Trust Model between Depositors, Vault Managers, and Delegates

[0xbigz]

Issue Summary:

Current implementation of the Drift-Vaults program, as described in the wiki, requires significant trust from depositors towards both the vault manager and delegate. In addition, vault managers need to trust the delegate. Although certain incentives and penalties are in place, potential weaknesses and vulnerabilities may still exist. There is a need to explore additional strategies to enhance the robustness of the trust model.

Detailed Description:

Presently, the vault manager earns management fees and profit shares, providing an incentive to attract deposits and maintain good performance. However, this structure relies on the depositor's trust in the manager's ability to deliver sustainable returns. While historical performances provide some degree of assurance, they are insufficient in guaranteeing future outcomes. If the manager and delegate roles were managed via upgradable time-delayed smart contracts, this could improve deterministic properties of the system.

Still some potential vulnerabilities exist that could undermine trust. Some potential enhancements to address these concerns (that I believe are more complex than the guarantees they provide):

• Mandatory Excessive Manager Collateral: This solution requires the manager to provide substantial collateral as a guarantee. However, it is challenging to enforce and requires the manager to provide large upfront capital, somewhat negating the purpose of the vault program.

• Delegate Instruction Introspection: This solution involves monitoring and evaluating the delegate's instructions to prevent potentially detrimental actions. However, defining 'bad orders' is non-trivial, and excessive restrictions could inadvertently limit strategies for preventing loss.

• Custom Approved Counterparty Lists: Allowing users to create a list of approved counterparties for trades could enhance trust. However, the risk of collusion between the manager and an approved counterparty, if not the vAMM, could offset its benefits.

[dannpl]

Really very good, a point that we are putting on the slidelabs is that the vault never uses all the available value, we put a risk for the vault. 0% ~ 100%.

So the users choice the risk

[chen-robert]

It might be interesting to enforce some guarantees on vault performance. For example, if you can ensure that a vault can never go below some threshold (say 80%), that would give depositors better guarantees on vault performance. Even if the manager were compromised or became malicious, depositors would still get 80 cents back on the dollar.