LlamaRisk supports onboarding FBTC as collateral on Aave Core Instance. We welcome diversity in wrapped Bitcoin offerings and believe Aave should remain protocol-agnostic, which aligns with recent tBTC and cbBTC integrations. The asset, launched <6 months ago, exists in locked and unlocked variants, with the locked version showing strong growth (6.6K BTC TVL vs ±350 BTC for unlocked). This integration would unlock new utility and growth potential for FBTC0 (non-yield bearing).
Primary risks center on liquidity concentrated in a single Uniswap LP (likely Ignition-affiliated) and restrictions limiting minting, burning, and transfers to “qualified users.” Governance operates through a 5/8 multisig with significant permissions and no timelock, with many signers being known, competent, and value-add ecosystem partners. The asset is entirely governed and custodied by a security council that has yet to be fully created, introducing risks from uncertainty and dependence on current contributors’ continued engagement. Custody risk is also to be considered, given that BTC on Bitcoin is held by a security council consisting of Cobo, Mantle, and Antalpha Prime.
The system architecture is well-designed, with planned improvements, including expanding qualified users to KYC’d CEX users and a liquidity incentives program, which should help with diversification. The multisig is controlled by reputable ecosystem partners, and an ImmuneFi bug bounty ($100K) is expected in mid-December.
Expand to reveal our full Collateral Risk Assessment
Collateral Risk Assessment
1. Asset Fundamental Characteristics
1.1 Asset
FBTC is a bitcoin wrapper developed by Ignition. It initially launched in May of this year on Mantle and Mainnet. It is designed to increase BTC usage within DeFi across various networks. Utilizing different strategies such as lending or liquidity provision, this asset offers additional use cases (yield) to a traditionally underutilized coin (in DeFi).
Source: Ignition Proof of Assets Dashboard, 25 November 2024
The asset complies with the ERC20 standard and has 379 FBTC on mainnet and 292 FBTC on Mantle. There is also 47 FBTC on BNB Chain. It is 1:1 backed by BTC on the Bitcoin chain held in addresses with various security measures, including Threshold Signature Schemes and Multi-Party Computation (MPC) wallets.
The asset is a custodied offchain by a security council (more in Section 4) and can be brought on / off EVM chains through “Qualified Users”, who pass stringent KYB / AML checks. Smart contract permissions enforce this on EVM chains and MPC wallets enforce this on Bitcoin Chain.
The asset has two forms: FBTC0 (liquid) and FBTC1 (locked). This ARFC onboards FBTC0. FBTC1 is the locked, yieldbearing version of FBTC0 with a segregated, programmatic delineation between the two. FBTC1 is used in onchain DeFi strategies, and FBTC0 is held “naked”.
Most FBTC1 is held on Mainnet (see image above).
Source: GoPlus $FBTC Token Security Page, 25 November 2024
This asset is heavily concentrated at this time, with >80% of this asset being held by four addresses.
1.2 Architecture
FBTC operates through two primary components: a Bitcoin Chain deposit address and a mainnet minter, with access restricted to qualified users (entities that meet Ignition’s KYB requirements, including AML analysis, documentation, and industry-standard compliance, as verified by LlamaRisk’s General Counsel under NDA). The system employs three core workflows:
Minting Process:
- Qualified users deposit BTC and initiate a mint request
- Bridge Monitor verifies deposit and forwards to TSS gateway
- Multiple TSS nodes validate requests through risk controls
- FBTC minted upon validation
Burning Process:
- User initiates burn request through Bridge contract
- Bridge Monitor detects burn and sends a withdrawal request
- TSS nodes validate and process BTC withdrawal
- Bridge contract confirms completion
Cross-chain Transfer:
- User initiates bridge contract request
- FBTC burned on the origin chain
- TSS gateway validates and confirms the transfer
- FBTC minted on the destination chain
The system uses Chainlink’s Proof of Reserves to ensure 1:1 BTC backing. While the architecture is conceptually sound and prevents double counting, the qualified user requirement could impact arbitrage efficiency and DEX liquidity.
1.3 Tokenomics
FBTC’s tokenomics are straightforward. The number of FBTC in circulation is directly managed programmatically to ensure that the number of EVM FBTC is always backed 1:1 with BTC Chain BTC. No additional tokenomic considerations are at play with this asset.
2. Market Risk
2.1 Liquidity
Source: CoW Swap, 25 November 2024
Liquidity for this asset is good, with 7% slippage at a 620 FBTC / $55M trade size.
Source: Revert.Finance, 25 November 2024
The Uniswap V3 liquidity provision is staggered, preparing the asset for some potential depeg. All Uniswap liquidity is provided by one address that offers significant FBTC liquidity across many chains. This address was deployed by a Mantle address. Given Mantle addresses sit on the FBTC Security Council; it is unlikely that this liquidity will disappear as it would restrict product growth. Nevertheless, this high LP concentration presents significant risk as it may be immediately withdrawn, leaving liquidators unable to purchase and exchange FBTC collateralized in the protocol profitably.
This makes liquidity risk manageable in the short term but considerable if it does not improve in the future.
2.2 Volatility
Source: FBTC/WBTC via Coingecko Terminal , 25 November 2024
This asset has kept a tight peg on the value of underlying collateral.
2.3 Exchanges
Source: Coingecko FBTC, 25 November 2024
This asset is available on various decentralized exchanges, especially on Mantle. The majority of liquidity on Mainnet is paired to WBTC and held in one pool. This presents some degree of concentration risk in a black swan event. Liquidators may struggle to profitably buy collateral and swap it if the WBTC/FBTC pool goes out of range of the configured LP tick. Notably, no centralized exchanges are trading FBTC.
2.4 Growth
Source: FBTC/WBTC via Coingecko Terminal, 25 November 2024
FBTC has enjoyed limited growth when denominated in BTC prices. 2 BTC have been added to its market cap, an increase of 0.2% in BTC terms. Nevertheless, in USD terms, the asset has grown by ±$23,000,000.
3. Technological Risk
3.1 Smart Contract Risk
This asset has been audited three times. Neither BlockSec, MixBytes, nor Secure3 found any high or critical issues. This indicates a team with robust development practices, reducing smart contract risk.
No bug bounty is currently active. The Ignition team is working to have one running through ImmuneFi by mid-December. It will, on launch, be $100K for critical smart contract findings and Ignition reports. This is likely to increase as FBTC grows in adoption.
3.2 Price Feed Risk
An FBTC/BTC exchange rate Chainlink Feed is available. This robust oracle posts the exchange rate of BTC to FBTC onchain for smart contracts. Given its onchain, verifiable, programmatic data source, it is more robust than any web2-based pricing solution.
Chainlink Proof of Reserves verify that the asset is more than 1:1 backed, but this does little to price the asset in dollar terms. It is not enforced at minting. It functions through Blocksec, an onchain security firm that counts the amount of BTC held in FBTC contracts. This is shared to Chainlink via an API, with 10 nodes then posting this data to an aggregator contract. It introduces a dependency on Blocksec attesting the correct ratio of Bitcoin.
Given that all mainnet liquidity is paired with WBTC in a Uniswap pool, this is not a suitable oracle. An exchange rate oracle may be used in line with other wrapped Bitcoin assets on Aave. This presents some friction for liquidations should “qualified users” not be able to redeem / mint the asset and, therefore, risk.
3.3 Dependency Risk
This system has a variety of dependencies:
- Architectural
Significant technological dependencies exist in this system architecture, including Threshold Signature Schemes, Bridge Monitors, and Bridge Contracts. The system may function in an unintended way if any of them fail.
- Custodian
This Bitcoin is custodied on Bitcoin chain. This introduces custodian risk.
- MPC
EVM chain contracts are managed by Cobo MPC wallet. This introduces a dependency on the continued operation of this wallet. Many assets use this MPC solution.
- PoR
FBTC benefits from the continued operation of the Chainlink PoR. Our eyes believe its continued operation is necessary for this asset’s maintenance.
- Qualified users
“Qualified users” are a significant dependency in this system. Given the difficult nature of becoming one, few will achieve this status. This results in a concentration of those able to mint / burn / transfer the asset, potentially reducing FBTC velocity. The FBTC system is dependent on these qualified users.
While these dependencies present risk, they are not so great that we cannot recommend onboarding the asset.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
This asset has no onchain governance. Ignition has yet to make plans to decentralize asset management. Should these change, Ignition has indicated that they will inform LlamaRisk (who will monitor this matter).
Instead, the asset is entirely managed by Ignition. This team is largely based in Singapore and Hong Kong. Singapore, which is known for being one of the more forward-thinking cryptocurrency regulatory regimes, has no existing DeFi specific laws. Nonetheless, Singapore’s Monetary Authority (MAS) is paying more attention to decentralized finance—uncertainty stemming from limited clarity results in risk.
Hong Kong is likewise similarly unclear on Decentralized Finance legislation. While not the most hostile jurisdiction to cryptocurrency activity, limited clarity on this issue in Hong Kong once more introduces regulatory risk.
A security council consisting of Cobo, Mantle, and Antalpha Prime currently runs TSS nodes and is responsible for Bitcoin custody MPC utilizing contracts. This introduces additional counterparty risk. It is worth mentioning that Cobo and Mantle are established DeFi actors with a long history of good faith contributions. Antalpha Prime appears to be in part owned by BITMAIN and ANTPOOL, both Chinese cryptocurrency mining entities collectively responsible for >25% of Bitcoin’s hash rate. This introduces risk driven by these entities’ obscurity, mitigated by the clear council power limits detailed in protocol documentation. This security council is expected to grow in membership, presenting further uncertainty risk.
4.2 Access Control Risk
The FBTC system employs a 5/8 GnosisSafeProxy ownership model across its core contracts with significant permissions:
FBTC Contract Powers:
- Pause functionality
- Qualified user management
- Ownership transfer
- FBTC rescue capabilities
- Fee structure modifications
- Parameter adjustments
Bridge Contract Powers:
- Qualified user management
- Contract pausing
- Fee parameter control
- Ownership transfer
- Self-upgrade capability
Minter Contract Powers:
- Role management
- Mint request confirmation
- Ownership transfer
- Bridge address modification
- Self-upgrade capability
The Safe signers include several addresses associated with the Mantle deployer and ecosystem partners. While the system clearly documents roles and permissions, it lacks timelocks and concentrates significant control in a single Gnosis Safe.
This introduces centralization risk - a compromise of sufficient signer addresses could affect the entire system. While the 5/8 threshold provides some security, the concentration of critical permissions in one Safe presents notable risks. Therefore, the access control risk is high but actively managed through multi-signature requirements.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
Like tBTC and cbBTC, we propose using the BTC/USD Chainlink feed as a price oracle. This is the most reliable, decentralized solution available, and that will provide accurate pricing in times of stress.
This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.