How Does Lagoon Work?
Lagoon is a vault infrastructure protocol using the ERC-7540 standard, allowing curators to deploy flexible on-chain yield strategies. With $113M TVL, its B- grade reflects a functional vault model with reasonable infrastructure, moderated by the trust required in individual curators who have broad discretionary authority over depositor funds.
TVL
$143M
Sector
Yield
Risk Grade
B-
Value Grade
D
Core Mechanisms
2.3.3
NovelERC-7540 asynchronous vault with curator-managed strategies — curators have maximum flexibility to execute any DeFi strategy
ERC-7540 standard is relatively new. Curator model with unconstrained strategy execution is a novel trust model.
2.2.1
Management and performance fees charged by curators on vault deposits
Standard fund management fee structure.
6.4.3
Valuation Oracle role that determines vault share pricing for deposits/withdrawals
Custom oracle role for vault NAV pricing.
5.4.1
Four-role vault model: Administrator, Curator, Valuation Oracle, Whitelist Manager
Role-based access control for vault management.
Fee Structures > Performance Fee
Lagoon charges a 10% platform fee on curator-collected performance/management fees, activated after reaching $300M TVL
Fee switch was turned on in late 2025 once sufficient adoption was reached
How the Pieces Interact
Curators process withdrawals asynchronously and could delay or front-run withdrawals by adjusting strategy positions before processing. No real-time redemption guarantee.
If Valuation Oracle and Curator collude, they can manipulate vault share pricing to extract value from depositors — overvalue before curator sells, undervalue before new deposits.
Curators compete on fees but have no standardized risk framework. Fee pressure may incentivize riskier strategies to generate higher returns.
Fee activation may reduce curator profitability, leading curators to take on riskier strategies to maintain yield, increasing vault risk
What Could Go Wrong
- Curators have broad discretionary authority over vault strategies with maximal flexibility — a malicious or incompetent curator could deploy depositor funds into high-risk strategies or drain vaults.
- Asynchronous vault model (ERC-7540) means deposits and withdrawals are processed asynchronously by curators, introducing delay and trust assumptions around timely settlement.
- The Valuation Oracle role determines vault share pricing — an incorrect or manipulated valuation could allow attackers to enter or exit at favorable prices at other depositors' expense.
- Multiple independent curators deploy strategies autonomously, creating fragmented risk profiles that depositors may not fully understand when entering a vault.
Malicious Curator Strategy Drain
ModerateTrigger: A curator with >$10M in vault deposits deploys funds into a compromised or self-controlled DeFi protocol.
- 1.Curator deploys vault funds into a malicious smart contract — Depositor funds are drained to attacker-controlled address
- 2.Asynchronous withdrawal requests pile up as vault NAV drops to zero — ERC-7540 withdrawal processing halts as there are no assets to return
- 3.Other Lagoon vault depositors panic — Cross-vault contagion as trust in the Lagoon platform is shaken
- 4.Administrator attempts to freeze the compromised vault — Admin action comes too late; funds already exfiltrated from vault
Risk Profile at a Glance
Overall: B- (33/100)
Lower score = safer