Summary
LlamaRisk supports the onboarding of EURC to the Aave V3 Sonic instance. This onboarding is conditional to the deployment of an EURC-denominated Chainlink price feed on the network. EURC on Sonic is a bridged version of the token, not natively issued by Circle but created by Sonic Labs. While the contract uses Circle’s bridged contract standard, its non-natively issued nature makes it incompatible with Circle’s CCTP and Circle Mint services. The EURC supply on Sonic peaked at 1.16M but has since dropped nearly 80%.
EURC’s minting on Sonic is backed 1:1 by EURC deposits in the TokenDeposit contract on Ethereum. This introduces critical dependency on the Sonic Gateway contract which also has the minting authority via the CircleTokenAdapter contract. A 3/4 Safe multisig, likely controlled by Sonic Labs, governs the core token roles, concentrating the control in a single entity.
Collateral Risk Assessment
1. Asset Fundamental Characteristics
1.1 Asset
EURC on Sonic is a non-native asset bridged from Ethereum via Sonic Gateway and is deployed at the address 0xe715cbA7B5cCb33790ceBFF1436809d36cb17E57. The EURC on Ethereum is a MiCA-compliant ERC-20 stablecoin, fully backed by euros and redeemable 1:1 via Circle Mint, an institutional-grade on/off-ramp provided by Circle. The euro reserves backing EURC are held at regulated financial institutions within the European Economic Area (EEA) in accordance with MiCA requirements. Monthly attestation reports are prepared following AICPA standards, with Deloitte & Touche LLP serving as Circle’s independent auditor since fiscal year 2022.
As of April 21, 2025, EURC has a circulating supply of 182.6K on Sonic, representing a market capitalization of $210K. The token was deployed on December 17, 2024, and does not offer any yield.
1.2 Architecture
EURC on Sonic is backed by the EURC tokens on Ethereum, which are held in the TokenDeposit contract that escrows the bridged tokens. Sonic Gateway, Sonic’s native bridge, facilitates token transfers between Ethereum and Sonic. Importantly, EURC on Sonic is not a native token issued by Circle. Instead, it is a bridged version created by Sonic Labs. However, it follows the same contract standard as that of EURC/USDC, reducing liquidity fragmentation likelihood. Despite this, as a bridged version, EURC on Sonic is incompatible with CCTP (Cross-Chain Transfer Protocol), a feature yet to be supported for EURC on any chain where Circle issues it natively.
As adoption of bridged EURC grows on Sonic, there is a provision for Circle and Sonic Labs to jointly transfer the ownership of the bridged EURC token contract to Circle. Once this ownership transfer is completed, Circle could upgrade the bridged EURC to the native EURC standard. This transition would allow the retention of the existing supply, holders, and app integrations while ensuring a secure burn of the native USDC locked in the bridge smart contract on Ethereum.
It is worth noting that USDC on Sonic, which is also bridged from Ethereum, currently has a circulating supply of approximately 476M. However, it has not yet been upgraded to a native version. Given the complexities involved, this process may also take considerable time for EURC.
Source: Sonic Gateway Architecture, Pavel Paramonov/Sonic
The bridging process on the Sonic Gateway involves several key steps:
- Deposit: It takes 15 minutes on Ethereum to achieve finalization and 1 second on Sonic.
- Heartbeat: After the deposit is confirmed, the assets are bridged to Sonic during the next heartbeat. This heartbeat occurs roughly every 10 minutes from Ethereum to Sonic and once every hour in the reverse direction for gas efficiency. However, users can pay a"Fast Lan" fee to trigger an immediate heartbeat for quicker bridging.
- Claim: Once the assets are bridged, users can claim their bridged assets on Sonic. For EURC specifically, the Sonic Gateway bridge contract invokes the
mintmethod on the CircleTokenAdapter contract. This action mints the EURC and sends it directly to the user who initiated the claim.
The Gateway includes a built-in fail-safe mechanism that enables users to recover their bridged assets on Ethereum if the system experiences a prolonged outage, specifically if either the Gateway or the Sonic chain remains down for 14 consecutive days. This two-week timeout is hardcoded and immutable, meaning it cannot be changed by Sonic Labs or any other party after deployment.
1.3 Tokenomics
EURC is minted on Sonic through the Sonic Gateway contract, which is triggered once a user deposits into the TokenDeposit escrow contract on Ethereum and Sonic is finalized. The amount of EURC that can be minted on Sonic is capped by its supply on Ethereum, which currently stands at 120.8M EURC.
1.3.1 Token Holder Concentration
Source: EURC Top 100 Holders on Sonic, SonicScan, April 21, 2025
The top 5 holders of EURC are:
- DeFive wS/EURC.e Pool: 18.47% of the total supply.
- DeFive USDC.e/EURC.e Pool: 17.24% of the total supply.
- EOA A: 14% of the total supply.
- Metropolis EURC.e-USDC.e Pool: 10.13% of the total supply.
- EOA B: 6.97% of the total supply.
The majority of existing EURC on Sonic is supplied to various DEXs, which is a good thing. The top 10 holders collectively own 92.2%, a high concentration among a few addresses.
2. Market Risk
2.1 Liquidity
Source: EURC/USDC Swap Liquidity, DeFiLlama, April 21, 2025
Users can swap EURC worth up to $100K (87K EURC) for USDC within a slippage of 5%.
2.1.1 Liquidity Venue Concentration
Source: EURC Liquidity Pools on Sonic, GeckoTerminal, April 21, 2025
Most EURC liquidity on Sonic is held within the DeFive wS/EURC.e ($98.8K TVL), DeFive USDC.e/EURC.e ($91.8K TVL), Shadow Exchange USDC.e/EURC.e ($88K TVL), and Metropolis EURC.e-USDC.e ($26.1K TVL) pools.
2.1.2 DEX LP Concentration
The liquidity of EURC on Sonic DEXs is evenly distributed with no significant concentration among a few users. Below is the breakdown (as of April 19, 2025):
- DeFive wS/EURC e: 36.83% of the pool’s liquidity is suplied by an EOA..
- DeFive USDC.e/EURC e: 20.79% of the pool’s liquidity is supplied by another EOA..
- Shadow Exchange USDC.e/EURC.e: The top liquidity provider is an EOA at 21.38% share.
- Metropolis EURC.e-USDC.e: The top liquidity provider is an EOA at 47.23%.
2.2 Volatility
Source: EURC Secondary Market Rate, TradingView, April 21, 2025
EURC is currently trading at a 1% premium in secondary markets (Shadow Exchange) on Sonic. On multiple occasions, the EURC/EUR ratio has deviated by over 1%, highlighting volatility driven primarily by low liquidity on Sonic DEXs.
2.3 Exchanges
EURC is traded across several CEXs, though its trading activity and liquidity are predominantly concentrated on Coinbase, which accounts for over 95% of the trading volume.
2.4 Growth
Source: EURC Sonic Supply, Etherscan, April 22, 2025
The total amount of EURC locked in SonicGateway’s escrow contract peaked at an all-time high of 1.16M on March 25, 2025. Since then, the locked amount has steadily declined and is now down by nearly 80%, at approximately 237K EURC.
3. Technological Risk
3.1 Smart Contract Risk
Sonic Labs has deployed the EURC ERC-20 contract following Circle’ss bridged contract standard](Bridged USDC Standard | Circle). FiatTokenV2_2 implements the core logic for FiatToken functionality. The v2.2 upgrade introduced by Circle underwent an independent audit by Halborn, a third-party blockchain security firm.
Sonic Gateway handles the bridging of EURC from its native chain, i.e., Ethereum. Three different third-party firms have audited the Sonic Gateway contract, and the findings were as follows:
- OpenZeppelin (October 21, 2024): 1 high, 2 medium, 8 low, and 13 informational
- Certora (October 14, 2024): 5 medium, 4 low, and 4 informational
- Quantstamp (October 1, 2024): 1 high, 3 medium, 3 low, and 2 informational
All these high-severity issues were fixed, and other findings were either fixed or acknowledged.
3.2 Bug Bounty Program
Sonic earlier announced a $2M bug bounty in collaboration with Immunefi, but currently, no active bug bounty program exists, which is a high risk to the bridge smart contract security.
Circle has a $10,000 bug bounty program live on HackerOne since May 2024, which is relatively low considering the TVL of USDC and EURC. The contracts in the scope can be found here. Since Sonic deployed EURC using the same contract standard, it is also indirectly covered under this program.
3.3 Price Feed Risk
Chainlink price oracles are available on Sonic. However, a dedicated EURC/USD or EUR/USD feed is currently missing. This feed is essential for supporting EURC within Aave’s infrastructure.
3.4 Dependency Risk
The core dependency risks discussed here with EURC remain unchanged for its bridged version on Sonic. However, bridging via Sonic Gateway introduces an additional layer of risk. The TokenDeposit contract on Ethereum escrows the assets intended for bridging, while the Sonic Gateway validates the deposit and enables users to claim the bridged tokens on Sonic. The Sonic Gateway bridge is the sole contract with the authority to call the mint method on the CircleTokenAdapter contract, which, if compromised, could theoretically mint unlimited EURC on Sonic, making this a critical security consideration. Also, there is no delay in code upgrades.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
The regulatory risk has been previously discussed in detail as part of the EURC Base onboarding review. As there have been no material changes, that assessment remains applicable here.
4.2 Access Control Risk
4.2.1 Contract Modification Options
Sonic Labs has deployed the EURC token using the token standard specified by Circle, which uses a role-based access control mechanism. The controlling wallets are as follows:
| Controlling Wallet | Role | Functionality |
|---|---|---|
| Multisig A → 3/4 threshold Safe | owner |
Re-assign any role except for admin. |
| Multisig A | admin |
Manage proxy-level functionalities. |
| Multisig A | pauser |
Pause the contracts, preventing all transfers, minting, and burning. |
| Multisig A | blacklister |
Prevent transfers to/from an address and prevent it from minting/burning. |
| Multisig A, owner of the masterMinter contract. | masterMinter |
Add/remove minters and increase their minting allowance. |
| CircleTokenAdapter | minters |
Create/destroy tokens. |
| Burn Address | rescuer |
Transfer any ERC-20 token locked in the contract. |
The EURC architecture includes two primary contracts:
- ERC-20 Token: FiatTokenProxy contract serves as a proxy to route function calls to the implementation contract.
- Implementation: FiatTokenV2_2 contract which implements the core logic for FiatToken functionality.
Here is a list of sensitive functions exposed by these contracts:
- mint/burn: Authorized entities, referred to as
minters, are permitted to mint and burn tokens. These entities are usually affiliated with Circle and undergo a thorough vetting process before being granted the ability to mint new tokens, but since Sonic Labs deployed the EURC contract, they control themasterMintercontract, which adds new minters via theconfigureMintermethod, each with a specifiedminterAllowance. Currently only CircleTokenAdapter contract is authorized to mint new EURC tokens and themintmethod can only be called by the Sonic Gateway contract. Its minter allowance is set to2^256-1, meaning it has an infinite minting allowance. - pause: The ability to pause or unpause the contract is restricted to the
pauserrole, which Sonic Labs controls. When the contract is paused, all transfers, minting, burning, and adding new minters are disabled. However, operations such as modifying the blacklist, removing minters, changing roles, and performing contract upgrades remain functional. - blacklist: Sonic Labs can blacklist an address through the
blacklisterrole, and such an address cannot transfer assets in any way.
4.2.2 Timelock Duration and Function
There is no timelock configured on the EURC ERC-20 contract.
4.2.3 Multisig Threshold / Signer identity
The EURC contract on Sonic is governed by a 3/4 Safe multisig (Multisig A), which holds control over all critical roles. This multisig is likely operated by Sonic Labs, the same entity that deployed the token contract - which Sonicscan reports as Sonic Labs Deployer 2.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
Aave V3 Specific Parameters
Presented jointly with @ChaosLabs.
Price feed Recommendation
We recommend using a Chainlink EURC/USD feed once deployed.
Disclaimer
This review was independently prepared by LlamaRisk, a community-led decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.