How Vaults & ERC-4626 Work
Yield vaults, tokenised shares, and the standard that unified DeFi's most important primitive
What Is a Vault?
A DeFi vault is a smart contract that accepts deposits of an asset, deploys that capital into a yield strategy, and issues tokenised shares representing each depositor's claim on the underlying pool. As yield accrues, each share becomes redeemable for more of the underlying asset.
Vaults abstract the complexity of yield generation behind a single deposit transaction. Rather than manually supplying to Aave, harvesting COMP rewards, swapping them back to USDC, and redepositing — a vault does all of this automatically, continuously, and gas-efficiently by spreading the cost of harvesting across all depositors.
The vault pattern is DeFi's most composable primitive. The share token — representing your claim on the vault's assets — is itself an ERC-20 token that can be held, transferred, used as collateral, or deposited into another vault. This composability is what makes vaults central to almost every DeFi yield strategy.
Yearn Finance, launched in 2020, popularised the vault model with its yVaults — automated strategy vaults that rotated between lending protocols to maximise yield. The problem: every protocol invented its own interface, its own accounting logic, and its own share token semantics. Integrating with ten different vaults meant writing ten different adapters. ERC-4626 was the industry's answer.
A vault and a liquidity pool are both smart contracts that hold pooled assets — but their purpose differs. A liquidity pool (Uniswap, Curve) facilitates trading between two assets and earns fees from swaps. A vault deploys a single asset into one or more yield strategies and earns yield on that asset. Some advanced vaults hold LP positions as their underlying strategy.
Before ERC-4626
Before the standard existed, every vault protocol invented its own interface. The result was a fragmented landscape where integrators, aggregators, and composable protocols had to write custom code for each vault they wanted to support.
Yearn's yVaults used deposit(uint256 _amount) and withdraw(uint256 _shares). Compound's cTokens used mint(uint256 mintAmount) and redeem(uint256 redeemTokens). Aave's aTokens rebased balances automatically rather than using a share-price model. Convex, Ribbon, and every structured product had their own unique interface.
The downstream effects were significant. Aggregators like Yearn, Idle, and Rari Capital had to maintain bespoke integrations for each underlying protocol.Lending protocols wanting to accept vault tokens as collateral needed custom oracle and accounting adapters. On-chain analytics tools struggled to generalise across vault types. The ecosystem was reinventing the same accounting wheel — deposits, withdrawals, share price — over and over with incompatible interfaces.
Joey Santoro (Fei Protocol) and Zefram Lou proposed ERC-4626 in November 2021. It was finalised and merged into the EIPs repository in March 2022. Within months, Yearn, Aave, Morpho, Sommelier, and dozens of other protocols had adopted it.
The ERC-4626 Standard
ERC-4626 defines a standard interface for yield-bearing vault tokens. A compliant vault exposes a consistent set of functions for depositing, withdrawing, converting between assets and shares, and querying vault state.
A vault that implements ERC-4626 is also an ERC-20 — the share token is the vault token. The standard extends ERC-20 with four deposit/withdrawal functions, four view functions for asset/share conversion, and two preview functions for slippage estimation.
| Function | Description | Key parameter |
|---|---|---|
| deposit(assets, receiver) | Deposit exact amount of underlying asset; receive shares | assets: uint256 |
| mint(shares, receiver) | Mint exact number of shares; vault pulls required assets | shares: uint256 |
| withdraw(assets, receiver, owner) | Withdraw exact amount of assets; vault burns required shares | assets: uint256 |
| redeem(shares, receiver, owner) | Redeem exact number of shares; receive corresponding assets | shares: uint256 |
| convertToShares(assets) | Preview: how many shares for a given asset amount | View only |
| convertToAssets(shares) | Preview: how many assets for a given share amount | View only |
| previewDeposit(assets) | Preview shares received, accounting for fees | View only |
| previewRedeem(shares) | Preview assets received, accounting for fees | View only |
| totalAssets() | Total underlying assets managed by vault | View only |
| asset() | Address of the underlying ERC-20 asset | View only |
The distinction between deposit/withdraw (asset-denominated) and mint/redeem (share-denominated) is deliberate. It allows callers to specify exactly what they want — "I want to deposit exactly 1,000 USDC" vs "I want to mint exactly 1,000 shares" — without needing to pre-calculate the conversion themselves. The vault handles rounding according to the standard's rounding direction rules (always round in the vault's favour, never the user's, to prevent rounding exploits).
The standard specifies that vaults must round down when calculating shares for deposits (user gets fewer shares than the exact ratio) and round downwhen calculating assets for redemptions (user gets fewer assets than the exact ratio). This always favours the vault and protects against rounding-based donation attacks — a class of exploit that drained several pre-standard vaults.
Deposit & Withdrawal Mechanics
Every interaction with an ERC-4626 vault reduces to the same fundamental exchange: assets in, shares out (deposit) or shares in, assets out (redeem). The exchange rate between them — the share price — encodes the vault's accumulated yield.
User calls deposit(assets, receiver) with 1,000 USDC
Vault mints shares to the user. At $1.00/share: user receives 1,000 shares
A common misunderstanding: depositing into a vault does not lock your assets in the vault contract. The vault immediately deploys them into the underlying strategy — Aave, Curve, or wherever. The vault's totalAssets() function must return the current value of all deployed capital, not just cash held idle. This is why high-utilisation lending vaults may have withdrawal delays: the assets are lent out and must be recalled before they can be returned to the depositor.
Withdrawal limits are handled via maxWithdraw(owner) and maxRedeem(owner) — functions that return the maximum withdrawable amount at a given moment. If a strategy has liquidity constraints (e.g. locked in a time-locked contract, or deployed into an illiquid position), these functions return less than the full balance. Callers should always check max before attempting a withdrawal to avoid revert.
Share Price & Accounting
Share price is the ratio of total assets to total shares. It starts at 1:1 when the vault is deployed and increases monotonically as yield accrues — unless the strategy suffers a loss.
The share price formula is:
When a new depositor joins, the vault calculates how many shares to issue at the current share price, ensuring existing shareholders are not diluted. If 1,000 USDC was deposited when the share price was $1.00, and a second depositor joins when the share price is $1.10, the second depositor receives only ~909 shares for their 1,000 USDC. When they redeem those 909 shares, they will receive 909 × (current share price) — capturing their proportional share of yield from the point of entry forward.
Performance fees are typically collected by diluting shares rather than by taking assets. When the vault harvests yield, the protocol mints new shares to the fee recipient equal to the performance fee percentage of the yield. This dilutes existing shareholders slightly but does not require moving assets out of the strategy. Yearn charges a 20% performance fee and a 2% management fee, implemented this way.
A known attack against newly-deployed vaults with no initial deposits: an attacker deposits 1 wei as the first depositor, then donates a large amount of the underlying asset directly to the vault contract (bypassing the deposit function). This massively inflates the share price before any legitimate depositor joins. The next depositor's rounding errors leave them with zero shares. ERC-4626 vaults must handle this via virtual shares (adding an offset to totalSupply and totalAssets at initialisation) or by seeding the vault with an initial deposit.
Yield Strategies
A vault is only as good as its strategy. ERC-4626 standardises the accounting layer but says nothing about what the vault does with the assets. Strategy design is where the real engineering and risk management live.
- •Smart contract bug in lending protocol
- •Utilisation spikes causing withdrawal delays
- •Oracle manipulation affecting liquidation accuracy
Multi-strategy vaults — popularised by Yearn v3 and Morpho Vaults — allocate capital across multiple strategies simultaneously, with a vault manager or algorithm deciding the allocation. This diversifies strategy risk but adds governance complexity. Morpho's MetaMorpho vaults let curators (risk managers) configure the supply queue and allocation caps, while the underlying Morpho protocol handles lending execution.
Strategy rebalancing — moving capital between allocations — is triggered by keepers: automated bots (or Gelato, Chainlink Automation) that call harvest and rebalance functions when conditions are met (e.g. once per day, or when pending yield exceeds the gas cost of harvesting). Vault users benefit from shared harvest gas costs — a vault with $10M TVL amortises the same harvest transaction across thousands of depositors.
Composability & Integration
ERC-4626's standardisation unlocks composability that was previously impossible at scale. Any protocol that integrates one ERC-4626 vault automatically works with all of them.
Lending protocols can accept ERC-4626 vault tokens as collateral without custom adapters. Aave v3 and Morpho accept yield-bearing tokens (sDAI, stETH, aTokens) through ERC-4626 wrappers. A user can deposit USDC into a Yearn vault, receive yvUSDC, deposit yvUSDC as collateral on Morpho, and borrow ETH — earning vault yield while maintaining a leveraged position.
Aggregators and routers can route user deposits to the highest-yielding compatible vault in a single transaction. DeFi Saver, 1inch, and similar tools treat all ERC-4626 vaults identically — deposit function, share price, preview functions — without bespoke integration.
Vault-of-vaults (meta-vaults) accept an ERC-4626 vault token as their underlying asset and layer additional strategies on top. Convex's staked Curve LP tokens wrapped in ERC-4626 can be deposited into a Yearn meta-vault — multiple layers of yield stacking with a single interface.
| Integration type | How ERC-4626 helps | Example |
|---|---|---|
| Lending collateral | Single adapter works for any compliant vault token | Morpho accepting sDAI, yvUSDC |
| Yield aggregators | Route deposits to best vault without custom integration | 1inch, DeFi Saver |
| Portfolio managers | Read TVL, APY, share price uniformly across vaults | Zapper, DeBank |
| Meta-vaults | Stack vault on vault — each layer ERC-4626 compliant | Yearn v3 multi-strategy |
| Cross-chain bridges | Wrap and unwrap vault positions without custom logic | LayerZero OFT + 4626 wrapper |
| On-chain analytics | Standardised totalAssets() and convertToAssets() | DeFi Llama, Dune |
Risks & Failure Modes
Vaults aggregate risk. A deposit into a vault inherits every risk of every protocol the vault touches — and adds vault-specific risks on top.
| Risk | Description | Mitigation |
|---|---|---|
| Strategy exploit | The underlying strategy protocol is hacked — vault loses all deployed capital | Diversified multi-strategy; insurance (Nexus Mutual) |
| Vault contract bug | The ERC-4626 vault itself has a vulnerability | Multiple audits; time-locks; gradual TVL caps |
| Inflation attack | First depositor manipulates share price to steal from later depositors | Virtual shares offset; seed deposit at deploy |
| Harvest front-running | MEV bots sandwich harvest transactions to extract yield before it's distributed | Private mempool harvesting; MEV-resistant harvest design |
| Withdrawal lock | Strategy is illiquid; users cannot withdraw on demand | maxWithdraw() checks; liquid strategy buffers |
| Admin key risk | Vault owner/strategist can upgrade strategy maliciously | Timelock; multisig; DAO governance; strategy whitelisting |
| Oracle manipulation | Vault relies on price oracle; oracle is manipulated mid-harvest | TWAP oracles; Chainlink; circuit breakers |
| Share price manipulation | Attacker donates assets to inflate share price mid-block | Virtual shares; snapshot-based accounting |
The strategy exploit risk is the most severe. When Euler Finance was exploited in March 2023, vaults that had deployed into Euler — including several Yearn strategies — faced immediate losses. ERC-4626 standardises the interface but not the security model: a well-audited vault wrapping an exploited protocol loses just as much as a poorly-audited one.
Vault-level insurance via Nexus Mutual, InsurAce, or Sherlock can cover smart contract exploits for a premium typically ranging from 1–5% APY. For institutional depositors, this insurance may be worth more than the yield itself — particularly for newer or less-audited vaults.
Real-World Implementations
ERC-4626 has been adopted across the DeFi stack — from simple lending wrappers to institutional-grade structured products. The standard has become the default for any new yield-bearing protocol launched after 2022.
| Protocol | Vault type | Underlying asset | Notable feature |
|---|---|---|---|
| Yearn v3 | Multi-strategy | USDC, DAI, WETH, wBTC | Modular strategy allocator; open strategy submission |
| Morpho MetaMorpho | Curated lending | USDC, WETH, WBTC | Risk managers set allocation; curators earn fees |
| Aave aTokens (wrapped) | Single-strategy lending | USDC, DAI, ETH | aToken wrapped in 4626 for composability |
| sDAI (Sky/Maker) | DSR savings | DAI | DAI Savings Rate — yield from RWA + DeFi treasury |
| Compound cTokens (v3) | Single-strategy lending | USDC, ETH | Compound III redesigned around 4626-compatible model |
| Sommelier Cellars | Active strategy | Multiple | Off-chain strategy computation, on-chain 4626 settlement |
| Pendle PT/YT | Yield stripping | Any 4626 vault | Separates principal and yield into tradeable tokens |
| EigenLayer LRTs | Restaking | stETH, ETH | ERC-4626 wrappers for liquid restaking positions |
Pendle Finance deserves special mention as a showcase of ERC-4626 composability. Pendle takes any ERC-4626 vault token and splits it into two components: a Principal Token (PT) redeemable for the underlying at maturity, and a Yield Token (YT) that receives all yield generated before maturity. This lets users trade future yield, buy yield at a fixed rate, or speculate on yield movements — all built on top of the standard vault interface with no custom vault integration required.
ERC-4626 did for yield what ERC-20 did for tokens: it created a shared language that allows every protocol, tool, and user to interact with yield-bearing assets without knowing the underlying strategy. A wallet that understands ERC-4626 can display the yield on any compliant vault. A lending protocol that accepts ERC-4626 can take any compliant vault token as collateral. The standard transforms a bespoke strategy into a composable building block — and that composability is what makes DeFi more than the sum of its parts.