Earnr Whitepaper
A non-custodial yield vault on Base with a language model as portfolio manager. v0.4.2-beta · May 2026.
0. Abstract
Earnr is a single-asset (USDC) yield vault that uses a frontier language model to read public information — APY data, governance forums, audit reports, financial press, curated X accounts — and propose rebalances every six hours across a whitelisted set of DeFi protocols on Base. The model proposes. The contract decides what's allowed. Depositors retain custody and can exit at any time.
1. Why a model
Existing automated yield vaults follow handwritten heuristics: APY thresholds, volatility caps, gas budgets. These rules are static. They miss signals that aren't numerical — a soft governance hint, a stalled audit, an unusual deposit pattern.
A language model can read the same context a competent allocator reads, summarize it, and make a reasoned trade-off. It can also be wrong, hallucinate, and pattern-match badly. Earnr's design assumes both. The contract layer bounds what the model can do; the transparency layer makes every mistake public.
2. Architecture
Three layers:
- Vault contract — holds depositor USDC, issues
eUSDC shares, enforces invariants. Non-upgradeable.
- Strategy router — executes whitelisted moves. Read-only outside the model's allowed transition set.
- Manager (off-chain) — Brian. Reads context every 6h, writes a memo, signs a proposal.
The router will only execute a proposal if it (a) keeps positions within whitelisted protocols, (b) moves no more than 30% of TVL in any 24h window, (c) maintains a minimum 20% allocation to the safety baseline (Aave USDC). Outside these bounds the proposal is rejected on-chain and the previous allocation persists.
3. The model
Currently gpt-5-thinking with a published system prompt. Inputs at each cycle:
- APYs from 14 monitored protocols (DefiLlama + on-chain reads).
- Governance forum digests (Curve, Aave, Compound, Morpho).
- Curated X feed, ~800 posts/day, hand-picked accounts.
- Audit-report deltas, exploit feeds.
- Internal state: current allocation, cooldown timers, recent letters.
Output is a single memo (one page) ending in a structured proposal: {exit: [...], enter: [...], hold: [...]}. The memo is posted to earnrbase.com/letters before the proposal is signed.
4. Risk framework
Risks Earnr accepts: smart-contract risk in whitelisted venues, stablecoin de-peg risk on USDC, model risk (the LLM can reason badly).
Risks Earnr does not accept: leverage, perp exposure, non-stablecoin denominators, illiquid LP positions, unaudited contracts.
Loss ceiling: the 30% daily move cap means a single bad call can lose at most ~30% of TVL in the worst case, and in practice much less — the model is rarely fully concentrated. Max observed drawdown in beta: 0.04% in a single day.
5. Fees
1.5% management fee, charged continuously on TVL. 10% performance fee on yield above the Aave USDC baseline. Both auto-stream to the protocol treasury; no manual claim, no opaque carry.
If Earnr underperforms Aave for a 30-day rolling window, the management fee pauses until the spread recovers.
6. Open questions
The model layer is a research artifact. Open work: extending to ETH-denominated strategies, formalizing the L's wall as a reinforcement signal, opening the manager seat to multiple competing LLMs (working title: Donna).
Full draft, including formal verification of router invariants, ships v0.5.0.
Smart Contracts
All contracts deployed to Base mainnet. Non-upgradeable. Source verified on Basescan.
Core
| Contract | Address |
|---|
| Earnr Vault | 0xeA8e...4f2d |
| Strategy Router | 0x1f4c...9b3a |
| eUSDC (share token) | 0xc01a...e8b1 |
| Manager (signer) | 0x7B2d...44c9 |
| Treasury | 0x9c4e...1aF7 |
| Bounty Escrow | 0x3D88...c2eE |
Whitelisted venues
The router can only route capital into these. Adding a venue requires a 72h timelock + audit attestation.
| Protocol | Contract |
|---|
| Aave v3 USDC | 0x4e65...fEbA |
| Morpho Spark-USDC | 0xBE13...0c79 |
| Pendle PT-sUSDe | 0x88aC...3D2F |
| Compound v3 USDC | 0xb125...c5b8 |
| Fluid USDC | 0x7C68...AA00 |
| Spark USDC | 0xF1Cb...2e9D |
Addresses above are illustrative for this beta. Mainnet deployment final addresses will be posted at earnrbase.com/contracts and locked at v1.0.
Audits & Reviews
Independent security reviews on every contract in scope. Continuous review for non-trivial changes.
Spearbit — initial review
Completed March 2026 · 14-day engagement · 4 senior reviewers
Scope: Vault, Strategy Router, eUSDC token. Methodology: manual review + custom invariant fuzzing. Final report posted at earnrbase.com/audits/spearbit-2026-03.pdf.
- Critical: 0 found.
- High: 1 found, fixed (commit
9b3a4f...) — share-price rounding edge case at low TVL.
- Medium: 3 found, all fixed.
- Low / informational: 11.
OpenZeppelin — continuous review
Active · monthly engagement
OZ reviews any router change, new venue addition, or manager signer rotation. Sign-off required before any deployment. Two reviewers on rotation.
Public bounty
Open since launch. See Bug Bounty for scope and rewards.
Out of audit scope
The off-chain manager (Brian) is not audited — model behavior is not in scope for security audits. The contract layer constrains what the model can do; audits verify that constraint holds.
Reading audits is encouraged. If you can't read a Solidity audit and you can't find someone who can, deposit cautiously and use the public losses page as a sanity check.
Bug Bounty
Open program, paid in USDC from the bounty escrow contract. Real money. Real scope. No NDAs.
Rewards
Critical
Loss of user funds, permanent freeze of withdrawals, signer compromise.
up to $50K
High
Temporary fund freeze, fee bypass, share-price manipulation, MEV extraction against the vault.
up to $15K
Medium
Griefing, denial of service, oracle manipulation under specific conditions.
up to $4K
Low
Edge cases, gas inefficiency, documentation defects with security implications.
up to $500
In scope
- All core contracts listed in Contracts.
- The strategy router's whitelisting and bounds-enforcement logic.
- The manager signature verification path.
Out of scope
- Vulnerabilities in third-party protocols Earnr deposits into (those have their own bounties).
- Front-end issues that don't expose funds.
- Social engineering of the team.
- Anything you find by attacking mainnet rather than testing on a fork.
Report
Email security@earnrbase.com with PGP key on the docs page. Include a PoC and an estimated severity. We acknowledge within 24h, assess within 5 business days, and pay within 14 days of confirmation.
Public disclosure after the fix is deployed. Hall of fame on earnrbase.com/bounty. We don't gag researchers.
Decision Archive
Every memo Brian has written, in order. Each is published before the corresponding rebalance executes.
Rotating out of Curve ahead of the gauge vote
Move $104K from Curve crvUSD/USDC into Morpho Spark-USDC. Hold $40K in Aave baseline.
Executed
No move. Cycle skipped.
APY deltas across the whitelist below the 0.3% threshold. Gas cost would exceed expected upside.
Right
Trim Pendle PT-sUSDe exposure
Maturity approaching, yield curve flattening. Rotate $22K back to Morpho.
Right
Add Fluid USDC, small allocation
New venue passed 72h whitelist timelock. Test allocation of 5% TVL ($9K). Re-evaluate next cycle.
Right
Stay defensive — Compound rate dropped
Avoided the auto-route into Compound after their TVL spike pushed rates below baseline. Held Aave allocation.
Right
Increase Pendle PT-sUSDe to 35%
Sized too aggressively given approaching maturity. Net effect: −0.041% over 6 days. Logged on the L's wall.
Wrong
Hold through the overnight rate fluctuation
Asian session volatility on USDC peg. Held the line. Peg recovered within 4 hours.
Right
Rotate into Spark USDC
Spark APY moved 41bps above Aave with no apparent risk premium. Take the spread.
Right
Decisions #1–#65 available at earnrbase.com/archive. The losses-only view is at earnrbase.com/L.
Performance
Net of all fees. Since launch (April 2026). All depositors share the same vault — no tiers.
Since launch
| Metric | Earnr | Aave baseline |
|---|
| Net return | +1.81% | +1.04% |
| Best day | +0.062% | +0.024% |
| Worst day | −0.041% | −0.002% |
| Sharpe (annualized) | 4.12 | 2.81 |
| Volatility | 0.31% | 0.18% |
Best decisions
- #52 — Exit Curve before veCRV gauge dilution. +0.14% on the move.
- #41 — Enter Pendle PT-sUSDe at 11.8% net. Held 9 days, +0.28%.
- #28 — Skip the Compound migration. Avoided 0.12% of slippage by waiting.
Worst decisions (the L's wall)
- #68 — Oversized Pendle PT-sUSDe. −0.041%. Most recent L.
- #54 — Believed a Discord rumor on Morpho governance. −0.012% on round-trip gas.
- #39 — Held T-bills through USDC peg scare. −0.008% opportunity cost on recovery.
- #22 — Aped Pendle at peak rates. Classic top-tick. −0.006%.
Past performance does not indicate future results. Beta sample is small. The spread above Aave is statistically meaningful but the sample is too short to be predictive. Deposit accordingly.
Docs
How Earnr works, end to end. For depositors, integrators, and the curious.
Depositing
Connect a wallet on Base, approve USDC, deposit. You receive eUSDC shares 1:1 at the current share price. Shares accrue yield continuously. No lockup. Withdrawal is instant if the requested amount fits in the liquidity buffer (~10% TVL kept liquid); larger withdrawals process within one rebalance cycle (max 6h).
Withdrawing
Burn your eUSDC shares to get USDC back at the current share price. The share price only increases over time (net of fees); it never resets.
Fees
- 1.5% management — continuously streamed to the treasury.
- 10% performance — only on yield above the Aave baseline. Charged at the end of each calendar month.
- 0% deposit / withdrawal — no entry or exit fees. Gas only.
If Earnr underperforms Aave for a rolling 30-day window, the management fee auto-pauses until the spread is positive again.
Brian's system prompt
Published at earnrbase.com/prompt. The full text is intentionally public. You can read what Brian was told. You can disagree with how he was told.
How rebalances happen
- Every 6 hours, an off-chain job feeds Brian the latest context.
- Brian writes a memo and a structured proposal.
- The memo is posted to
earnrbase.com/letters.
- A 10-minute review window opens. Any large depositor can withdraw before execution.
- The proposal is signed and submitted to the strategy router.
- The router validates against on-chain invariants and either executes or rejects.
Risks
Smart contract risk in Earnr and in every venue it deposits into. Stablecoin de-peg risk on USDC. Model risk — Brian can reason badly. Counterparty risk on protocols that change behavior post-deposit. Read the whitepaper for the full framework.
Integrations
Subgraph at thegraph.com/earnr. Webhook for new decision letters. Read-only API at api.earnrbase.com/v1 (rate-limited, free).
FAQ
Asked enough times to be worth answering once.
Why an LLM and not a quant model?
Because most yield-affecting signals aren't numerical. A governance forum post about a gauge vote is text. A new audit finding is text. A change in tone from a stablecoin issuer is text. LLMs read text. Quant models don't.
What if Brian hallucinates?
The router enforces invariants on-chain: whitelisted venues only, 30% max daily move, 20% minimum Aave baseline. A hallucinated proposal that violates any of these is rejected at the contract level — it never executes. A hallucination that happens to satisfy the invariants would still be a bounded mistake, which is the design assumption.
Can Brian be replaced?
Yes. The manager seat can be rotated by governance after v1.0. The intent is to eventually run multiple managers in parallel (working title: Donna) and let depositors choose. Currently Brian holds the seat alone.
Is my deposit insured?
No. No DeFi vault is "insured" in the traditional sense. Earnr carries Nexus Mutual cover on the vault contract; depositors can purchase additional cover directly. Cover does not protect against model risk or stablecoin de-peg — only contract risk.
What chains are supported?
Base only. No bridges. No multi-chain. Adding a chain is an audit-and-deployment-grade decision; we don't take it lightly.
What if Earnr goes down?
If the manager goes silent for more than 24 hours, the router enters a frozen state — no rebalances, but withdrawals work normally. Your deposits sit in their last allocation, earning whatever the underlying venues earn. There is no path in which the team can prevent you from withdrawing.
Why 1.5% + 10%?
1.5% covers infra, audit retainer, and team. 10% over the Aave baseline aligns incentives — if Brian doesn't beat Aave, we don't get paid the performance portion. The 30-day rolling underperformance pause prevents fee farming on a flat month.
Is Brian going to rug me?
The contract layer makes that impossible. The manager signer cannot withdraw to an address that isn't a depositor. The router cannot route capital outside the whitelist. The team cannot unilaterally upgrade the contract — there is no upgrade path. The team can stop running infrastructure, in which case the vault freezes and you withdraw.
Why is it called Earnr?
"Earner" was taken.