[ARFC] Add MetaMask USD (mUSD) to Aave v3 Core Instance on Ethereum and Linea

1. Asset Fundamental Characteristics

1.1 Asset

MetaMask USD (mUSD) is a fiat-pegged, reserve-backed stablecoin. Each mUSD is backed 1:1 by $M tokens, which themselves are collateralized by U.S. Treasury Bills. Licensing and reserve management are handled by Bridge, a Stripe subsidiary, while the M0 Protocol provides the smart contract infrastructure for deployment on Ethereum and Linea.

mUSD was deployed at the address 0xacA92E438df0B2401fF60dA7E4337B687a2435DA to both Ethereum and Linea on August 12, 2025.

1.2 Architecture

mUSD is a custom stablecoin issued via Bridge, a Stripe company that provides a platform for compliant stablecoin orchestration. Underlying mUSD’s issuance is the M0 protocol, which has also been used by other stablecoin projects such as USDai, Usual, Noble Dollar, and USDhl, collectively powering $475M in market capitalization.

M0 Protocol

The M0 platform enables developers to design and issue customized digital dollars. At its core, M0 is a decentralized and immutable protocol that manages the supply of the rebasing $M token, which can then be converted into non-rebasing variants.

mUSD was built using M0 Extensions, wrapping their foundational $M tokens, inheriting its security and yield properties given to Earners. The wrapping and unwrapping between mUSD and $M token is facilitated by SwapFacility, which enables 1:1 atomic conversion by creating implicit liquidity between mUSD and $M without needing separate trading pairs. The M_SWAPPER_ROLE within SwapFacility is assigned to the HubPortal contract on Ethereum, which also facilitates the transfer of $M tokens between the Hub (Ethereum) and Spoke (Linea) chains. Since yield distribution is involved, mUSD leverages the MYieldToOne extension, which routes all yield to a MetaMask-controlled treasury address while providing users with a non-rebasing stablecoin pegged to the dollar.

image1072×322 18.2 KB

Source: M^0 Protocol Key Actors, Dune, September 16, 2025

The key actors in the M0 ecosystem are:

• Minters - Permissioned institutions authorized to mint new $M tokens or redeem them for the underlying collateral, playing a central role in managing $M’s supply and serving as the primary on/off-ramps between $M and fiat. Currently, three minter addresses were added to the MINTERS_LIST by M0, with only two being activated: Minter One Generator SPV (addr1 (active), addr2) (mxon.co) and Bridge (active) (bridge.xyz), both operating via EOAs (MPC usage unverified), though approval requires compliance with M0’s general adopted Guidance for off-chain systems.

• Validators - Independent, trusted entities responsible for verifying Minters’ collateral on a regular basis, ensuring that $M remains fully backed. Their attestations are critical to protocol security. M0 has approved two validators to date, which are: Validator One GmbH (validator-one.com) and Chronicle Labs (chroniclelabs.org), both of which operate via EOAs (MPC usage unverified). A single validator signature is required to update collateral, and Chronicle does that for mUSD.

• Earners - Addresses approved by M0 governance or the delegated admin of the M0 Extension (mUSD in this case) who are eligible to earn yield in $M tokens. There are currently 61 active Earners approved by M0, including the mUSD extension, which received approval on May 27, 2025, several months prior to its launch. For mUSD, the relevant address is the yield recipient approved by MetaMask, which can accrue its rewards.

Reserves

image932×564 96.8 KB

Currently, mUSD is 100% backed by United States Treasury Bills (USTB), with reserves held by Bridge, the licensed issuer, via a layered structure in which mUSD is backed by $M, which in turn is backed by USTB. These reserves are independently verified at least every 30 hours by an M0 Protocol validator (Chronicle), which signs collateral attestations on-chain after conducting its own verification. Bridge updates its collateral proof on-chain via the updateCollateral function, and each update is validated and signed to ensure compliance with M0’s eligibility parameters. Chronicle also provides a public dashboard for easier monitoring, though these attestations can be independently observed directly on-chain. M0 Protocol has also set a collateral eligibility criterion, which includes:

1. USTB with remaining time to maturity of 180 days or less

2. USTB wrappers in tokenized form, Superstate Short Duration US Government Securities Fund ($USTB) is the only one currently approved

3. In-transit cash and securities, defined as unsettled buy/sell orders for eligible assets not yet recorded in the SPV’s custody or deposit

The valuation of USTBs would be recognized by their daily market value published on treasurydirect.gov, and for approved wrappers, it is the most recent NAV calculated by a third-party agent and published by the fund administrator. As of now, only one SPV operator has been approved, namely CrossLend GmbH (crosslend.com), and they’re expected to enter a Minter-SPV Operator Agreement with every Minter they provide service to.

$M Collateral

image1189×505 33.7 KB

Source: M0, September 16, 2025

Since mUSD relies on a layered collateral structure, with its backing ultimately derived from the $M token (current supply ~475M), which also underpins other M0 Extensions, it is important to evaluate potential contagion risks. Each extension is economically fungible through the SwapFacility, which unwraps extension tokens into $M and rewraps them into other approved extensions. While this design preserves 1:1 backing at all times, it also means all extensions draw from the same $M collateral pool.

From a technical perspective, the failure of one extension does not directly compromise the peg of others, as the SwapFacility enforces permissioned access on extension-to-$M swaps via the swapOutM function, restricted by the M_SWAPPER_ROLE. In the case of mUSD, this risk is further mitigated because it is a permissioned extension: only Bridge’s authorized address can perform swapInM into mUSD, eliminating the possibility of systemic contagion between extensions. At the bridging (Portal) level, mUSD can also only be bridged into itself, unlike other extensions that may bridge across one another, further containing any potential contamination.

Regarding dependency risk, while $M reserves include Superstate’s USTB (~20% of the collateral), it is important to note that USTB tokens are simply on-chain representations of a Reg D fund, strictly operated under a whitelist model. This significantly reduces risks from wallet compromises, and in the event of a blockchain-level failure, Superstate can reinstate investor portfolios based on off-chain fund records. Additionally, through mUSD, Aave Core and Linea would have indirect exposure to Superstate’s USTB RWA.

Cross-chain Bridging

The underlying $M tokens held by mUSD are made available cross-chain by M0 using a Hub and Spoke model. Ethereum is the Hub where native $M tokens are minted and they’re made available to spokes (like Linea) from the Hub using a lock-and-release mechanism.

M Portals are the set of smart contracts (HubPortal on Ethereum and SpokePortal on Linea) that facilitate the cross-chain functionality and propagate essential system information like the yield index and governance parameters between Ethereum and connected Spoke chains like Linea. At its core, M Portal is supported by Wormhole for its Standard version and Hyperlane for its Lite version, which is an EVM-only version and is more gas efficient.

Yield Accrual

image1074×595 37.8 KB

Source: M0 Docs

Minters pay interest on their minted $M to the M0 protocol, reflecting the risk-free rate generated by the underlying U.S. Treasury Bills. This interest accrues to the M0 protocol and can be distributed to approved Earners, and the mUSD ERC20 contract is one of them. mUSD uses the MYieldToOne extension, under which all $M token yield is further directed to a single, configurable yield recipient, in this case, a MetaMask-controlled 3/5 Safe multisig, meaning all revenue accrued by the supply of mUSD is distributed to Consensys. The yield rate is dynamic and determined by the following rate models:

• MinterRateModel: Defines the interest rate paid by Minters on borrowed $M. It is a simple model that sources rates directly from the TTG Registrar, capped at 400% APR for system safety, and controlled by governance. The current annualized minter rate is 4.08%.

• EarnerRateModel: Determines the interest rate distributed to $M holders who opt in to earning. The current annualized rate is 4.08%, directed to the designated yield recipient, with a cap of 4.08% APR to ensure that earner yield never exceeds minter obligations.

Any residual yield (zero currently) not distributed to Earners accrues to M0’s DistributionVault, which has accumulated 639K $M tokens in rewards to date across all stablecoins utilizing the M0 infrastructure.

1.3 Tokenomics

As of September 16, 2025, mUSD has a total on-chain supply of $26.32M, distributed between Ethereum ($4.96M) and Linea ($21.36M).

1.3.1 Token Holder Concentration

The top holders of mUSD on Linea are:

• Etherex mUSD/USDC Pool: 43% of the total supply.

• Etherex mUSD/WETH Pool: 20.3% of the total supply.

• EOA 1: 17.9% of the total supply.

• Etherex mUSD/USDT Pool: 9.63% of the total supply.

• Multisig 1: 5.4% of the total supply.

The top holders of mUSD on Ethereum are:

• Uniswap mUSD/USDC Pool: 70.4% of the total supply.

• Multisig 1: 14.6% of the total supply.

• EOA 2: 13.1% of the total supply.

mUSD supply on Ethereum and Linea is highly concentrated among just a few entities, who collectively hold the majority of the token supply. While a significant share has been deposited into DEXs, this extreme concentration indicates that retail participation has yet to meaningfully begin.

2. Market Risk

2.1 Liquidity

image2327×900 154 KB

Source: mUSD/USDC Swap Liquidity, Odos, September 16, 2025

On Ethereum, users can only swap $185K mUSD for USDC within a price impact of 7.5%, which is low compared with the asset’s supply on Ethereum. On Linea, a swap of $29.2M mUSD for USDC can be made within a price impact of 7.5%.

2.1.1 Liquidity Venue Concentration

image1920×922 164 KB

Source: mUSD Liquidity Pools, GeckoTerminal, September 16, 2025

On Ethereum, the biggest mUSD liquidity pool is Uniswap V4 mUSD/USDC, which holds $5M in TVL. However, the available mUSD sell-side liquidity is just $170K.

On Linea, the DEX liquidity is much higher with the major pools being Etherex mUSD/USDC ($18.89M), Etherex mUSD/USDT ($14.42M TVL), Etherex mUSD/WETH ($10.33M), and Etherex mUSD/LINEA pool ($1.23M). Across all pools, combined mUSD sell-side liquidity on Linea is $23.53M.

2.1.2 DEX LP Concentration

On Ethereum DEXs, mUSD liquidity is highly concentrated with a single entity, whereas on Linea it is more evenly distributed, reducing the immediate risk of a liquidity crunch. However, most of this liquidity has only been bootstrapped in the past few weeks, raising concerns about its long-term stickiness. Below is the breakdown (as of September 16, 2025):

• Ethereum:

  • Uniswap V4 mUSD/USDC: 99.9% of the pool’s liquidity was added just two week ago on September 3, 2025 by an EOA 1, likely linked to M0.

• Linea:

  • Etherex mUSD/USDC: Nearly 30% of liquidity is supplied by Multisig 1, followed by the same EOA 1 active on Ethereum at 10.2%.

  • Etherex mUSD/USDT: The top liquidity provider is another EOA 3 at 28% share.

  • Etherex mUSD/WETH: The top liquidity provider is EOA 3 again at 11% share.

2.2 Volatility

image1686×826 64.3 KB

Source: mUSD Secondary Market Rate, GeckoTerminal, September 16, 2025

Since launch, mUSD pools on Ethereum and Linea have consistently traded within a 1% premium. The largest deviation recorded was only 0.24 bps in the Etherex (Linea) pool. However, both pools have been live for less than a month, so the available data is limited and does not yet allow for high-confidence conclusions.

2.3 Exchanges

mUSD is exclusively traded on DEXs and is not currently listed on any centralized exchange.

2.4 Growth

image795×384 14.3 KB

Source: mUSD Total Supply, Dune, September 16, 2025

mUSD has been launched in partnership with Bridge and M0, with planned integration into the MetaMask Card to enable global Mastercard payment access, positioning it for rapid growth. The current total supply stands at 26.32M, split between Linea (21.36M) and Ethereum (4.96M). Notably, nearly the entire supply has been minted this month.

3. Technological Risk

3.1 Smart Contract Risk

The M0 Protocol smart contracts used by mUSD underwent the following audits:

• M0 mUSD

  • ChainSecurity (August 26, 2025): 2 informational

  • Consensys (August 15, 2025): 3 low and 5 informational

  • Guardian (August 15, 2025): 1 informational

• M0 Protocol and TTG

  • Quantstamp (January 29, 2024): 1 medium, 9 low, and 11 informational

  • Three Sigma (February 2, 2024): 2 high, 2 medium, 11 low, and 17 informational

  • OpenZeppelin (February 15, 2024): 1 high, 6 medium, 7 low, and 8 informational

  • Prototech Labs (March 8, 2024): 3 critical, 4 high, 5 medium, 9 low, and 11 informational

  • Kirill Fedoseev (March 8, 2024): 1 high, 2 medium, 4 low, and 10 informational

  • Sherlock (March 27, 2024): 3 medium

  • Certora (April 2024): 2 critical, 1 high, 2 low, and 8 informational

  • ChainSecurity (April 24, 2024): 6 medium and 22 low

• EVM M0 Extensions

  • Certora (July 2025): 2 high, 2 medium, 5 low, and 5 informational

  • ChainSecurity (July 21, 2025): 1 high, 4 medium, and 5 low

  • Guardian (August 5, 2025): 1 high, 4 medium, and 33 low

• M Portal Lite

  • Three Sigma (May 5, 2025): 1 critical and 2 low

  • ChainLight (May 25, 2025): 1 critical, 1 low, and 1 informational

All of these issues were either acknowledged or resolved.

3.2 Bug Bounty Program

Following our discussions, the team has confirmed that mUSD will be listed on MetaMask’s $50K HackerOne bug bounty program imminently. While the M0 Protocol does not yet have its own separate live bug bounty, the team reports that MetaMask and M0 are jointly developing a long-term security strategy. In the event of an emergency, the mUSD contract can still be swiftly paused by both MetaMask and M0.

3.3 Price Feed Risk

Although mUSD is designed to maintain a 1:1 peg with the U.S. dollar, its backing structure is layered and introduces complexity. Each mUSD is backed by the $M token, which in turn is collateralized by U.S. Treasury Bills (USTB). While the M0 protocol supports distributing the risk-free rate to users, mUSD diverts yield to a MetaMask-controlled treasury through the non-rebasing MYieldToOne extension, so end-users do not directly accrue yield.

From a pricing perspective, this structure introduces uncertainty. At present, Chronicle, operating as a validator for M0 Protocol, provides a proof-of-reserves dashboard for the $M token. In principle, a similar PoR-based price feed could be constructed by tracking updateCollateral function calls executed by Bridge via the MinterGateway. Since the SwapFacility guarantees atomic 1:1 permissioned swaps between $M and its extensions, Chainlink’s mUSD/USD feed (Ethereum, Linea) can be used to price mUSD without depending on $M/USD as a proxy. An additional 1.04 upside cap can be applied to prevent oracle deviations or anomalous price spikes.

3.4 Dependency Risk

Bridge

MetaMask USD (mUSD) is fundamentally dependent on Bridge, a Stripe-owned stablecoin issuance platform, for its compliant licensing, reserve management, and orchestration. Bridge ensures that mUSD remains fully backed 1:1 by U.S. Treasury Bills and adheres to strict regulatory and operational standards. It also handles real-time monitoring and transparency of reserves by periodically getting its reserves attested by M0 Validators. While the M0 Protocol powers the smart contract infrastructure on Ethereum and Linea, it is Bridge that enables mUSD’s secure issuance and regulatory compliance, making it a critical backbone of the stablecoin’s architecture and trust model.

M0 Protocol

MetaMask USD (mUSD) is inherently reliant on the M0 Protocol for its issuance and operational framework, introducing several critical dependency risks. Built on top of M0 Extensions, mUSD inherits both the regulatory posture and technical architecture of the protocol. Consequently, any changes to M0 governance, particularly those affecting the $M token, which underpins mUSD’s base liquidity and collateral structure, can directly impact mUSD’s stability and functionality. M0-approved Minters (Bridge) and Validators (Chronicle) are trusted to operate cohesively, minting $M only with approved collateral, which directly affects mUSD’s backing.

Additionally, mUSD can only be deployed on chains supported by M0, limiting its cross-chain scalability. Proper functioning of mUSD depends on careful management of the broader M0 ecosystem. For example, the SwapFacility contract must maintain appropriate lags and approved swappers, while M0 Extension tokens like mUSD interact with the underlying $M token, which generates the yield.

Superstate’s USTB

image1195×581 51.9 KB

Source: M0, September 17, 2025

A key dependency risk arises from Superstate’s USTB, which currently comprises around 20% of the $M reserves, with its share having grown over time to become one of the largest single collateral exposures. This concentration means the health of $M, and by extension mUSD and other M0 Extensions, relies heavily on the operational and regulatory soundness of Superstate’s product. While the permissioned structure of USTB (restricted to whitelisted investors) and Superstate’s ability to reinstate portfolios from off-chain fund records mitigate risks of wallet compromise or on-chain technical failures, reliance on USTB still introduces correlated dependency. In the event of broader issues such as regulatory actions or severe liquidity constraints, these would flow through $M’s collateral base and indirectly affect mUSD via the layered architecture.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

The governance of the M0 protocol, which underpins the mUSD architecture, is managed through the Two Token Governance (TTG) system. TTG is a multi-layered framework inspired by constitutional checks and balances, separating operational control from meta-governance authority. Governance responsibilities are divided between two tokens:

• Power token (POWER): Used for operational governance proposals and emergency actions via the StandardGovernor and EmergencyGovernor.

• Zero token (ZERO): The meta-governance token controlling the governance framework through the ZeroGovernor and enabling holders to claim a share of protocol revenue via the DistributionVault.

Legal Commentary

mUSD is presented under the MetaMask brand; however, the legal and operational substance—issuance, redemption, reserve management, and related program controls—resides with Bridge (a Stripe company), leveraging the M^0 infrastructure. In practice, mUSD slots into Bridge’s “Bridge Stablecoins” framework, so any rights and obligations attaching to holders flow primarily from Bridge’s Stablecoin Terms read together with the Bridge Terms. The analysis below proceeds on that basis, treating MetaMask as the distribution interface and Bridge as the contractual counterparty for mint and redeem.

mUSD is issued by Bridge Building Inc. (“BBI”), a U.S.-registered Money Services Business (FinCEN MSB No. 2450917). The token is dollar-denominated and designed for payments and value preservation, targeting a 1:1 relationship to the U.S. dollar through reserves held in highly liquid, low-risk instruments such as U.S. Treasury bills, government money market funds, and bank deposits. Bridge holds legal title to the reserve assets, which are maintained in accounts titled ‘for the benefit of’ mUSD tokenholders. These reserves are segregated on Bridge’s balance sheet from operating funds. The instrument is expressly not legal tender, is not a bank deposit or brokerage product, and is not covered by FDIC or SIPC insurance. As offered, mUSD is treated as “stored value” under applicable payments law rather than as a security or investment product; it is neither intended nor structured to appreciate or generate income for holders.

Based on the mUSD issuance agreement between Bridge and Consensys that we reviewed under NDA (with confidential specifics omitted), Bridge undertakes to issue, sell, repurchase, and redeem its proprietary stablecoins and to use commercially reasonable efforts to enter into arrangements with market makers to support sales, repurchases, and redemptions of the custom instrument. Under that agreement, mUSD constitutes a ‘Custom Stablecoin’—a U.S. dollar–backed token branded and structured by mutual agreement of the parties. Rather, following minting, Bridge or its applicable affiliates effect sales and repurchases of mUSD, with Consensys permitted to facilitate pre-minting on terms agreed by the parties. Bridge manages the reserves in accordance with prudent industry practice and applicable law, including periodic monitoring of mUSD reserves and outstanding supply. For holders, these inter-party commitments clarify the operational allocation of duties without altering the consumer-facing claim profile, which remains governed by the public Stablecoin Terms and applicable User Terms.

Acquisition occurs by submitting properly funded orders via authorized partners and platforms integrated with Bridge’s services. Self-custodial wallets are supported, but onboarding and transaction monitoring can trigger enhanced review, creating a higher likelihood of additional screening or processing delays. Orders and settlements remain subject to Bridge’s acceptance, program limits, and compliance checks at the time of each transaction.

Each mUSD is redeemable, subject to KYC/AML and programmatic constraints, with BBI or its affiliates for U.S. dollars at par value, net of any applicable fees. Once a redemption request is deemed compliant, processing is ordinarily completed within two business days, although suspension rights remain available under the terms. On-chain, mUSD is transferable across supported networks; however, BBI may restrict transfers (including freezing or blacklisting specific addresses) to satisfy legal obligations or internal compliance policies. The redemption entitlement “runs with” the token, but it is exercisable only by a holder who becomes, and remains, an eligible “User” under Bridge’s User Terms, including completion of identity verification and satisfaction of sanctions and jurisdictional requirements. As a consequence, secondary purchasers can realize par value directly only after successful onboarding.

Holders have no direct or indirect property interest in the reserve assets. No trust, security interest, or other proprietary claim in favor of tokenholders is created by holding mUSD. In an issuer default or insolvency scenario, holder recourse is contractual: a general unsecured claim for redemption at par, subject to insolvency priorities and applicable law, rather than any segregated claim to specific reserve instruments or proceeds.

Price stability is not guaranteed on secondary markets. The 1:1 outcome is ensured only through compliant redemption with the issuer or its affiliates. Trading on centralized or decentralized venues may clear above or below par, and program terms disclaim responsibility for secondary-market pricing or liquidity conditions beyond the redemption mechanism.

Program control rights are extensive and should be treated as integral to holder risk. Bridge’s Stablecoin Terms authorize freezing, blacklisting, burning, and—where appropriate—burn-and-remint to a different address, including in response to legal process or internal compliance determinations. The terms emphasize that blacklisting can result in the permanent loss of access to tokens and reiterate that neither tokens nor reserves benefit from deposit insurance. Chain-level events such as forks, as well as third-party wrappers or copies, are borne at the holder’s risk; Bridge may decline to recognize or support non-canonical versions and can require migration if support for a given chain ceases.

For distribution outside the United States, Bridge publishes separate terms. In the EEA, the relevant entity is Bridge Building sp. z o.o. (registered in Poland in the Register of Virtual Currency Activities under RDWW-794), And for the Rest of the World, Bridge Building Limited is referenced.

image1594×742 82.9 KB

Source: Register of Virtual Currency Activities, September 17, 2025

For EEA distribution, MetaMask has indicated that mUSD is initially routed to resident market makers through the Polish VASP, i.e., Bridge Building sp. z o.o., with onward distribution to proceed via a licensed crypto-asset service provider once authorization is granted and operations commence, currently targeted for Q1 2026.

A further transparency gap is present at the product site level: the mUSD documentation hub presently indicates placeholders for “Legal docs,” “Attestations,” and a “Reserve dashboard.” Pending publication of mUSD-specific legal terms, independent reserve attestations, and live reserve transparency, the working assumption is that the generic Bridge Stablecoin Terms govern.

4.2 Access Control Risk

4.2.1 Contract Modification Options

The mUSD access control setup is identical on Ethereum and Linea. Here are the controlling wallets:

• Multisig A - 3/5 threshold Safe, admin of mUSD contract.

• Multisig B - 3/5 threshold Safe with identical owner setup as Multisig A, handles mUSD pauser role.

• Multisig C - 3/7 threshold Safe, handles mUSD yield receipt manager role.

• Multisig D - 2/3 threshold Safe, admin of SwapFacility and owner of HubPortal contract.

• EOA A - Assigned mUSD forced transfer and freeze manager roles.

• M^0 Deployer - An EOA, handles the mUSD pauser role.

The following contracts power the mUSD architecture on Ethereum:

• mUSD: ERC20 contract for the mUSD token. Deployed behind an ERC1967 Proxy controlled by the Multisig A.

• MinterGateway: Oversees all minter-related activities like activation and eligibility of deposited collateral, relying on verification from Validators, and is controlled by Two-Token Governance (TTG).

• SwapFacility: Exclusive router for all wrapping and swapping operations involving $M and mUSD, and is controlled by Multisig D.

• TTGRegistrar: Holds approved addresses for roles and key protocol parameters used for minter and earner rate, and is managed by TTG.

• HubPortal: Responsible for swapping M/mUSD and propagating $M token between hub and spoke chain, and is owned by Multisig D.

The following contracts power mUSD architecture on Linea:

• mUSD: ERC20 contract for the mUSD token. Deployed behind an ERC1967 Proxy controlled by the Multisig A.

• SwapFacility: Exclusive router for all wrapping and swapping operations involving $M and mUSD, and is controlled by Multisig D.

• TTG Registrar: Holds approved addresses for roles and key protocol parameters used for minter and earner rate, and is managed by TTG.

• SpokePortal: Hosts representation of $M token on spoke chain (Linea) and is controlled by Multisig D.

mUSD employs OpenZeppelin’s role-based access control framework to manage sensitive functions, with the Ethereum setup mirrored identically on Linea:

image746×313 34.8 KB

Since launch, 146 addresses have been frozen across Ethereum and Linea. Bridge maintains the frozen wallets list, using OpenSanctions as the vendor to source OFAC designations, and will also freeze addresses in response to direct requests from law enforcement.

4.2.2 Timelock Duration and Function

No timelock is deployed on mUSD Ethereum and Linea contract upgrades. The team noted that while timelocks are not deployed, they are evaluating this as part of their joint security strategy, weighing trade-offs such as slower upgrades, and assured that any future upgrades will be publicly communicated and thoroughly audited in advance.

4.2.3 Multisig Threshold / Signer Identity

Multisigs A and B, which share an identical signer set, are controlled by MetaMask. The signers are:

• 0x1e50BefBdb9480fBaB01d8c3D74b990B070ED002

• 0xA75739D08DaE3c5ce18951776aC3642035bBE0A3

• 0xCAd56Fae244546D0A53E8aFe285ACD37a49e2760

• 0x912167042A81806BB037EF12B07acadFa5aFa50F

• 0xE221e9444B08D9b31b12E323dE5486B850B53F9E

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.