Overview
Sturdy Finance introduced an innovative lending model: borrowers deposit yield-bearing collateral (like stETH, yvTokens, or other DeFi yield positions), and the yield generated by that collateral is redirected to lenders instead of traditional interest payments. This creates a scenario where borrowers can access loans at zero or reduced interest, while lenders earn yield from the collateral's native returns rather than from borrower interest payments.
The original Sturdy V1 operated as a shared-pool protocol, aggregating yield-bearing collateral and distributing yields to lenders. However, in June 2023, Sturdy V1 was exploited for approximately $800K through a price manipulation attack involving a read-only reentrancy vulnerability in Balancer pools used for price feeds. The exploit, while relatively small, damaged confidence in the protocol.
Sturdy V2 was a complete redesign, moving to isolated lending pairs built on a modular, peer-to-peer architecture. V2 allows permissionless creation of lending markets for any yield-bearing collateral/borrow asset pair, with isolated risk and configurable parameters. The redesign demonstrates the team's ability to learn from failure, but the exploit history creates a trust deficit.
Smart Contracts
V2 Isolated Architecture
Sturdy V2 uses isolated lending pairs where each market is a self-contained lending relationship between a specific collateral asset and borrow asset. This isolation prevents risk contagion between markets — a direct response to the shared-pool vulnerabilities exposed in V1. The modular design allows custom configurations per market.
Yield Redirection Mechanism
The core innovation — redirecting collateral yield to lenders — requires smart contract integration with underlying yield sources (Lido, Yearn, Convex, etc.). The contracts must correctly harvest yields, convert them, and distribute to lenders while maintaining accurate accounting. This multi-protocol composability adds complexity.
V1 to V2 Evolution
The V2 contracts represent a ground-up redesign rather than a patch of V1. The architecture shift from shared pools to isolated pairs fundamentally changes the risk profile and demonstrates engineering growth. However, the fact that V1's architecture had critical vulnerabilities raises questions about pre-deployment security rigor.
Security
V1 Exploit ($800K)
In June 2023, Sturdy V1 was exploited for approximately $800K. The attack used a read-only reentrancy vulnerability in Balancer's pool contracts to manipulate the price oracle used by Sturdy for collateral valuation. The attacker inflated collateral value, borrowed against it, and extracted the difference. While the amount was relatively small by DeFi exploit standards, it exposed a critical dependency on external price feed integrity.
Post-Exploit Response
The team paused V1, investigated the exploit, and designed V2 to address the architectural vulnerabilities. The response was professional, but the damage to user trust was done. Exploited protocols face an uphill battle to rebuild confidence, regardless of the quality of their response.
V2 Security Improvements
V2's isolated market design eliminates the shared-pool risk that enabled the V1 exploit. Each market has independent risk parameters and isolated collateral, preventing cross-market contagion. The architecture is fundamentally more resilient than V1.
Audit Status
V2 contracts have been audited, though the protocol's exploit history means audits carry less reassurance value. The market's trust calibration for previously exploited protocols is (reasonably) more skeptical.
Risk Management
Isolated Market Model
V2's isolated markets provide strong risk management. Each lending pair has independent collateral factors, liquidation parameters, and interest rate curves. A failure in one yield-bearing collateral (e.g., a Yearn vault exploit) only affects the specific market using that collateral.
Yield Source Dependencies
Sturdy's model depends on external yield sources generating consistent returns. If underlying yield sources (Lido, Convex, Yearn) experience issues — reduced yields, exploits, or depegs — Sturdy's lending markets are directly affected. This composability risk is inherent to the yield-bearing collateral model.
Oracle Improvements
V2 addresses the oracle manipulation vulnerability from V1 by using more robust price feed mechanisms and reducing dependency on potentially manipulable external price sources.
Adoption
Limited TVL
Sturdy's TVL is modest — typically in the single-digit millions. The exploit history has made users cautious, and the protocol has not achieved meaningful scale in the competitive lending market. V2's permissionless markets have attracted some niche usage but not breakout adoption.
Niche Value Proposition
The yield-bearing collateral model is genuinely innovative and serves users who want capital efficiency from their yield positions. However, this niche is also addressed by protocols like Morpho and Aave V3's efficiency mode, which have larger user bases and more established trust.
Market Competition
Sturdy competes against Aave, Morpho, Silo, and other lending protocols with vastly larger TVLs and stronger track records. The exploit stigma makes user acquisition particularly challenging.
Tokenomics
STRDY Token
STRDY is the governance token for the protocol. Token utility includes governance participation and potential fee-sharing mechanisms. The token's value has been depressed, reflecting the protocol's limited adoption and exploit history.
Limited Value Accrual
With minimal TVL and trading volume, protocol revenue is negligible. STRDY's value proposition depends on a meaningful adoption recovery that has not yet materialized.
Risk Factors
- Exploit history: The V1 exploit creates lasting trust deficit, making user acquisition harder.
- Composability risk: Dependence on external yield sources (Lido, Yearn, Convex) introduces layered smart contract risk.
- Limited adoption: Minimal TVL limits protocol revenue and long-term sustainability.
- Competitive pressure: Established lending protocols offer similar functionality with better track records.
- Oracle dependency: Despite improvements, yield-bearing collateral valuation requires reliable price data.
- Team sustainability: Limited revenue and token value raise questions about long-term development funding.
Conclusion
Sturdy Finance presents an innovative lending model — using yield-bearing collateral to provide interest-free borrowing — that addresses a genuine need in DeFi capital efficiency. The V2 redesign with isolated markets demonstrates technical competence and the ability to learn from failure. The concept is sound and the execution has improved.
However, the 4.6 score reflects the inescapable reality that an exploit history creates a trust deficit that is extremely difficult to overcome. The V1 exploit was relatively small ($800K), but in DeFi lending — where users entrust their capital — security track record is paramount. Combined with limited adoption and intense competition from established protocols, Sturdy faces a challenging path to relevance. The protocol deserves credit for innovation and recovery, but users should weigh the exploit history in their risk assessment.