Risk Management Framework for Popcorn's Products


This proposal is intended to introduce a risk management framework to be utilized by PopcornDAO and the Popcorn user where liquid asset strategies are assigned a risk score that an individual can use to filter when selecting a product. The framework can be applied when assessing products by both the Popcorn core team and Popcorn’s users.


It can be inferred from the White Paper that the redistribution of fees to PopcornDAO’s community selected nonprofits and social impact organizations is a function of TVL and on-chain activity. If an increase in both TVL and on-chain activity is a function of an increase in yield-generating products that incentivize users to deposit capital, then we can hypothesize that with a broader range of liquid asset strategies, from low-risk to high-risk profiles, will increase fee redistribution. A risk management framework not only clarifies what kind of products Popcorn creates, but allows Popcorn to create a wider range of low-risk to high-risk products.

Risk Management Criteria

There are 5+ risk vectors that are required to assess the safety of a product that were introduced by Yearn and can be applied to Popcorn’s products:

  • Audits
  • Code Review
  • Complexity
  • Lifespan
  • Protocol Risk

The higher the score, the higher the risk per vector.


An audit is an assessment of the codebase by an audit firm or external security researcher who looks for any potential vulnerability and reports on the vulnerability and risk mitigation.

The risk score helps us prioritize which strategies should get audited first, based on impact and other dimensions of scoring:

Audit Score
Less than 3 months ago + 3 or more independent audits by trusted firms 1
Less than 3 months ago + independent audit by a trusted firm 2
Audit by trusted firm or security researcher took place 3+ months ago 3
Audit by trusted firm or security researcher took place 6+ months ago 4
No audit by a trusted firm or security researcher 5

Code Review

Code review is an internal audit where Popcorn core developers review the code.

Code Review Score
5 developers (2 internal, 3 external) 1
4 developers (2 internal, 2 external) 2
3 developers, 3+ months ago 3
2 developers, 3+ months ago 4
0 - 1 dev of the code only or most recent was done 6+ months ago 5


A yield-generating strategy can range from low-risk (simple strategy) to high-risk (advanced strategy). The more lego pieces required, the higher the complexity.

Complexity Score
Simple - easy to migrate/unwide. No leverage and zero public unrestricted methods. Is highly unlikely to have a loss. 1
Simple - easy to migrate/unwind, has health check 2
Complex - Has loss potential, withdrawal fee or requires detailed queue management to avoid losses. No health check 3
Complex - uses leverage or debt, >3 calls to unwind, no health check 4
Very complex - uses leverage or debt, >4 calls to unwind, no health check 5


How long the strategy has been running live on popcorndao.finance:

Lifespan Score
8+ months live 1
4+ months live 2
1+ months live 3
<1 month live 4
New code with no audit 5

Protocol Risk

Popcorn assesses protocol safety by performing due diligence on the protocol, evaluating its audits, bounty program, historical success, decentralization, and team.

Team Knowledge, Testing Score, and TVL Impact

These are potential risk vectors that can be applied in the future when assessing product safety as well.

  • Team Knowledge: Measures the expertise of each team member for the strategy

  • Testing Score: Measures how much of the codebase has been tested

  • TVL Impact: Measures how to allocate to new riskier strategies without having a catastrophic event in case of a hack or issue.

Overall Risk Score Proposal

A weight will be assigned to each risk vector depending on the importance of the vector. The overall risk score will be calculated using the weighted average of all risk vectors.

The overall risk scores will then be categorized as low, medium, and high by fitting the overall risk scores in a normal distribution.


By creating a risk management framework, Popcorn can maximize both its product offering and by virtue its fee redistribution to Popcorn’s stakeholders. A risk management framework immediately improves user experience and allows Popcorn to offer exposure to a broader range of low-risk to high-risk products.


More about risk management for yield-generating products:

  1. Intrinsic Protocol Risk:
  • DeFi platforms automate specific financial primitives in the form of smart contracts. The dynamics of those protocols carry dimensions of risk in DeFi applications. Intrinsic protocol risk refers to risk mechanics embedded by default in the design of a protocol. They still present important risks to investment strategies even if the protocols are working as expected.
  • Intrinsic protocol risk in DeFi comes in all shapes. In DeFi lending protocols such as Compound or Aave, liquidations is a mechanism that maintains lending markets collateralization at appropriate levels. Liquidations allow participants to take part of the principal in uncollateralized positions. Slippage is another condition present in automated market making (AMM) protocols such as Curve. High slippage conditions in Curve pools can force investors to pay extremely high fees to remove liquidity supplied to a protocol.
  • Intrinsic risk in DeFi protocols is one of the main examples of risk transference from centralized, human counterparties to programmable mechanics in a protocol.
  1. Exogenous Protocol Risk:
  • While intrinsic protocols are based on native dynamics, DeFi trades are often exposed to exogenous factors that alter the protocol’s expected behavior. Attacks exploiting the underlying mechanics of a DeFi protocol such as oracle manipulations, flash loan exploits or attacks that take advantage of bugs in the smart contract logic are prominent examples of this category. Recent exploits in protocols such as Cream Finance or Badger DAO highlight that exogenous protocol risk would be an omnipresent factor in the evolution of DeFi.
  1. Governance Risks:
  • A unique aspect of DeFi, decentralized governance proposals control the behavior of a DeFi protocol and, quite often, are the cause of changes in its liquidity composition in affecting investors. For instance, governance proposals that alter weights in AMM pools or collateralization ratios in lending protocols typically help liquidity flow in or out of the protocol. A more concerning aspect of DeFi governance from the risk perspective is the increasing centralization of the governance structure of many DeFi protocols.
  • Even though DeFi governance models are architecturally decentralized, many of them are controlled by a small number of parties that can influence the outcome of any proposal. This aspect is not as concerning as it seems as many of the large parties able to influence the outcome of DeFi governance votes are in that position only because of their active participation and alignment in the DeFi ecosystem – a clear sign of interest alignment.
  • From a risk management perspective, however, DeFi protocols are functionally exposed to governance attacks. In general, DeFi could benefit from more robust governance models. Firms like Andreesen Horowitz have outlined some novel DeFi governance models that are worth exploring.
  1. Underlying Blockchain Risk:
  • DeFi protocols take a level of infrastructure dependency on their underlying blockchain. Compromising aspects such as the consensus mechanisms on a specific blockchain can materialize into vulnerabilities on DeFi protocols running on that platform. A typical example of this are the so-called validator cartels in proof-of-stake (PoS) networks in which a number of validators collude to influence the rewards distribution in the network and can effectively stop the functioning of DeFi protocols.
  1. Market Risk:
  • We tend to obsess about the protocol and infrastructure aspects and often ignore the native market risk exposure of investments in the space. For instance, investments in non-stablecoin AMM pools are vulnerable to loss if the price of the assets diverges drastically from the time when the liquidity was supplied to the pool. Another example is abrupt crashes in the price of an asset that could trigger the massive removal of liquidity from a pool, causing major levels of slippage.
  • The programmable nature of DeFi protocols means that they can natively react to traditional market risk elements such as volatility and price in ways that can cause cascading effects impacting investors’ positions.

Great post! Welcome to the Popcorn Community Buzz!

1 Like