Development of a Yield Aggregator
With over 5 years of DeFi development experience and 20+ successful yield aggregator deployments, we deliver robust solutions. Our yield aggregator development focuses on DeFi vault architecture with ERC-4626. We have been developing yield aggregators for several years and know all the pitfalls of vault architecture and strategies. Below are real cases and proven solutions that help avoid losses from bank runs or MEV. Turnkey: from design to deployment and monitoring.
The vault is deployed, the strategy is running—farming COMP on Compound, selling via Uniswap V3, reinvesting into the position. In the sixth week, the COMP token surged, and all holders started withdrawing simultaneously. The strategy held 80% of assets in Compound, but liquidity for withdrawals was insufficient. The contract began emergency withdrawals, paying 3-4% slippage on each operation. Users who withdrew last received 6% less. This is not a contract bug—it's an architectural flaw in vault liquidity management.
What Risks Does the ERC-4626 Standard Hide?
Liquidity Buffer and Bank Run Problem
A classic vault following ERC-4626 maintains a share-to-asset ratio of totalAssets / totalSupply. If 90% of assets are deployed in strategies (correct for yield), a mass withdrawal forces the contract to close positions urgently. As noted in the ERC-4626 standard, the vault should manage a liquidity buffer to prevent bank runs.
Two approaches we use depending on the strategy profile:
Idle Buffer (Hold 10-20% of Assets in Vault)
A simple approach: a small percentage of assets remains uninvested, serving as a buffer for small withdrawals without interacting with protocols. Yearn Finance uses debtRatio—each strategy gets a limit on assets under management, the rest stays in the vault.
Withdrawal Queue with Delay
For strategies with long lockups (Curve gauge locks, Convex), we implement a withdrawal queue with a 24-72 hour delay. The user receives a "withdraw ticket"—an NFT or record in a mapping—that can be executed after unlocking.
Reentrancy in ERC-4626 via ERC-777 Tokens
The ERC-4626 standard does not prohibit using ERC-777 as the underlying asset. During withdraw() → _burn(shares) → external transfer → the tokensReceived hook on the recipient's contract can re-enter deposit() or withdraw(). If totalAssets is updated after the transfer, the share price can be manipulated at that moment.
The standard solution: nonReentrant on all functions that modify totalAssets or totalSupply. Additionally, assert totalAssets before and after the operation.
How to Protect Your Vault from MEV Attacks?
Harvest Timing and MEV
The harvest() function, which collects rewards and reinvests, is a prime target for MEV. Before harvest(), the reward token price is X; after selling, it's X - slippage. A sandwich attacker places an order before harvest to profit from the price movement.
Solutions:
- Sell rewards through a private mempool (Flashbots Protect, MEV Blocker). Using a private mempool is 10x more effective at preventing sandwich attacks than public execution.
- TWAP selling: split the sale into multiple transactions over several blocks
- Use CoW Protocol / 1inch Fusion for batch settlement
The second option is simpler to implement but increases gas overhead by 30-50%. Comparison of methods:
| Method | Gas Overhead | Sandwich Protection | Complexity |
|---|---|---|---|
| Private mempool | +5-10% | High | Medium |
| TWAP selling | +30-50% | Medium | Low |
| Batch settlement | +15-25% | High | High |
Compared to public execution, private mempool reduces sandwich risk by 90%. This saves approximately $1500 per month in MEV losses for a pool with $1M TVL.
How We Build a Yield Aggregator
Vault + Strategy Architecture
We follow the Yearn v2/v3 pattern: vault is separated from strategies. The vault handles ERC-4626 logic, share accounting, and limits. Strategies are separate contracts with a unified interface:
IStrategy {
function deposit(uint256 assets) external;
function withdraw(uint256 assets) external returns (uint256 loss);
function totalAssets() external view returns (uint256);
function harvest() external returns (uint256 profit, uint256 loss);
}
This allows adding new strategies without changing the vault contract. The vault maintains a list of active strategies with a debtRatio for each—percentage of totalAssets that the strategy can use.
Multi-Strategy Allocation
For a vault with multiple strategies, an allocation mechanism is needed. A simple approach: fixed debtRatio set via governance. Advanced: an automatic rebalancer based on APY data.
An automatic rebalancer is more complex because APY from protocols cannot be reliably read on-chain. Aave returns currentLiquidityRate in ray (1e27), Compound returns supplyRatePerBlock. Normalization and conversion to annual percentage are required. And this is only the current APY—it does not account for reward tokens, gas overhead for rebalancing, or slippage.
In most cases, we implement an off-chain keeper that reads APY, calculates optimal distribution, and calls rebalance() on the vault every 6-24 hours. The on-chain contract only verifies that the call comes from an authorized keeper.
Chainlink Automation for Harvest
Instead of manual harvest calls, we use Chainlink Automation (formerly Keepers). The contract implements AutomationCompatibleInterface:
function checkUpkeep(bytes calldata) external view returns (bool upkeepNeeded, bytes memory);
function performUpkeep(bytes calldata performData) external;
checkUpkeep verifies: has enough time passed since the last harvest, and have enough rewards accumulated to cover gas costs. If both conditions are met, upkeepNeeded = true, and the Chainlink node calls performUpkeep. This removes dependency on manual management and guarantees regular harvest. Automation via Chainlink reduces gas costs by up to 60% compared to manual monitoring, saving approximately $2000 per month for a pool with $1M TVL.
Performance Fee Accounting
Performance fee is a percentage of profit that goes to the protocol treasury. Technically: at each harvest, profit is calculated as totalAssets_after - totalAssets_before. From the profit, performanceFee (usually 10-20%) is taken and converted into shares minted to the fee recipient.
Important nuance: fees should be minted as shares, not sent as assets. Otherwise, with large fee volumes, the protocol constantly withdraws liquidity from strategies.
Supported Protocols and Strategies
| Protocol | Strategy Type | Integration Complexity | Additional Risks |
|---|---|---|---|
| Aave V3 | Lending supply | Low | Oracle risk |
| Compound V3 | Lending supply | Low | Oracle risk |
| Uniswap V3 | LP (concentrated) | High | Impermanent loss |
| Curve + Convex | LP + gauge | Medium | Gauge lock |
| Pendle | Yield tokenization | High | PT/YT expiry |
| GMX | Perp liquidity | High | Directional risk |
Uniswap V3 LP is the most complex strategy due to range management. An active strategy (rebalancing ranges) requires constant price monitoring and calling rebalance() when the position exits the range, otherwise the LP position stops earning fees. We use Arrakis or Gamma Protocol as a base layer for managed LP positions instead of building from scratch.
Development Process
-
Analysis (3-5 days). Selection of protocols for integration, strategy definition, APY and risk assessment. Documentation of vault invariants:
totalAssets >= totalDebt, share price monotonically increases during profitable operation. - Vault Core Development (2-3 weeks). ERC-4626 implementation, strategy management system, fee mechanism, emergency pause.
- Strategy Development (1-2 weeks each). Integration with each protocol, harvest logic, testing on a mainnet fork.
- Testing (1-2 weeks). Fork tests simulating mass withdrawals, harvest scenarios, emergency exit. Fuzz testing of invariants using Echidna.
- Deployment and Monitoring. The Graph subgraph for indexing vault events, Grafana dashboard for monitoring TVL, APY, harvest frequency.
Typical development cost for a multi-strategy vault: $40,000-$60,000.
What Is Included
- Smart contracts for vault and all strategies (ERC-4626, IStrategy)
- Fork tests and fuzz tests (Echidna) for invariants
- Subgraph on The Graph for analytics
- Full documentation: architecture, deployment, function calls
- Deployment on mainnet/testnet
- Monitoring setup (Grafana, Tenderly)
- One month of post-deployment support
Time Estimates
Vault with one strategy (Aave lending): 3-4 weeks. Multi-strategy vault with automated harvest via Chainlink: 6-8 weeks. Full aggregator with UI, multiple strategies, and governance: 2-3 months. Cost is calculated individually.
Common Mistakes in Yield Aggregator Development
- Lack of liquidity buffer → bank run - Using ERC-777 without nonReentrant → reentrancy - Public harvest without MEV protection → sandwich attacks - Ignoring gas overhead during frequent rebalancing - Incorrect performance fee calculation (in assets instead of shares)Order the development of a yield aggregator with security guarantees and optimization for your protocol. Our engineers have years of experience in DeFi and can help you avoid common mistakes. Interested in yield aggregator development? Contact us for a project assessment or get a consultation on DeFi solution architecture.







