Royco Vaults: Risks

There are three major categories of risk when depositing into a Royco Vault

1. Vault smart contract risk: Royco Vaults use the BoringVault system, which currently hold over $3b inside. While unlikely, an open exploit in these contracts could result in a loss of funds event.

2. Curation risk: The curator themselves is trusted to allocate the vault effectively and distribute rewards fairly. Funds can be lost through avenues like slippage, or poorly managing positions. If a curator pays out a reward distribution to the incorrect timestamps, the wrong users could earn rewards unfairly. Finally the curator & market whitelister addresses could collude to whitelist a malicious market and steal funds.

3. Underlying market risk: Royco Vault curators deposit vault funds into external protocols through Royco Markets. This means that the portion of vault funds allocated to that Royco Market are exposed to the same trust assumptions and risks of the underlying protocol.

Smart contract risk mitigations:

1. The minimal upgrades Royco Vaults have made on the BoringVault smart contracts are only additive to the original contracts to include a incentive distribution mechanism. They do not alter anything related to user deposits, or change any of the original accounting. This means that Royco Vaults do not introduce any additional smart contract risk over the existing BoringVault smart contracts when it comes to user deposits.

2. Royco Vaults have been audited by Nethermind, reviewed by an internal security team, and has an Immunefi bug bounty.

3. BoringVault has two audits from 0xMacro, as well as an audit from Spearbit.

Curator risk mitigations:

1. To reduce the risk of malicious operation, permissioned roles are separated out so that the address which whitelists vault rebalance actions is not the same address that is permissioned to execute those actions.

2. For the crosschain vault, the curator will need to bridge funds between the deployments on different chains. To minimize bridging risk, bridging will be done frequently and manually, reducing the need for large bridges which expose a large portion of the vault and keeping secure control.

   1. Because the crosschain vault's rewards are paid out on mainnet, rewards which cannot be bridged to mainnet will be sold for assets which can be. These swaps will be performed manually but are still subject to slippage or low liquidity, which can affect yield.

Underlying market risk mitigations:

1. Royco vaults will only allocate into Verified Royco markets, the Royco verification system weeds out untrusted, malicious markets, as well as markets with broken configurations, which could cause loss of funds.

2. To prevent the risk of losing funds through price fluctuations, Royco Vaults will only deposit into markets where the deposit and input assets are pegged to the input asset of the vault. So the USDC Royco Vault will be able to deposit into DAI or USDT markets, but never ETH markets. It is important to note that a depeg while swapping between these assets could still result in the vault making a loss, so the curator should manage risk accordingly.

3. Note that all depositors, vault or otherwise, in a Royco Market whose Incentive Provider isn't issuing rewards directly through Royco, such as by issuing points, are subject to the trust assumption that the Incentive Provider will follow through with airdropping the token that the vault curator will then need to distribute. Royco does not achieve additional guarantees about distribution timelines, allocations, or token valuations.

Note that if a depositor makes a withdrawal request from a Royco Vault without the vault having enough liquid capital to facilitate the withdrawal. The depositor will need to wait for the vault's next expiring positions to unlock, to free more capital. Royco Vaults make no guarantee on facilitating withdrawals quicker than the max withdrawal length stated on the frontend.