RFC: Curator Onboarding Framework

This is a request for comment for the community to discuss a framework for how vault curators should be onboarded to the Morpho UI.

While creation of vaults is permissionless, it’s desirable to limit the vaults displayed on the UI to those with known curators who have proven competence in their field and are unlikely to take malicious actions.

To create an objective and fair system, clear onboarding criteria are needed.

A few suggestions to start the conversation:

1. Once a curator is whitelisted, it’s likely best that all their vaults should be eligible for display on the UI, since governance reviewing each vault is a lot of overhead
2. A curator should have experience governing a certain minimum TVL, which the community can discuss to decide an appropriate floor
3. A curator should possess sufficient technical expertise to handle onchain operations, including configuring new pools, running reallocation bots, and so on, or should collaborate with another curator or entity that has this skillset (ie, dual curator setups such as the Block Analitca x RiskDAO collaboration can be allowed)
4. A curator should have a minimum duration of successful operations (ie, one year, input is appreciated on what would be an appropriate value)

Looking forward to your feedback on this matter.

I like this “optimistic” approach for whitelisted curators. It could be the best strategy for scaling.

However, I see a potential issue: this approach might incentivize curators to “fight for initial approval” and then deviate from their original intentions. For instance, a less-sophisticated curator might approach the DAO requesting whitelisting for a low-risk vault, only to later create high-risk, high-yield vaults to maximize returns.

This concern could affect how we evaluate curators. Given this potential “attack vector,” it might backfire and make the onboarding process unnecessarily complex, particularly impacting smaller curators with straightforward goals. This would conflict with our decentralization ethos and could limit Morpho’s growth to only “sophisticated, elite curators.”

I propose two ways to counter this while maintaining the “optimistic approach” for maximum growth:

1. Implement a tier system for curators: Upon onboarding, the DAO or committee would assign curators a tier and approval to operate specific vault types. While sophisticated curators would have no limitations on vault creation, lower-tier/newer curators would have restrictions on which markets they can include in their vaults, with the risk of delisting if they exceed these boundaries.
2. Establish a robust community-based or delegate-based delisting system: If we can quickly “veto” a vault from public exposure, this would reduce the incentive for curators to act against the DAO’s interests.

Additionally, we could introduce incentive mechanisms, such as requiring top-tier curators to “stake MORPHO” to gain the privilege of listing vaults with any markets/oracles.

I think by considering these post-onboarding mechanisms (like delisting or granular listing strategies) upfront, we could actually streamline the initial onboarding process! Hope to see this in the thread as well!

I agree with the @antonttc’s concern about getting the initial listing/onboarding as a curator and then later on introducing high risk vaults.

As a suggestion, I think it’d be beneficial for both borrowers and suppliers (vault depositors) to have a collateral risk assessment as a condition for getting their vault listed on the main UI (rather than leaving this up to the curator as a nice-to-have) for each collateral asset being added to a listed vault coming from a risk curator that is onboarded to the Morpho UI.

Ideally, this assessment should be accessible from (link on) the vault’s page on the UI, so everyone can check the risks involved after seeing vault’s current allocation in that market.

Risk scoring can/will only be another layer of “security” for suppliers on top of the conditions stated above.

Regarding other @OneTrueKirk’s suggestions (2., 3., and 4.), agree on each point, and I think those can be somewhat easily checked.

[I am a member of the Blockchain at Berkeley governance team. My views do not represent those of the club.]

First, I think its important to note that this is more of a courtesy, as Morpho manages the website. Therefore, I would imagine that these votes occur off-chain.

As a permissionless system, I believe the UI should be inclusive and display each vault. Perhaps, users can input addresses of vaults / filter based on supply asset and be able to borrow/supply through the UI (there doesn’t have to be extensive detail on these “non-approved” vaults).

However, for vaults that are to be given a more detailed UI that are non-malicious, I think the DAO should be able to provide input on their inclusion/exclusion. Perhaps, every month, the DAO votes off-chain on Snapshot on a long list of vaults asking for their inclusion/exclusion to the “approved/safe” section of the UI. This regularity would both allow vault creators to plan their vault launch, and communicate with the DAO in a timely manner.

Thanks for the thoughtful comments everyone. I agree with the concern regarding curators greatly increasing the risk level of their vaults after onboarding.

To be clear, there are no limits on who can create what kind of vault (totally permissionless), and the DAO has no ability to impose these limitations. As such, this proposal’s scope is limited to the frontend.

My concern with using a collateral-asset based evaluation model is that it would require the DAO to continually evaluate numerous collateral assets, which is one of the primary roles of curators in the first place. Setting a framework at the curator onboarding level minimizes the overhead for the DAO.

I agree that risk scoring of collateral in the UI would be valuable (though is a separate question from choosing which curators to list on the frontend, and would likely be best done by independent third parties, rather than directly by the DAO).

Using a tier system makes sense, perhaps the UI could have two sections, “Core Vaults” whose curators are recognized by the DAO, and “Permissionless Vaults”, which has a warning for users and displays all other vaults.

One thing to consider is collection of a variety of information that is then made available to the users. Relevant information might include: is the curator anon/their corporate identity, conflicts of interest disclosures, pre-identified benchmark to judge longterm performance against, history of non-investment related losses on the platform like misconfigured oracles or key mismanagement, summary of experience and expertise, etc.

It could even be that no information is required, but filling out the form is required, and a user can see that the curator declined to provide information.

This would allow the UI to be more informational: it would provide users with some context other than assets, current yield, and curator. It also has the benefit of encouraging best practices while not gatekeeping users. If they see 10 curators and 8 of them have conflict of interest disclosures and 2 don’t, well, then that lets the user make their own informed decision about whether such disclosures are important to them.

It also removes a lot of the information gathering burden from Morpho and places it – and its veracity – on the curator.

This approach can help Morpho curators develop their own brand, with Morpho more clearly being the “plumbing” and emphasizing the role the curators play rather than the Morpho team. It also potentially heads off some bad user experience if a conservative user of the protocol ends up in a vault where the curator has a history of risky behavior, but they wouldn’t have that context.

As Curator on Morpho, we believe that adopting a simple and light onboarding system would be relevant, materialized by a forum proposal. This would include, among other things:

• Some generic information about the curator: name, creation date, description, team information and the company registration
• AUM managed within the ecosystem
• Protocols the curator is involved with
• Protocols the curator has been involved with
• Which vault(s) the curator wishes to deploy
• Does he want to have a focus on certain asset class or thematics

The whitelisting would then be discussed by the community but validated by the team to avoid potential blockage from curators or large MORPHO holders.

We do not believe it is relevant to create a tier system for curators. However, it is necessary to inform users about the curators’ activities better so that they can quickly assess their relevance at a glance.

That’s why we’ve thought about creating a new element in the UI that would allow anyone to find the essential information about a curator:

• Total vaults managed on Morpho
• Type of vault managed (classified based on specific metrics)
• AUM managed over 30 days
• Total bad debt incurred

With this information, users could quickly understand the curator’s profile and make their selection. This would naturally highlight the best actors, as a poor risk manager would naturally be set aside by the users.

Some lending protocols use this methodology and gives a clear picture to the user. However, there’s still a debate about which vaults are whitelisted and why. It’s key to understand the benefits of being whitelisted and being featured this way.

We propose the following key points to advance the discussion:

Address an 1) applicant template, which we do not rule out including things such as:

The whitelisting process could not only be a procedure but also incorporate community preferences and a trial phase. Ideally, there should be no obstacles for curators with sufficient experience in onboarding vaults to the Morpho UI. However, the process should remain tight.

When making decisions about 2) eligibility, an approach could include community input along with the approval of risk advisors to be whitelisted. Finally, a system of 3) constant monitoring during a trial period, including staking by the curator, would be implemented.

Flowchart5238×3054 560 KB

The image above shows what the curator whitelist process could look like. We encourage feedback and welcome any questions!

Quick breakdown:

1. The applicant must begin the process with a robust template that includes descriptions and requirements based on suggestions from risk advisors and current curators. Including relevant data such as

2)The template must undergo a quality and formatting check by a facilitator, followed by a more technical review by pre-selected risk advisors (who could be current curators).
3) This is where the DAO members come into play, and a poll is conducted to decide whether to proceed with the whitelisting. Ultimately, it is the users who will make deposits into the vaults.
4)The actual onboarding to the UI occurs here. We suggest two different ways to proceed:
a) A sustainable option is to decentralize the front end by pre-setting certain requirements for it. As an example, https://morpho.blockanalitica.com/ including an option to directly interact with the vaults - each curator must ensure to meet standards.
b) We agreed with

We believe a viable addition to the UI is to separate the curators by markets, e.g., ‘Steakhouse Market’ - This market division will allow curators to build their brand and reputation within Morpho.
Note: Kamino Finance, together with Ethena, did a good job by onboarding their own market separately from Main/Altcoins.
Example:

Screenshot 2024-10-24 at 13.39.441776×704 58.1 KB

5. We refer to the monitoring phase as a tool with predefined parameters to constantly assess and categorize a vault as healthy. It should allow the DAO to offboard vaults in case of deactivation or when parameters fall outside of expectations.

6. The mentioned trial period will help reduce the workload and ensure that only curators deemed appropriate by the risk advisors onboard new vaults. During this period (365 days - just for reference), the curator should be able to onboard vaults effortlessly.

7. The Staking & Lock module will reduce the risk of improper use of the protocol ensuring curators have skin in the game.

I am wondering if some approach which allows users to import externally curated lists won’t make sense. For example, I believe 1inch was allowing to import a list of tokens at some point in the UI (like a Coingecko list). That will allow any community to implement curated lists, which are importable in the UI, while the default list is closely maintained by the Morpho team/DAO.

I think this is a very good direction that we should explore.

IMO “buying a potentially malicious token” vs “depositing into a potentially malicious contract” definitely have different security implications. Users now usually understand the risk of buying random tokens, but “deposit your real USDC into a weird Morpho Vault” is harder to interpret.

So I think importing curator list is definitely more dangerous. But maybe we can change it a bit and import a token and oracle list, or a market list, and all vaults created with those parameters are displayed.

Thanks everyone for your comments.

This could be a good addition indeed, forwarding to our Product Designer.

Existing risk curators have no real incentives to see other risk curators being listed, don’t you think it would create a veto opportunity for them instead?

I like the idea of the application form. This already provides a good first filter, as most unmotivated risk curators would not be willing to fill it I guess.

What’s not clear to me is who should be the facilitator and the risk advisor. As I said above, I fear that giving this right to existing risk curators alone is not wise, as they share conflicting goals.

For the monitoring part, this can be a good idea as well. One must clearly define the rules for each risk curator that could be removed from the UI, though, and I’m not sure how exhaustive we can be on the front. What happens if an unexpected issue is encountered? Should the Morpho Association reserve the right to unlist the risk curator?

I can think of 4 alternatives that might help here; I will rank them in order of preference:

1: Each curator should maintain his FE; e.g. gauntlet.morpho.org

Approval of new extensions starts with a proposal in the forum; all curators are obliged to vote and give their reasons. Morpho would decentralize from its FE.

Going a little deeper here, the FE can integrate the Aragon vote of each curator, incentivising the user to get involved; I agree that very little importance has been given to this implementation, and it is a key paradigm shift in building immutable infrastructure.

Points here: More Morpho essence, less intervention.

2: Design a tool that controls every single parameter that is set, e.g. on-chain liquidity and volatility of lend and borrow assets; everything a curator needs to set can be parameterised, so a tool that includes all criteria should be buildable. Possibly complex as no one has built it and it would solve major defi issues.

ChainRisk and Gearbox have developed some monitoring tools that may have something to contribute here.

Points here: More Morpho essence, possibly an immutable sc, if it works it could be a good industry standard.

3: Hire an external provider, risk specialist; not linked to protocol management, e.g. ChaosLabs.

This seems to be the default option and easier/faster to implement.

Points here: Perhaps less cost effective, “could” be done now, less decentralised, creates dependencies.

4: A junior capital mechanism, based on what Maker/Sky are designing for subdata, could be an alternative, although potentially complex to implement for a FE whitelist alone.

This is a high quality discussion about a key topic for the future of Morpho. I think the discussion would benefit from recalling a few points:

• The vision is to make Morpho an essential infrastructure, a public good accessible to all. Accessibility of the Morpho UI should extend as much as possible not only to lenders and borrowers but also to market creators and vault managers.

• The risks are at least of two kinds:
  – a medium risk, mentioned by @antonttc: users deposit in a vault perceived as low risk, then the curator starts unboarding high risk collateral. Most of the time, the reputation costs associated with this type of behavior will exceed the benefits. A tiered system proposed by @OneTrueKirk with curated and non curated vaults could solve this issue. We can discuss about the criteria to be curated in the UI, but what’s important is that non curated vaults also access the UI.
  – a critical risk: a curator onboards a market with a malicious price oracle, inflate the collateral and drain the vault by borrowing the assets.

There could be a fine line between a risky oracle and a malicious one but I think the distinction is important. Regarding the critical risk, there are a few safe-guards that come to my mind:

• requiring a minimal time-lock for the vault to be added to the UI and displaying the timelock on the UI
• decomposing the feed chain as done in monarchlend.xyz for transparency
• extending the Morpho’s bug bounty to signalling malicious markets.

Based on the excellent comments here and some offline discussion, I believe a good first step is an enhanced risk rating framework for curators, so that vault depositors can easily access information like the current and historical track record of vault risk management, the experience of the curator, and the vault configuration (timelock, guardian, and so on). This should be provided by a neutral third party who is not themselves a curator.

Will have some updates to share on an MVP soon, which the community can use as a basis for ironing out a longer term approach.

Overall, I’m aligned with the commenters who have suggested that a maximally permissionless approach is in keeping with Morpho’s values.