The other 30% are converted into FARM tokens which are used for:
- Rewarding farmers who staked their FARM into the FARM pool on the front page.
- Increasing the value of iFARM - the yield-bearing FARM. iFARM is using the FARM pool under the hood.
In addition, the FARM pool also receives weekly FARM emissions from the total supply of 690,420."
"Capital will be distributed as follows: 30% of the yield farming revenue will go to those who stake FARM, while the remaining 70% will be returned to users who provide capital. Also, Harvest charges no additional fees for withdrawing or depositing assets. The protocol will, however, collect transaction fees from swaps. Harvest can use these funds for bug bounties, security audits, and also for new projects."
- From this blog (12-8-2020):
"Harvest takes 30% of the profit that’s being made and uses that to buy Farm from the market and distribute it in the “Farm Profit Sharing Pool”.
- So far (6-7-2021) 89.73k FARM has been bought back.
- For a history on releases, check their gitbook.
- The Harvest Finance team have teased v2 of the protocol which will come with a host of improvements (20-7-2021).
- From this blog (12-8-2020):
"77% of the existing Farm tokens are staked in the profit sharing pool."
- According to their dashboard (6-7-2021): 60.3% of FARM is staked.
Their Other Projects
- Can be found here (6-7-2021):
"Yield farming is not going away, and gas prices are not getting lower. Our goal is to simply provide an easy way for people to benefit, and make your hard work much easier, while looking for safe projects to add to the farming repertoire."
"Within a fortnight of their launch, Harvest Finance quickly rose the DeFi ranks acquiring more than $1 billion in total value locked (TVL). This is despite the warning signals in their audit reports."
- And one day later, from Crypto Briefing once again (26-10-2020):
"Hackers obtained USDT and USDC stablecoins worth $24 million from Harvest Finance’s stablecoin and BTC pools. Harvest’s governance token FARM plummeted 60% following the revelation of the hack. $400 million in total liquidity have been drained out of Harvest Finance as liquidity providers (LPs) flee the platform."
- As of 6-7-2021 it made $330K in revenue that week.
Projects that use or built on it
- 88mph; says they "are dependent on the success of other protocols" one of which is this one (25-2-2021).
Pros and Cons
- Whale movements pose a bigger risk to protocols like Harvest because their large investments and withdrawals can significantly alter the APY associated with the rewards.
Team, Funding, Partnerships, etc.
- Full team can be found [here].
- The Harvest Finance launch team is anonymous (5-2021).