[Asset Technical Assessment] AUSD on Aave V3 Monad
Author: Aave Labs
Date: 2026-06-30
Summary
Technical assessment of AUSD (Agora USD) for onboarding to Aave V3 Monad, following the Technical Asset Listing Framework.
Overall result:
MEDIUM 
AUSD is a centrally issued, fiat-backed dollar stablecoin priced on Aave V3 Monad at launch at a fixed value consistent with its 1:1 dollar peg, with a clean single deployment and an Omnichain Fungible Token (OFT) bridge whose verification layer is strong (five independent verifiers and 15 confirmations). The deployed implementation matches a recent, audited version reviewed by several reputable firms with no Critical, High, or Medium findings.
Listing Recommendation
From a technical standpoint, AUSD on Aave V3 Monad is eligible for listing. As a centrally issued, permissioned fiat stablecoin, the issuer retains the authority to mint, burn, freeze, pause, and upgrade the token, managed through the issuer’s own key-management security; this control profile is standard for the asset class. The principal non-blocking recommendation is to migrate the upgrade, role-management, mint, burn, freeze, and bridge authorities behind an on-chain timelock, and ideally a multisig governance, so that privileged actions are observable and delayed. This is a hardening to revisit as exposure to the asset grows, not a blocker for an initial listing as borrowable asset.
Asset under review
| Field |
Value |
| Asset |
Agora USD (AUSD) |
| Target chain |
Monad (chain ID 143) |
| Target market |
Aave V3 Monad |
| Token contract |
0x00000000eFE302BEAA2b3e6e1b18d08D69a9012a |
| Native to target chain? |
No. AUSD is a bridged omnichain token; the Monad representation is minted and burned by a LayerZero V2 OFT adapter (0x9CaB7Ede13dc56652E44D2404E969C212f22689b). |
| AAcA classification |
Stablecoin (fiat-collateralised, issuer-controlled, permissioned) |
AUSD is a centrally issued dollar stablecoin designed to hold a 1:1 peg to USD, backed by off-chain reserves held by the issuer’s custodians. The same token contract is deployed at the same address on Ethereum, Monad, and other chains, and a single shared supply is moved between chains by a burn-and-mint omnichain bridge with no on-chain escrow.
0. Pre-screening
AUSD is deployed and verified on Monad at 0x00000000eFE302BEAA2b3e6e1b18d08D69a9012a, the same address it uses on Ethereum, with 6 decimals and a general stablecoin classification that is not in any non-approved category. There is a single canonical deployment on Monad: the testnet vanity address holds no code on mainnet, so there is no competing or legacy contract sharing the supply. The deployed implementation is the latest audited logic, and the on-chain upgrade history confirms no later implementation rotation.
Rating:
GOOD 
1. ERC20 Compliance
AUSD is a standard ERC-20 token with 6 decimals (within the Aave-supported set): transfer() and transferFrom() return bool, with no fee on transfer, no rebasing, and no ERC777 or ERC1363 transfer hooks. It implements signature-based approvals and transfers (EIP-2612 and EIP-3009), which are not reentrancy hooks, and has no flash mint. Transfers revert only when either party is frozen or a global pause is active; otherwise smart contracts can hold and transfer AUSD without restriction.
Rating:
GOOD 
2. Oracle
A dedicated Chainlink AUSD/USD feed exists on Monad. Given that the feed carries medium risk given thin launch liquidity, and since AUSD is intended to be listed as a borrowable asset only, a fixed price set to the peg remains a viable and conservative option. The pricing approach can be selected at listing.
Rating:
MEDIUM
→ the Chainlink AUSD/USD feed carries medium risk given thin launch liquidity.
3. Access Control
The token’s operational authorities (mint, burn, pause, freeze, the rate-limit manager, the root role-manager, and the contract upgrade admin) are held by issuer-controlled accounts. There is some concentration at the root, since the same key owns the role-manager and the upgrade proxy and can reassign the other roles. The rest of permissions distributed across individual keys, so concentration of privileges is limited. The proxy is a standard transparent (EIP-1967) proxy and the access-control logic is audited (see Section 7). The residual gap is the absence of an on-chain timelock, so privileged actions execute immediately. The implementation also exposes a role-gated flag that can redirect the transfer entrypoints in place, an additional logic-change surface under the same control.
Rating:
MEDIUM
→ key-concentration risk is limited, since permissions are distributed across individual keys that sit under MPC-based issuer key management; the residual concern is the absence of an on-chain timelock.
4. Exchange Rate and Yield
Not applicable. AUSD is a fiat-pegged stablecoin and is not yield-bearing: it does not expose an exchange rate, does not rebase, and has no redemption path of that kind. Yield is delivered through a separate token, which is not the listing candidate and is out of scope.
Rating:
N/A 
5. Token Architecture
AUSD is a clean single deployment on Monad with no migration or duplicate entry point to the same supply, and it does not use tx.origin for authorization. Mint, burn, and freeze actions emit events, so supply and account-state changes are observable on-chain, and delegatecall appears only in the expected proxy paths. The one architectural caveat is the role-gated ability to swap the transfer logic in place, an additional logic-change surface beyond the standard proxy upgrade.
Rating:
MEDIUM
→ beyond the standard proxy upgrade, a single key can also swap the transfer logic in place, an extra avenue for changing how the contract behaves.
6. Bridge and Cross-Chain Risk
The Monad supply of AUSD is created and destroyed by a LayerZero V2 OFT adapter (0x9CaB7Ede13dc56652E44D2404E969C212f22689b) operating a pure burn-and-mint model: the token is burned on a source chain and minted on Monad, with no on-chain escrow on any chain, so backing rests on the issuer’s off-chain reserves. The verification layer is strong: the route uses five independent Decentralized Verifier Networks (DVNs) with a full quorum, 15 block confirmations to guard against chain reorganisations, and explicitly pinned (not default) message libraries. The bridge owner, the LayerZero configuration delegate, and the OFT upgrade authority are each single-key accounts with no on-chain timelock, and the token-layer cap on bridge minting is raisable by the same control set. This control posture mirrors the issuer authorities described in Section 3 and is standard for a permissioned stablecoin of this class.
Rating:
MEDIUM
→ the strong verifier configuration sits behind a bridge owner, configuration delegate, and upgrade authority that are single-key accounts with no on-chain timelock.
7. Audit and Security History
The EVM contract has repeated, recent coverage from reputable firms, including Cantina/Spearbit, Certora, Zellic (twice), and Halborn, spanning the token core, the access-control layer, the OFT bridge adapter, and the mint rate-limit feature. Across these reviews there are no Critical, High, or Medium findings, with the worst-severity items rated Low and each resolved or acknowledged. The deployed implementation is confirmed on-chain to be the audited v2.1.0 version, with no post-audit implementation rotation, so there is no coverage gap from a later code change.
Rating:
GOOD 
8. Dependencies
The main dependency is LayerZero V2, the messaging and bridge stack on which the Monad supply depends, whose configuration and upgrade authorities are controlled by the asset issuer and so carry the same permission concerns described in Sections 3 and 6. Beyond that, the asset depends on the issuer’s off-chain reserves backing the peg. That backing risk and redemption mechanisms falls outside the contract layer and must be addressed through risk parameters.
Rating:
MEDIUM
→ the binding on-chain dependency is LayerZero V2, controlled by the issuer with the same permission concerns as Sections 3 and 6; off-chain reserve backing and redemption mechanisms is the remaining dependency, to be handled through risk parameters.
9. Summary
Findings table
Ratings in this table are plain text (Good / Medium / Critical / N/A), no icons.
| Area |
Key finding |
Rating |
| 0. Pre-screening |
Single canonical deployment at 0x00000000…9012a, 6 decimals, general stablecoin class; deployed implementation is the audited v2.1.0 with no later rotation. |
Good |
| 1. ERC20 |
Standard ERC-20 with 6 decimals; returns bool, no fee on transfer, no rebase, no ERC777/ERC1363 hooks, no flash mint; transfers gated only by freeze and global pause. |
Good |
| 2. Oracle |
A Chainlink AUSD/USD feed exists but carries medium risk given thin launch liquidity; since AUSD is borrowable-only, a fixed price set to the peg is a viable conservative option. |
Medium |
| 3. Access control |
Authorities issuer-controlled, with some concentration at the root (same key owns role-manager and upgrade proxy) but the rest distributed across individual keys. Residual gap is the absence of an on-chain timelock. |
Medium |
| 4. Exchange rate / yield |
Not yield-bearing; no exchange rate, no rebase; yield accrues in a separate token, out of scope. |
N/A |
| 5. Token architecture |
Clean single deployment, mint/burn/freeze events emitted, no tx.origin authorization; role-gated in-place transfer-logic swap is an extra logic-change surface. |
Medium |
| 6. Bridge and cross-chain |
LayerZero V2 OFT, pinned libraries, five independent DVNs, 15 confirmations (strong verification); pure burn-and-mint with no escrow, and bridge owner, delegate, and upgrade authority are single keys with no timelock. |
Medium |
| 7. Audit and security |
Multiple recent reputable audits (Cantina/Spearbit, Certora, Zellic Ă—2, Halborn) with no Critical, High, or Medium findings; deployed implementation confirmed as audited v2.1.0 with no post-audit rotation. |
Good |
| 8. Dependencies |
Main dependency is LayerZero V2, issuer-controlled with the same permission concerns as Sections 3 and 6; the remaining dependency is off-chain reserve backing, to be handled through risk parameters and redemption mechanisms. |
Medium |
Disclaimer
Aave Labs has no formal or informal affiliation with Agora or the AUSD issuer beyond this technical assessment. Aave Labs has not been compensated by Agora or any related party in connection with this work.
Copyright
Copyright and related rights waived via CC0.