Transcript for #7: Andre Cronje on Governance in DeFi

Author

We return for the second half of our interview with Andre Cronje, a long-time DeFi developer, and creator of Yearn Finance. You can think of Yearn as a smart bank account that automatically allocates your assets to different low-risk investment strategies that execute on the Ethereum blockchain.

My co-host is Tarun Chitra, the CEO and founder of Gauntlet, a company that helps stress test the incentive structures and economics of cryptocurrency protocols, especially of DeFi protocols.

In this episode, we explore governance in Yearn in particular and how governance in DeFi should work in general. What roles exist, and how can we align their incentives? Is governance a feature to be tokenized and sold off, or an attack vector to be closed? How does the price of a governance token affect the security of its parent protocol? And why does Andre eventually want to retreat from being the lead developer of Yearn Finance?

Listen and subcribe here

Hasu (00:00:36):
So for the second half of this interview, I would like to talk to you about Yearn’s governance and just governance of DeFi projects in general. So I would say in all DeFi protocols there is a fundamental friction between the control for the developers and governance risk for the user. First off, would you agree with that? And second, could you describe how governance works in Yearn today?

Andre Cronje (00:02:50):
Yeah. so, so, so there’s, there’s one more I’ll I’ll add, I, I think there’s, I think there’s three parties playing at each other. Developer being one, governance itself, being one, and then LPs into a protocol or, or any kind of, you know person that gets benefit out of the protocol is, is definitely another one. So, so we, we can drill down into, into those three roles a little bit later. So, so let’s dig into, into current governance. Current governance is social governance. That’s that’s the only way I can currently describe it. So the forum is used for discussions and signaling purposes which we’ve seen often mismatch with voting on-chain. So I’m actually now moving to a off-chain signaling solution, but, but that’s a, that’s a different discussion. So, so for now forum signaling, forum vote, if there is enough support on one or the other side goes into on-chain voting on-chain voting proposal is submitted.

Andre Cronje (00:03:54):
Voting is open for three days. If quorum is reached, then the “for” trigger or the “against” trigger occur and, and right now it’s, it’s still completely open-ended. I, I had, I had originally thought by now that, that the, the, the, the token structure, if any, would have been codified I had thought that some of the, the system parameters would have been codified I’m not there yet still very good discussions. So, so I’m not, I’m not considering it a bad thing. It’s early days and there’s a lot of, you know, knowledge share that still has to happen. So, so that process has to occur. But for now, it’s at the point where, where, when that vote closes on a positive, I codify the system. Now, ideally the person that submits the proposal, codifies it, but not everyone that’s involved in discussion now has the coding ability.

Andre Cronje (00:04:47):
So I codify it to, to the best of my capabilities. And then submit that again. And then if there’s agreement on there, which is currently just by the multisig owners, but ideally I’d like it to be used by, you know, actual proper governance vote solution. Then, then that piece is added into the ecosystem. So, so it’s adding, it’s adding a little block at a time as people decide what those blocks are. The, the, the goal with that is so that the token holders themselves define the rules of how the system is going to work. So if they, if they want a token release schedule, you know, they need to design on that and then codify and lock it in if they want a, if they want to split governance into three separate DAOs for argument’s sake and the one DAO manages system level, and another one manages the treasury, and another one manages, I don’t know, something else. Then that’s fine. That’s the way we go. And then we’ll codify those pieces for each one. But, but right now it’s, it’s I guess, best described as off-chain governance. Is that a thing I don’t know with, with those decisions moving towards codifying and making it a final on-chain solution.

Hasu (00:06:03):
Yeah. And I think we can call this either off-chain governance or like informal governance compared to something like Compound where it requires, say, a formal governance vote that happens on-chain. And, and then when the vote, when the vote succeeds, then only then it’s like new smart contract logic swapped in to replace the existing one.

Andre Cronje (00:06:32):
Yeah. So, so, so, so Compound is a great example. And I do think they’re there they’re like one of the best current standards for, for on-chain governance specifically, because even, even, even before that vote happens, the, the contract change is submitted with the vote, which, which I think is really cool. So, so if you want to, you know, it’s, it’s not “vote-codify” it’s “I codified this, what do you guys think?” Which, which from a developer perspective, I like the one design difference that, that I don’t like is, you know, all of it, everything is proxy upgradable. I’m, I’m, I’m just personally not a fan of that design pattern. So, so, so that’s really my only comment there, but what I really liked, the fact that, you know, the change has to be codified even before it goes into the solution.

Andre Cronje (00:07:19):
I’ve I’ve I actually used to do that. And then like after the third vote, that, that didn’t go for how I thought it was going to go. I, I I’ve put a pause on that because I’ve, I’ve wasted a lot of development hours, codifying stuff that’s not currently used. And, and, you know, let, let governance formulate how it wants to work, but, but yeah, I, I think there’s completely open-ended, which I think is where, where YFI is currently at. YFI. I don’t know the name changes so often, and then there’s, then there’s very strict codified changes. I want to get to a point where, where it’s not even proxy upgradable or, you know, after, after the rules and the systems have been set it’s, it’s, it’s completely immutable like my, like my Yearn V1 solution. Because I’m, I’m, I’m also a interesting it’s, it’s interesting how my, my feelings on this has changed over the last few months.

Andre Cronje (00:08:20):
Because originally I had, I had the V1 deployment I did, and then I wanted to do some changes. So I did the V2 deployment, and this was back with my original Yearn because I, I, I didn’t want any of my contracts to be upgradable. I want these people to, to in quotes, vote with their liquidity. So, you know, if you, if you preferred the changes I did in my V2 upgrade, then you withdraw your liquidity from the V1 solution and deposited into the V2 solution. And I liked this idea of voting with your liquidity, and I’m still a fan of that. So, so after, you know, we get through this off-chain, social informal governance solution, and we get to a codified solution and say, there needs to be a massive system upgrade. I want that to be a new system and you with your liquidity vote to move on to the next one. So, so, but, you know, that’s, that’s, that’s my opinion. And at this point I have very little say in governance. So, so I’m curious to see what comes out of it. But yeah I think “informal governance” is a very nice descriptor currently.

Tarun Chitra (00:09:27):
Maybe this is a slight technical nuance, but, you know, I, I think that the idea that contracts have to be fully proxy upgradeable is going to change soon. How do you feel about some of the other solutions for, for upgradeability, like diamond storage and stuff like that. And do you, do you view like the next versions of Yearn, trying to take advantage of some of those new, new methodologies that don’t force very large rewrites to the contracts, but allow people to have more spot changes in governance? Do you think those will be the first that get codified or, you know, things like that, like, maybe on the more technical side, but like what types of things do you think will be reliable.

Tarun Chitra (00:10:20):
And could you define for our listeners, Tarun, what does it mean for a contract to be proxy upgradable and what was the other.

Tarun Chitra (00:10:28):
Ah yes, sorry, diamond storage. It’s a very, it’s kind of a very new thing. People who are not crypto native developers, but have done a lot of development with kind of languages that are closer to the OS. So, so the rust and C++ type of worlds will kind of recognize the dis this type of stuff as, as like as a stuff that exists in normal programming. One of the weird things about solidity is that when you want to upgrade a contract, these proxy, upgradability methods, you basically have to have sort of a two contract structure with one contract, that’s the main end point that the user uses and, and it points to another contract and that pointer can be updated by, by users. So the idea is that every time you want to redeploy Compound governance, you basically have to make a new comptroller and then point the proxy contract, which is the contract the user goes to when they go to app.compound.finance.

Tarun Chitra (00:11:38):
And you, you governance upgrades, the contracts pointer in memory to like the new contracts. The way governance works is is you, you as a participant in governance who wants make a proposal, if you have 1% of COMP you basically write your own new comptroller with all the edits and changes you want in code, and then you deploy it to Ethereum main net, and then you initiate a governance vote. And the governance vote is voting on whether to move the previous, the pointer to of the controller from the previous one to the new one. The problem with that is you kind of have to replace the whole thing and governance is voting on this one address change, which could go to an arbitrary place in memory.

Tarun Chitra (00:12:28):
And I think some of Andre’s worries are probably of this fact that it’s kind of, it’s, it’s a little bit of the wild West, right? There’s no safety barriers on this, this type of thing, because it can be, it can point to any deployed contract. So there can be tons of crazy, very low level bugs in that let alone like other things. But there’s a bunch of newer solidity features Solidity like 6.4 and stuff that are starting to look like normal programming languages, where you can, you can kind of select certain functions and allocate memory and space to them in a way it’s just like that your governance contract could theoretically only affect that local function instead of having you know, redeploy the whole contract. So I, I’m just kind curious, do you, do you, Andre view the, the kind of the, a lot of these programming language updates as, as, quite as things that might make, make it more easy for you to, to, to imagine doing a fully codified form of governance?

Andre Cronje (00:13:39):
So, so again, this is, this is my personal comment, and it might change drastically depending on, on how governance is swayed. I think there’s, there’s a real beauty in immutability this, this idea that, that, and, and when, when I started developing solidity this, ironically, this was the thing I hated most, the fact that, you know, I had to constantly, if I wanted to change something, redeploy a contract, because you know, in, in, in any other developer world, like, like doing an upgrade or a patches is one of the easiest things. And all of a sudden this, this was one of the biggest barriers to my development is that I just couldn’t actually update these systems. But, but, but as I’ve continued, I, I actually really love immutability the idea that this is exactly how it is, and this is always exactly how it’s going to be.

Andre Cronje (00:14:37):
And it cannot be changed. And, and I, I, I actually want to end up there. Now there’s, there’s definitely a lot of benefits to doing, you know, more proxy upgradeable or more like cause cause there’s, there’s a few like memory designs you can also do with proxies where, you know, you save, you save the store information in a different contract and then the actual execution is, is different. So you can swap those out and point to a different one. My, my, my not concern my, my personal dislike with, with solutions like that is, is that what, what I look at now and what I review now can be very different in a year from now. And, and I’m personally not a huge fan of that. So, so, so, so I guess governance might be a little bit of a misnomer.

Andre Cronje (00:15:34):
The way I originally envisioned it, because the way I had originally envisioned it is that is that governance are sort of the, the, the, the, the let’s call them the, the architects of the solution. And they’re going to use things like the forum discussion platform and all of these things to, to, to build out the architecture and decide what the solution needs to look like. But, but once we’ve decided what everything needs to look like, then, then it’s immutable that that’s done. There’s, there’s no more discussion. There’s no more upgrades, there’s no more change. It might still have control over smaller things, you know, maybe like fees or, or a strategy change. But, but ideally I want it to become I, I almost wanted to disappear, you know, it right now, it’s, it’s the core focus, but it’s, it’s like starting a new project, you know, when, when, when you’re when you’re a startup everything’s exciting and it’s always new and there’s lots of problems to solve, and there’s lots of ideas to discuss.

Andre Cronje (00:16:35):
And as you formalize over time it becomes more solidified and, and you end up with sort of just the operational pipeline and, and you just have to, you just have to keep that you just have to keep that maintained. And then the system keeps going. Me personally, I want to see that discussion turn into that immutability and then finalized. I, I definitely understand the value in proxy upgradable solutions, but, but I think that’s, I, I think that’s coming from a traditional development mentality. I again, one of the beauties that attracted me to this space was the immutability, and that’s one of the things I want to leverage more than anything else. Because I think, I think that immutability also gives a lot of security.

Hasu (00:17:28):
So I completely agree with that. And I think both me and Tarun, we are both big fance of immutability and minimizing the amount of governance because we both see governance primarily as an attack vector to be minimized. So in that -please correct if I’m misrepresenting your opinion –

Tarun Chitra (00:17:52):
A hundred percent. I was just asking this more because I’ve noticed a lot of contract developers starting to do these scoped governance kind of things. I’m just curious where on the spectrum you fell. So thanks for that answer.

Hasu (00:18:06):
So in that, in that context my originally article where we got to talk to each other and discussed how in Yearn there actually all parts of the spectrum are kinda represented, right? So on the one hand you have this informal part, not informal, but immutable part of the system, and Yearn V1, but then you also have one that’s on completely the other side of the spectrum, which is the vaults. So can you maybe tell what our discussion was about in your own words and the risks that I saw?

Andre Cronje (00:18:52):
Well, I mean, the, the, the, the risk factors there and, and so, okay. Alright. So let, let, let me first explain the risk factor, and then I’ll explain while I was laughing. Just now the, the, the risk factor was I, I, as a, as the private key holder, that is the controller am capable of updating a strategy to an arbitrary contract, I wanted to, and a strategy is what the controller allocates funds from a vault to. So a vault has funds. A vault by a proxy talks to a controller. This controller can update strategies. Governance can add a new strategy. And then if the controller points to this new strategy, what it could do is instruct the vault, Hey, here’s a cool strategy, put all your money in here, but meanwhile, that’s just, you know, an address I control and it gives me all of the money and all of your money is gone and I exit scammed.

Andre Cronje (00:19:46):
A massive risk, huge, huge, huge, huge, huge risk. Now, now people, people like to start talking about trust at this point, they trust me, it’s fine, blah, blah, blah, blah, blah. Like, it’s not about trusting me. It’s about that is a, a attack vector. What I mean by that is my key can be compromised because maybe my op sec is shit or, or, or someone can hold me at gunpoint and tells me I need to update this stuff. Or, or I I, I could die in this moment and then you know, that stuff’s not upgradable anymore. So, so there’s a lot of, there’s a lot of contingencies required. And, and that’s why with the V1s, I kept my keys for as long as I needed to, to add a new lender. So for example, back when the USDT first launched cUSDT wasn’t available, but I knew it was coming soon. So I kept my keys so I can upgrade it. So that Compound was in that list as well. And after I upgraded it, I burnt those keys because that makes that system secure. It doesn’t matter if someone tries o attack me, there’s, there’s nothing they can do to those funds. And, and, and since I have my money in there, that’s the comfort I want, because at the same time, if, if, if I could, in some way access those funds and my key could get compromised, then, then there’s nothing I could even do to try and stop that.

Hasu (00:21:12):
If I can interject for one second – for our listeners – how can you prove that you destroyed a private key?

Andre Cronje (00:21:19):
Okay. Well, I didn’t destroy the private key. The address is set to the burner address. So in Ethereum, you have the 0x0 address which, which, I mean, it, the possibility does exist at the private key for that address can be found. You’re talking about, you know, insanely small margins here, but, but it does exist. And if you get that key, you’re probably not going to worry about exploiting most of the systems. You’ve probably just be happy with the like $300 million that’s in there. But, but, but when I say “burn” in quotes, it means setting that address. That’s allowed to perform those duties to that 0x0 address, which as a community we’ve decided is a highly unlikely chance that anyone’s going to be able to do to get that key and control that account. So, so that’s what I mean with “burn”.

Andre Cronje (00:22:05):
Not once, once you have a private key, you, you can’t really, you know, destroy it. I mean, you could argue that you deleted any copies you might’ve had, but you know, that’s, that’s not a provable metric. It’s, it’s, it’s like when I handed over the tokens through the multisig, you know, like all of the multisig owners were asked by social validation to prove that they owned the key I specifically don’t have a key, but I can’t prove I don’t have a key. So there’s, there’s, there’s this, you know, “don’t verify don’t trust”. That’s, that’s what makes our ecosystem what it is today. And, and so, so, so that’s, that’s, that’s originally where our discussion started.

Andre Cronje (00:22:51):
And one thing to point out about that, that in quotes “article” when, when I originally, when I originally spoke to Hasu and I originally told him his article came across as very adversarial it’s because none, none of the, none of the V1 systems were mentioned, you know, that that is immutable and doesn’t have a key or, or the parts that I have handed over. And, and, and that was just because from, from, you know, there’s, there’s so many contracts in the system, and there’s so many interactions that, that I, myself, sometimes lose scope of everything, all of the moving parts. So someone that’s going to do research on this, they’re going to start at the top level and work down. And once you see red flags at the top, you assume them all the way down. That’s, that’s, that’s normally a very, very safe assumption. But know, I, like I said, after the discussion we, we, we pointed out the areas that have a risk. So as mentioned, you know, the, the vaults right now are very, very risky.

Andre Cronje (00:23:55):
And now, now, now the next area, which is important to talk about. So, so the one part is this key being able to make updates. The second point of that is the timeline in which that key can make updates. So, for example, again, if we take something like Compound, which is a very good governance standard, it takes at least two days, normally more, for an update to occur, which is a good thing. Because this gives LPs that have their funds in that system time. Now, now there’s, there’s an argument about how much time is enough, you know, for $4 billion worth of assets to be informed. But there could be let’s, let’s, let’s say the comp token is somehow compromised and people decide they’re now going to vote to upgrade the proxies to a malicious address. That’s going to steal all the funds and they vote. Now there’s a 48 hour clock that starts before they can do that. That is enough time for the community to create enough panic so that people move their funds. And, and that’s another part that’s very important.

Andre Cronje (00:24:59):
Now, now that’s the next thing that Hasu pointed out as well, which, which was good to point out, because right now there isn’t a time change on the controllers. And the predominant reason for that is so that I can quickly make a change, should something go wrong. For example, the very first vault I deployed was using the BPT strategy. The BPT strategies price in quotes oracle could be manipulated by doing flash loans on the other side. And samszsun found this out, like within half an hour. So he’s just a phenomenal resource. And, and with, because there was no time delay, I could immediately swap out that strategy, which immediately returned all the funds to the vault and that managed to protect the solution.

Andre Cronje (00:25:40):
But even though it now in quotes, again, it’s a good thing because I can adapt the system quickly enough should changes need to occur again. If we take that back to the risk factor area of me being compromised, or my keys being compromised or anything like that, then that’s very dangerous because that means that there’s no time to change if something goes wrong. And this is why I mentioned my tweet as well, that, you know, there’s, there’s this, there’s this massive trade off between security. So if we look at something like my Yearn V1 systems, which I, I think are as secure as, as a solution can get, because it’s not upgradable, it can’t change, with the exception of one of the underlying systems being compromised, it itself is secure versus something like the vaults currently, which, which are incredibly high risk, because That, that, that the fact that I can make the update, that’s a risk on its own. The fact that I can make that update immediately, I think exponentially increases that risk which, which is why. So, for example, with, with the token, the token has already been handed over to Timelock governance. So it’s at least three days for an unlock to occur. And that’s only to move it to a different contract, which then as well has a Timelock solution on it before it can actually mint anything. So should something happen there. You know, it’s going to be at least six days before anything can happen and that’s enough time for, for users to be informed. But the reason I could do that is because I was comfortable enough with the solution that it didn’t need to be updated quickly. If, if, if samczsun had identified this vulnerability and it took me three days to update before I could protect user funds, then that’s a very different story.

Andre Cronje (00:27:23):
Now that comes with a quid pro quo as well, because if I could update it, I could at least inform users and hope that enough users managed to get their funds out before something bad happened. So there’s a trade off there as well in terms of execution time. But the, the, the opposite side of that is also why I’m currently keeping it the way it is, is so that I can stick to my rapid pace of development, because I can deploy new strategies a lot faster. I can fix existing problems, a lot faster, and, and this is the same how I did my original V1 until it’s battle tested and it’s proven, then at least as long as the strategies are mutable, I can hand it over to Timelock, which I already prefer as a solution. And then when that is also more solidified, can hand that over to codified governance as well.

Andre Cronje (00:28:11):
Because this, this sort of goes back to that, that, you know, immutability discussion where, where that’s, where I want to get to that’s the final solution. But any engineer or developer will also tell you, you know, the, the first, the first prototype they released or that they built is, is not the final solution. Like after, after a few iterations on top of that, you get to the one you’re happy with, and then you can say, this is good. I can, I can leave it the way it is now, but, but it’s, it’s, it’s a path you have to walk to get there. And so with the vaults, I’m currently walking that path and we’re going to get there. But while we are walking that path, LPs do need to understand these risks. And that is why I, again, I’m actually a little bit annoyed that it’s starting to turn into a meme because like the, the, the reason I say things like “I test in prod, do not use these vaults unless you’ve read the contracts, do not use them with funds unless you’re willing to lose them” is because I’m, I’m, I’m looking for other people to help vet, you know, and I’m looking, I’m looking for, for the people that are capable of going through these solutions to go through these solutions.

Andre Cronje (00:29:21):
I mean, at, at, at the, at the complete other end of the spectrum, I’d love to do this a hundred percent in an, in an active participation Testnet and then be able to afford the audits, which, which with my current funds is just not something I’m capable of doing. So, so there’s, there’s this sort of limited way you have to start in.

Andre Cronje (00:29:40):
And, and one of the things, that, that, you know, Hasu also mentioned, and I think we’re going to see this more as well is, you know, why not add limiters onto that solutions? Why not add a cap that an individual can only deposit X amount and the total solution can’t be more than Y amount. Two reasons why I don’t implement those solutions. The, the predominant reason is, is simplistically gas. Even, even if it’s a one line check right now, it’s, it’s insane.

Andre Cronje (00:30:07):
I mean, I was comparing ERC20 transfers today versus something like aToken, Aave token transfer. And I mean, it’s, it’s a difference of, of it used to be, you know, 20 cents and it’s already eight bucks for a ERC 20. And it’s something like almost 30 to 50 bucks for, for an aToken. And I just think this is going to get worse. So, so that’s, that’s, that’s, that’s one of the primary reasons, but another reason, and it’s probably not good to say this one, but, but the best scrutiny comes when there’s the most risk. And what I mean by that is if I deploy a solution and there’s, there’s a thousand bucks in there, no one scrutinizes it, no one, no one puts it under the microscope to see what can potentially go wrong. If it is open and people know, potentially people’s funds will be at risk.

Andre Cronje (00:30:56):
Then it comes under a lot of scrutiny very quickly. And I find that’s a lot faster way to actually get the net result of is this safe? Is this secure? Should this be usable? I do think now that picture might start changing. I like the idea of channeling, you know, system funds and stuff to pay for a lot of these audits. So, so I I’d like to see it be voted to the point where it’s a little bit less cavalier than I have it now. But before any of this stuff, and before the massive AUM and TVL that the system has now, you know, the fees weren’t of such a point where I could cover it, but now I can. So yeah, that’s, that’s, that’s hopefully a step in, in a, in a better direction. But yeah, that’s, that’s, that’s how we got onto this original topic and the different risk areas that, that people really should be aware of.

Andre Cronje (00:31:50):
And, and that’s why I spoke about this a lot on, on some of the other discussions I had as well where, where in crypto, you have this beautiful thing where you actually own your money, you actually own the things that have value, and you can see exactly where it goes. And, and I think there’s, I, I think there’s a responsibility that comes with that. So if it’s, if it’s my funds, I, I get to always be that owner and custodian. But by that same measure, I should be aware of where it goes. We, lot of different crypto movements support this idea of, you know, if it’s, if it’s money in the bank, it’s the bank’s money and you don’t know what’s going on, but, but it feels like we’re, we’re bringing that same mentality back to crypto tight now where we don’t care about that, that privilege / responsibility anymore. We’re just throwing our money into stuff, which, which I also think in itself is dangerous. And I’m now, now I do think in Jan/Feb, the sort of I remember calling them the, the, the crypto police where we’re a little bit too quick to shout and scream, but that was a good reaction given most of them came from, you know, a 2017 scam market. But, but I think right now, we’re, again at a point where people are not shouting and screaming enough where, where we’re back to, to, to dangerous levels of acceptance and dangerous levels of lack of responsibility. But anyway, again, I went off on a tangent, but, but, but that’s how we originally started discussing. And what the risk factors was you identified,

Tarun Chitra (00:33:41):
With regards to that actually, you know, how, how do you feel about the kind of you know, it’s, it’s maybe not totally related to governance, but I think it, it does reflect how this current runup in governance token and yield farming and stuff has, has, is, is different than, than 2017. How do you, how do you feel about a lot of the, kind of the, the, the, the turncoats as I call it, there were a lot of big sort of self-proclaimed Bitcoiners who, who are, you know, for, for all of the bear market, 2018 were, were, were parroting “not your keys, not your coins”. And now they’re marketing YFI forks. So how, how do you feel about the fact that, you know, maybe even some of the people who were proclaiming this message of safety and trying to get people to feel like they really own their money, somehow turned into a, you know, once they saw a thousand percent APR numbers, again, it’s back to the metric, they suddenly throw out all of their scruples and, and, you know, I think you can guess about who I’m talking about and all that.

Andre Cronje (00:34:58):
Ah, yeah, don’t, don’t, don’t worry. I, I I’ve, I’ve privately to some close friends, been complaining a lot these last few weeks because there’s, there’s a lot of the Jan/Feb, crypto police who were the people shouting the loudest to be careful that are now actively promoting stuff that I don’t consider safe. I think an apt quote was you, you either die a hero or live long enough to see yourself become a villain. I’m, I’m tempted to say we’re kind of in that space at the same time. I want to, I want to give the benefit of the doubt. And I want to say, look, a lot of these people have been the one ones that have been trudging through the bear market with everyone else, because I can, I can count on my hands, the amount of people that have kept trudging and building and continuing to innovate this last, you know, two years plus when, when, when everyone else left.

Andre Cronje (00:36:20):
And at the same time in the last three months, the amount of those people that have come back out of the woodwork, that, that secretly have been working on a stealth project that are now ready to launch and blah, blah, blah. But anyway, that aside, even though I’ve clearly shown my bias now is, is the, the benefit of the doubt I want to give is that these people have suffered through these last few years. And now is a time of euphoria, people are, people are happy. Things are going well, which to me are also indicators that stuff is about to go very, very wrong. And, and I think they’re, they’re getting caught up in that euphoria and exuberance. And to, to the point where, where, where they’re just falling in line with sort of the rest of the culture.

Tarun Chitra (00:37:12):
Because, because back then, when you were, you were promoting that kind of security and thing – I don’t know, I, I might not be the best person to, to have comments on this because I have fairly strong comments on this, but, but I also think a lot, a lot of these let’s call them influencers, do whatever the crowd sways. So, you know, back then you got the followers and you were the one that people listen to because you preach that. Now, when you preach that you get shut down, you get cancel culture. Like I’ve, I’ve seen it on the people that are, that are mentioning this, this duality between responses where, you know, in, in, in Jan/Feb, you were you were irresponsible and you were, I’m trying to, to, to, to choose keywords. I’ve been reading you, you were irresponsible, but now a similar incident is, is a, is a accident is a, is an acceptable accident. You know? So I don’t know, like, like, like I do think again, back to the quotes you either die a hero or you live long enough to be a villain. I think it’s very apt that that quote was, you know, Harvey Dent, Twoface. So probably applies a lot more. But, but, but again, now, now I’m talking about my, my own perceived feelings towards a lot of what is currently happening in the community, which, which I I’m, I’m trying not to be a downer, but, but that’s causing me concern.

Hasu (00:38:56):
Yeah. In the context of the community taking control of the narrative also exuberant behavior all around us, I guess we could count the launch of the YFI token into that category. So I would like you to walk us through the launch process. What was your, what’s your idea behind creating this token and how did it launch, and is there anything you regret about how things played out?

Andre Cronje (00:39:26):
Okay, well, let’s, let’s, let’s first go into the process and then let’s go into the regrets the process itself, and this is, this is where I get. So it’s a pet peeve when people call it “liquidity mining” or “yield farming”, because it, it was purely meant as a distribution process. I, I, and, and that’s why there was, there was zero thought process in, in cap, in tokenomics in, in any of the stuff I decided, I want this, this social construct that can help architecture this eventually immutable solution that, that could capitalize on these current market inefficiencies. And to do that, I needed to get the token into the hands of people like me, which is why I incentivized things like using the, the Yearn system, because these are people that care about sustainable yield, and then, you know, LPs and then governance participants, because these were the three qualities I wanted to have in people, they needed to understand how to be LPs and use these systems.

Andre Cronje (00:40:32):
I needed to be incentivized by, by sustainable yields and APRs, and they needed to be governance participants. And that’s the three pools that I incentivized. And it was that simplistic, supposed to be a distribution mechanism that goes to these people. And, and my original thought pattern was actually that look probably no one’s going to stake this stuff because, because the, again, the token’s value was [zero], it’s not a meme. It’s, it’s, it’s, it’s a strong statement I stick to because it’s supposed to just create the solution. Now, now the, actually, there’s, there’s a lot of things that have gone wrong with this token launch, but anyway, the, the, the biggest one being the fact that a price ended up being connected to it, because that, that attracted the wrong crowd. Like, like no, no disrespect to anyone that has it, obviously. But I, I published a few articles on this probably two years ago.

Andre Cronje (00:41:30):
Where, where back then I was, I was investigating the correlation between the manufacturing costs of an ETH or a BTC versus their cost [price]. So, so what I did and that solution is I looked at, I looked at the current, most used mining devices, their power requirements, their concentration, in what countries and what the cost of that power expenditure in any given day was because that gives me a, how much electricity does it cost to run the BTC network or to run the Ethereum network, because that’s, that’s your, that’s your production cost. So if you then take the amount of ETH or BTC created in a given day, and you divide that cost, that is the production cost of one item, and it should be slightly above that cost. And, and, and in bear markets, this model actually works pretty well.

Andre Cronje (00:42:29):
And I’m actually quite happy with its output. It creates a little band that I think is actually pretty accurate. But in comes the speculator and the speculator, isn’t using the token for what it should be used for. They’re, they’re, they’re removing it from supply because they want the price to go up. Now, now you have this problem where, where if too many speculators come into the market, okay, wait one step back. So, so the other, the other side on the one side, you have the manufacturer, and on the other side, you have the user. Now the user of Ethereum is someone like me that pays gas for computational execution, because I want this execution to occur on the Ethereum network, and I’m willing to pay gas for it. But now, if, if the asset generated is too expensive, I don’t want to pay for it. If the asset generated is too cheap, the manufacturer doesn’t want to manufacture it, because if it’s cheaper than the amount of electricity, I don’t want to waste my money. And if I’m the user and it’s more expensive, I don’t want to pay for it, which means it doesn’t go back into the ecosystem.

Andre Cronje (00:43:37):
But if it’s, if it’s within that manufacturing band plus markup, then me as a user is willing to spend it and manufacturer’s willing to create it. Now you add the speculator, they take these tokens out of circulating supply. This makes it more expensive. Now your users don’t want to use the system anymore because it’s too expensive to use, which means your miners are just creating it. Then there’s no value of really going, because it’s just going to the speculator. So, so, so speculators in this industry actually create a friction as far as I’m concerned with these solutions. And, and I saw it with YFI as well. When, when, unfortunately it started skyrocketing in price because it attracted users that did not have these three qualities I was looking for. I mean, nothing, nothing, nothing makes me more sad. When, when I see a Twitter post by someone going “lol, I don’t know what this token does, but I bought it because it’s going to go up” Like that, that destroys its purpose because its purpose is for people that share these qualities to help design and architecture and solution that they themselves would want to use.

Hasu (00:44:45):
Okay. Let me, let me interject there for a second. So I’ve heard you say that you believe the fair, fair value of a YFI token is actually zero. And was zero to start with, and that you don’t understand why anyone would pay money for them.

Andre Cronje (00:45:07):
So, so technically there is a calculated value and that’s obviously based on the rewards and fees. And I calculated that around $3, but, but I didn’t, I didn’t share that with anyone. And I didn’t communicate that because I didn’t want there to be a speculative value connected to it. That was supposed to be just sort of an offer of the fact benefit. Unfortunately after the first system payout occur, that definitely had a connection. And, and I was okay with that happening after distribution. It just from there got a little bit away.

Hasu (00:45:37):
That’s pretty interesting. So when you first launched the token, it did have a cashflow value. And so my first comment would have been that, I mean, obviously any governance talking can ultimately pay itself, any cash flows generated from the particular protocol and also add new ones. And so it does have a discounted cashflow that can be indeed pretty high. If the protocol has, has, has a moat and can, can defend these rents that it charges from users.

Andre Cronje (00:46:07):
Yeah. But I did not share any of this information at that time.

Hasu (00:46:11):
All right. But I mean, of course the users knew that they can turn a governance token into future cash flows. And that’s not something that I guess we, we can as token developers or whatever can hide from them.

Andre Cronje (00:46:23):
Yeah. No, I, I accept that.

Hasu (00:46:26):
So you’ve calculated the value of the talking based on historic or even projected cash flows to be around $3.

Andre Cronje (00:46:35):
Correct.

Hasu (00:46:35):
And then this, this distributing the YFI drew so much attention to Yearn that the money that was deposited there and the resulting cashflows actually skyrocketed, is that fair to say?

Andre Cronje (00:46:51):
That is a hundred percent accurate.

Hasu (00:46:53):
Yeah. So that’s pretty crazy. So just distributing the equity in a sort of, you could say to use a traditional markets example. So a company going public actually being such an attention driver, but it turns into such a revenue driver that actually have the self fulfilling prophecy of, I mean, now they’re token about you being like, I mean, it’s crazy, right. It’s 20, it’s 2000X. What you projected. It’s pretty insane.

Andre Cronje (00:47:25):
Yeah. That’s right. Yeah. Is it 6,000 currently? Probably hell yeah. 6,000 I think. Yeah. Yeah. So, I mean, now, now I, I I’d be lying if, if I, if I wasn’t saying there, there were times I was definitely happy about it. Cause it was cool and it was exciting and everyone was happy. But that, that, that, that came with it not necessarily attracting the right crowd. And that also came with, I, I cause, cause like I’m, I’m still very happy with the distribution and how it occurred, but, but there are definitely a few very, very powerful whale and, and their vote does sway a lot. And, and, and that also gives me concern because when, when you have that smaller voter stop voting, because the mentality is my vote won’t affect the outcome. So I’m just not going to vote. It’s the, it’s the one vote doesn’t count mentality.

Andre Cronje (00:48:25):
And that in itself is a problem as well. So yeah, there, there, there have been new problems created because of that. Which, which, again, I’m, I’m, I’m happy to, to, to challenge and fight and to see where it goes. My, my, my, my biggest concern with, with the price is that, and, and, and this is just from my crypto experience, right? Is that nothing, nothing keeps going up forever. There’s, there’s a point when that changes. And you know, maybe it’s for a new product. Maybe it’s, people just don’t believe it anymore. Maybe it’s a hack. I don’t know what it is, but, but there’s, there’s an event that can cause that value to the client. And it might recover again later on, but there’s always an event that makes it decline. And that’s, that’s I think a rule and, and my problem there is the product, and, and this is already happening is that when people talk about my product, they, they talk about YFI.

Andre Cronje (00:49:26):
You know, they don’t talk about a Yearn. Because somehow the token in itself is a product. And like, it’s, it’s, it’s not. So, so the reason why, why I don’t like that association is because, you know, right now Yearn is fantastic and Yearn’s is amazing. And people trust Yearn, because that little, that little YFI token keeps going up in value. If that starts decreasing in value, and I’ve seen this happen to other projects and other communities, then all of a sudden Yearn is shit. It doesn’t work. It’s stupid. Why are people using it? You know, and, and, and I, those fluctuations to me are detrimental to the longevity of the product. But again, this is, this is personal bias. It might not play out this way. I’m basing this off of, you know, what I’ve seen being in this industry the last few years.

Andre Cronje (00:50:18):
And, and, and that’s also why I didn’t really want this association with it to, to, to, to, to be plain about it. I actually thought that not a lot of people are going to be mining it, and I’ll probably be one of the biggest miners. And then I’ll take what I mind and redistribute it the next week, again, in a similar fashion and keep doing that until the dilution was at a point where I was happy at inversely so much capital flowed in that, that, that my share was insignificant to the point where, you know, I wasn’t really contributing, but like, it, it definitely did not play out the way that I had intended it at the same time. And this is a positive, you know, it’s, it’s attracted a, a user group that is, that is so well connected and has so much more experience and knowledge than I do.

Andre Cronje (00:51:12):
I mean, I’m, I’m, I’m seeing the work that, you know, people like Substreight or Andrew were doing on the original proposals and then with like Gauntlet and Delphi now and like people contributing and, and it’s, it’s, it’s phenomenal. And the Framework guys, Vance and them, what, what they’re doing on like strategy side, et cetera. So, so it also comes with a lot of positives. So, so I don’t just want to frame the negative stuff. There’s a lot of positives that also come out for it. And I do think overall it is, it, it is better in a positive light. But, but just specifically to focus around your question, things I would have, I don’t know what I could have done different.

Hasu (00:51:54):
Yeah. So you, you talked, you mentioned Bitcoin mining briefly. I’d like to go, I think we can draw an interesting parallel from there because I wrote a paper where we simulated basically how Bitcoin is secured. And we found that it’s mainly secured by the miners having a lot of skin in the game and how much skin they put in the game. That is, that is a product of basically how much Bitcoin spends on security by printing its native token and distributing it to miners. So in that sense, the higher, the Bitcoin value is right, the more skin in the game minus half, and the more secure the Bitcoin network is. And since Bitcoin users value the security a lot, it becomes like it gains utility for them. So I guess I want to ask if you see a similar thing, if you don’t see a similar thing in in Yearn where the higher, the token value of, of, of YFI is the more skin in the game governors have, and doesn’t this force them to make better decisions?

Andre Cronje (00:53:07):
So, so while I can’t comment exactly on that, even, even though I, I do with the statement, agree, what, what, what, what, what you just said that draw an interesting comparison to me in that, in that what I wanted to do with, with the token was get it in the, of people, you know, that, that, that has that, that let’s call it creative / intellectual capacity to be able to, to manage the system and manage the strategies and those kinds of things. And, and given the value of the token, you know, it’s, it’s, it’s, it’s attracted probably the best of the best in the industry. Because as you say, that value gives them so much skin in the game that, you know, if that was trading at my original numbers, these, these, these, these bigger firms and these bigger players would probably not have been interested because it would have been, you know, such a tiny, insignificant blip on their portfolio. But, but now that it has such high value and, and it probably captures a fairly significant segment of their portfolio. They’re, they’re all very, more vested into making it succeed. So, so, so, so like Bitcoin and the security budget, I think maybe you can call this like an intellectual budget. Like, I don’t like that word, like more creative or architect or something like that, but

Hasu (00:54:39):
So I think that term security budget, since like Tarun, and I see governance as an attack vector on a system that needs to be closed. And I mean, in the sense that the governors can do, or am charged with managing the protocol, and if they are not sufficiently incentivized, then you know that they can do stuff that’s not maybe in the best interest of the protocol. So I think that the term security budget or governance budget is actually, it does apply to DeFi projects in the same way that it applies to these base chains such as Bitcoin or Ethereum

Andre Cronje (00:55:15):
Yeah. I tend to agree. That makes sense. Cause cause if, if, if that budget incentivizes you to do this part is interesting and I’ll see, see how it plays out. So, so the things I wanted to mention is, you know, the, the token holders making the best decision for the system Yearn versus token holders, making the best decision for YFI, which, which are potentially two separate solutions because and I think this is going to rely on, on sort of a iterative market testing cycle, but, but you know, the, the, the YFI holder might be an let’s take something simplistic, like, like fees. For example, the YFI holder might be incentivized to vote for 50% fees because more revenue, more dividends. But at the same time, you know, that, that pushes away the LPs. Now you have less AUM, which means your 50% is more, but your AUM probably decreases by a similar value, if not more significant.

Andre Cronje (00:56:28):
Yeah. that’s that, I’m, I’m just curious about that one. I’ll I’ll, I’ll, I’ll be interested to see how that plays out. Cause, cause like originally if we take the very first proposal, right, alright, minting more [YFI]. The original narrative, there was people didn’t want to meant more because scarcity will increase value. And I hate that argument cause that was, I was such a narrow minded, token focus and not protocol focused. And then why a lot of the, the big players voted no was, was not to not issue, but to better understand, so they can make a better informed and a better designed decision. Now, now that on the opposite end of the spectrum is a very cool reason of why it was voted against you know, I’m going off on a tangent again, but, but, but yeah, I do agree that the value that it has inherent now is, is a net benefit for the system. And not only the, the, the intellectual and creative capital it’s attracted, but, but probably also the security, it adds to the solution because, you know, in, in the most basic examples, something like a bribery attack is so much more difficult to execute now because your initial capital expenditure to actually accomplish that is so much higher which I feel this is a point to add a stab at ETC, but I’ll leave it at that. So yeah. Okay. I, I concede that t.hat is pretty cool.

Tarun Chitra (00:58:07):
Yeah. I guess, you know, one, one, maybe last thing I kind of wanted to cover a little bit is you know, in normal markets speculation, especially on price is almost a necessity for, for both price discovery and making sure that users are invested. Also for ensuring that you know, even if the just kind of cash flows are hard to account for, participants can express their views. So, you know, I know you initially said you were hoping that there weren’t speculators and it would mainly be users. And, you know, we kind of talked about how the speculators, in some sense brought brought you a lot of creativity and, and, and an interest in the protocol and new thoughts and competitors and clones, right. Imitation is the best form of flattery. But you know what, you know, I, I think all of these types of products eventually need to have some sort of stable, stable ish equilibria of, you know, real users, LPs speculators, token holders. What role do you see speculators as having in an investment product that sort of this decentralized and hedge fund / mutual fund type of vehicle you know, how, how, how stable do you, what type of equilibria do you see as kind of the long-run community? And do, do you feel like YFI token holders will have too much of a say, or do you think that liquidity providers and YFI token holders will become one and the same and become sort of a single lobbying group?

Andre Cronje (00:59:56):
I, I can’t comment much on where I see that equilibrium with the speculators. I, I’m not informed enough, but I, I, I do hope that liquidity providers and, and governance participants are one and the same. That, that is my absolute ideal scenario. Where, where the LPs and the token older have the same vested interest in the solution. On, on the other hand, I’ve done a few Twitter polls on this too, to try and gauge interest because it goes on the one hand, something like my delegated vaults. So, so it has a health factor target that it tries to maintain to make sure the vault is healthy and can’t be liquidated. And, and the poll asked, you know, who should be making that choice? So, so option number one, should I have multiple vaults with different health factors? And you decide where your liquidity goes?

Andre Cronje (01:00:53):
Option number two is, you as LP provider, your LP token is used to vote and set that value or should governance do it because again, those, those are, those are three different solutions to more or less the same outcome, but, but I’m, I’m, I’m quite often torn between which design pattern do I do for the LP versus which design pattern do I do for governance, because they’re not necessarily one and the same. So, so I, I can categorically answer if they were one in the same absolute best outcome solution while they aren’t, I do find myself jumping between different design patterns in terms of, of who gets to make this choice because you know, where, where the risk is on the LP. I do want them to be able to make the choice, and they’re not necessarily a token holder where the benefit is to the token older, but not to the detriment of the LP. I do want them to have that kind of decision making power. But again my opinions, not necessarily the outcome we’ll see from governance but, but I have lately been struggling with, with that exact dilemma actually. I, I don’t have an answer for it. I need more data.

Tarun Chitra (01:02:14):
I will say much of, much of a layer one crypto has spent much the last eight to 10 years searching this design space. And I don’t know if anyone’s found a particularly satisfying answer. Maybe. I don’t know if I think Hasu probably agrees with that, but so, so I don’t think the easy solution exists anywhere, but, you know, it’s always good to try a new model.

Andre Cronje (01:02:43):
I think at this point, YFI governance has a collective intelligence that like, I, I’m definitely not capable of, and I have not seen, I mean, a lot of these discussions I read and then I’m like, wow, that’s actually really good. I would never have thought of that. Which, which again is why I’m really excited to see what gets formulated from this. Because there’s, there’s so much more opinion and weight now in the discussions that I think we, we, we might see a solution we haven’t seen before. But I have to admit at this point, I’m along for the ride. I like, I know what I want to do on a technical level, and I don’t want to build this out until it’s a finalized solution. But, but like what’s happening with governance and those decision making skills, I’m, I’m a, I’m a fond spectator.

Hasu (01:03:35):
I’d be curious how you plan on expanding the project, have you any ambition of working with other developers, like making this into a team and how do you plan on funding that, what are the funding options available?

Andre Cronje (01:03:51):
I mean, system rewards is the easiest one to tap into my, my one concern with them is, is right now they are kind of stupid high, but that’s just because there’s so much excitement and there’s so much turnover and there’s so much yield. You know, it goes back to, to, to Jan, to March kind of timeline. Then it’s probably not enough to run a, a, a team as big as I would like. So we’ll see how that turns out. I mean, there’s currently voting in process through to see if those funds go to these kinds of operational expenses were for, for an upper cap. Cause, cause I, I, one thing I don’t like, and this is the thing where, where the anonymous teams and Satoshi definitely did it correctly, is that it’s seen as, as “Andre’s project”, you know, and, and, and to me, for as long as that association remains the protocol on itself can’t stand on its own legs.

Andre Cronje (01:04:54):
Cause, cause, cause the protocol is good, it does its job and it does it well. And I want, I want it to be recognized for what it does and not me to be recognized for what it does, you know? So, so I do, I do want to distribute the developing responsibilities and capacities in, in as wide a way as I possibly can. But right. It’s, it’s, it’s still mostly an unknown. I’ll, I’ll, I’ll, I’ll have to see what governance is willing to make available and in what fashion and, and I’ll work within those bounds, I’m fine with that. I’ve, I’ve had quite a few developers approach me and say they want to help on the project. And then I’m like, awesome. And then I, I tell them what they can help with and then they, they ask how I’m gonna pay them.

Andre Cronje (01:05:41):
And then I’m like, well, I’m not. And then they stoped talking to me. So, you know, we’ll, we’ll see how that side goes, but, but I do in, in, in an ideal world, I’d like to remove myself completely from the picture. I would like it to be handled by open source contributors from wherever the hell they feel that and, and see it built out that way. Cause, cause I do think too much of the direction is currently in my hands. But again, I’m, I’m rambling and I’m not focusing on your exact question. I, if the funds are available, I’ll definitely source and build out a team. I mean, that’s what I used to do. But right now it’s, it’s up in the air about how that’s going to play out.

Hasu (01:06:40):
I don’t think we have any other questions. So I’m there. Thanks so much for coming on the show and giving us your perspective on, on the the history of Yearn Finance and a lot of great insights on governance in DeFi in general. So thank you for that. Thank you for, thank you to Tarun for co-hosting. It’s been my pleasure.

Tarun Chitra (01:07:11):
Yeah. And thanks. Thanks Andre for the, the tour into your personal philosophy. I think I didn’t, I didn’t know a lot of that stuff about how you thought about this and I didn’t really get that from some of the other podcasts that was really good to hear kind of some of the more low level philosophical thoughts that drove design decisions and decisions you made. It was really, really interesting. And thanks Hasu for putting this together.

Share this post

Twitter
Facebook
LinkedIn
Reddit
Email

Leave a Reply

Further reading

Evangelizing Bitcoin

There are many similarities between Bitcoin and the universalizing religions, and much for Bitcoin to learn from them.

Bitcoin and the intolerant minority

The concept of the intolerant minority is frequently misapplied in Bitcoin. Bitcoin is less defended by an intolerant minority than it defends against an intolerant minority.