[ARFC] Add PAXG to Aave v3 Main Instance on Ethereum

[ARFC] Add PAXG to Aave v3 Main Instance on Ethereum

Author: ACI

Date: 2024-11-19


ARFC updated 2024-11-29

Summary

The proposal aims to onboard Paxos PAXG stablecoin, to the Aave v3 protocol Main Instance on Ethereum. $25K in lending incentives will be available over the three months following launch of the initiative, additionally further rewards may be made made available based on performance and/or utilization targets of the pool if for ex. significant TVL milestones are hit.

TEMP CHECK and TEMP CHECK Snapshot have passed.

Motivation

PAXG, a gold backed digital currency offered by Paxos is NYDFS approved and has a multi year track record on chain. With Paxos as a centralised and trusted entity in the cryptocurrency industry, PAXG brings a unique value proposition focused as the premier on chain gold asset

Onboarding Paxos’s PAXG extends Aave Protocol’s already diverse collateral offering to its users. PAXG users on Aave Protocol will be able to utilize the value of their holdings without giving up their exposure to gold. Introducing PAXG is expected to increase liquidity and engagement within the protocol.

Onboarding PAXG aligns with Aave DAO commitment to offering diversification across widely held and in-demand resources. It will enable users to tap into Paxos’s liquidity and reputation while benefiting from Aave’s established lending and borrowing functionalities. PAXG is expected to benefit from a major integration like Aave Protocol and over time is expected to attract more mainstream users to Aave, contributing to the overall growth and adoption of both on-chain gold and the Aave protocol.

Specification

Ticker: PAXG

Contract address: 0x45804880De22913dAFE09f4980848ECE6EcbAf78

Risk Parameters have been provided by Risk Services Providers and ARFC has been updated with that feedback. 2024-11-29

Parameter Value
Network Ethereum
Isolation Mode Yes
Borrowable No
Collateral Enabled Yes
Supply Cap 500
Borrow Cap -
Debt Ceiling $900,000
LTV 70%
LT 75%
Liquidation Bonus 6%
Liquidation Protocol Fee 10%
Variable Base -
Variable Slope1 -
Variable Slope2 -
Uoptimal -
Reserve Factor -
Stable Borrowing Disabled
Flashloanable Yes
Siloed Borrowing No
Borrowable in Isolation No
E-Mode Category N/A

Disclosure

Trident is affiliated with Paxos and may receive compensation for efforts undertaken herein. ACI (Aave Chan Initiative) is not afiliated with Paxos and has not received compensation for escalating this proposal.

Next Steps

  1. Publication of a standard ARFC, collect community & service providers feedback before escalating proposal to ARFC snapshot stage.
  2. If the ARFC snapshot outcome is YAE, publish an AIP vote for final confirmation and enforcement of the proposal.

Copyright

Copyright and related rights waived via CC0.

3 Likes

I was in favor of adding PAXG a long time ago but the timing wasn’t good for different reasons. I do think this has changed now and I am supportive of adding this asset now.

3 Likes

Summary

LlamaRisk supports onboarding PAXG to Aave v3 on Ethereum mainnet. Our recent review of Paxos’ issued PYUSD stablecoin, along with their track record, supports Paxos as a credible issuer. Operating under NYDFS oversight, Paxos Trust Company issues PAXG with physical gold backing in LBMA-accredited vaults, verified through Withum Smith+Brown’s monthly attestations, the last being September 2024. While this regulatory framework provides a foundation for asset segregation and user protection, it still requires trust in Paxos and vault providers as custodians. The vault provider also maintains insurance coverage against the loss of the gold.

The 3/20 multisig configuration for upgradeability control remains a concern, similar to PYUSD, and we are in ongoing discussions with Paxos about this setup as it combines an unusually high signer count with a low threshold. The lack of a bug bounty is also a concern; although PAXG’s contract is simple, we strongly encourage all protocols to implement a bug bounty program.

Market liquidity is primarily concentrated in the Uniswap V2 ETH-PAXG pool ($20M TVL), with additional depth from major CEX integrations via USDT pairs. The settlement follows standard market convention with T+1 for purchases and up to T+2 for sales, aligned with London gold market hours. The tokenization process ties each PAXG token to specific gold bars through a mint-and-redeem model, with real-time pricing from StoneX feeds.

Despite moderate DEX liquidity concentration and relatively flat market performance since early 2022 (declining from peak TVL of $600M to current ~$500M), PAXG can be safely integrated as a collateral asset on Aave. This addition would enhance PAXG’s utility while leveraging Paxos’ proven regulatory compliance and operational history.

Expand to see full Collateral Risk Assessment

Collateral Risk Assessment

1. Asset Fundamental Characteristics

1.1 Asset

Pax Gold (PAXG) is an ERC20 token representing physical gold tokenized on Ethereum. Each PAXG token corresponds to one troy ounce of a 400-ounce London Good Delivery gold bar, securely stored in LBMA-accredited physical vaults.

PAXG enables accessible and fractional ownership, eliminating many traditional barriers to gold investment, like high entry costs, storage complexity, and transportation challenges. Physical gold backing ensures token holders directly claim real gold, allocated to each gold bar’s serial number and other unique specifications.

The asset was launched in September 2019 and issued by Paxos Trust Company, a regulated financial institution under the New York State Department of Financial Services (NYDFS).

1.2 Architecture

Users can mint PAXG using USD or unallocated gold. Paxos acquires London Good Delivery bars through LBMA-accredited clearers, with a minimum purchase of 0.03 PAXG (including 0.02 PAXG conversion fee).

Each PAXG token represents ownership of specifically allocated gold through Paxos’ off-chain registry. Token holders can verify their gold allocation details via Paxos’ lookup tool, which displays serial numbers and specifications of their underlying gold bars.

Redemption through paxos.com can be processed for USD, unallocated gold, or physical gold. Institutional clients can redeem for LBMA Good Delivery bars, while retail clients can access smaller quantities through partner retailers. The physical gold backing PAXG is stored in LBMA-accredited vaults (Brink’s, HSBC, ICBC Standard Bank) under Paxos Trust Company custody, maintaining a bankruptcy-remote structure.

Buy orders typically settle T+1, while sale orders settle T+1 or T+2 based on market conditions. Trading operates Sunday 6 pm ET through Friday 5 pm ET, with a daily closure from 5-6 pm ET. No settlements occur on US/UK holidays or weekends. itBit Exchange orders follow exchange-specific settlement rules.

StoneX direct price feed provides real-time London gold market pricing. While the gold market may be closed, PAXG/USD order book trading remains available. Monthly attestations by Withum Smith+Brown verify the 1:1 backing of PAXG tokens with physical gold, following AICPA standards.


Source: Pax Gold (PAXG) Transparency Reports - Paxos, November 13th, 2024

1.3 Tokenomics

Paxos generates revenue from PAXG through several fee structures:

  • Upon minting/burning PAXG - the fee is tiered based on the transaction amount, ranging from 0.02 PAXG for transactions under 2 PAXG to 0.125% for transactions over 800 PAXG.
  • On-chain transfers of PAXG - a transaction fee of 0.02% of the transferred amount applied before; it is now lifted. Paxos does not cover standard Ethereum network gas fees.
  • Custody fees - Paxos does not charge storage fees for PAXG tokens. However, they reserve the right to introduce storage fees in the future, which would be applied pro-rata to all customers.

2. Market Risk

2.1 Liquidity

Uniswap V2 accounts for most of DEX liquidity, holding 92% of the total on November 18 ($10.34M of $11.20M).


Source: DEX Guru, November 19th, 2024

About $1M PAXG can be swapped to USDC within a 7% slippage impact.


Source: DeFiLlama, November 19th, 2024

2.2 Volatility

PAXG’s price directly reflects the spot price of gold in USD. Several spikes and dips can be observed caused by gold price fluctuations or changes in PAXG/USDC liquidity.


Source: DEX Screener, November 19th, 2024

Over 1 year, PAXG has maintained a near 1:1 peg to XAU (gold spot price), with only two observed outlier deviations. These deviations were not reflected in other venues (e.g., DEXs).


Source: Coinbase, November 20th, 2024

2.3 Exchanges

PAXG is paired with USDT on many leading centralized exchanges.


Source: Coinmarketcap, November 19th, 2024

Uniswap V2 PAXG/ETH pool is currently go-to DEX venue with a TVL of $20M.

Source: Uniswap, November 19th, 2024

Uniswap V3 has not managed to attract significant liquidity:

2.4 Growth

PAXG has seen little fluctuation in its TVL since its initial growth phase from launch, reaching a high of $600M in Q1 2022. The TVL currently stands at approximately $500M, with over 34,000 holders.

Source: DefiLlama, November 19th, 2024

3. Technological Risk

3.1 Smart Contract Risk

In 2018, before its launch, Paxos standard smart contracts underwent comprehensive security audits conducted by Nomic Labs, ChainSecurity, and Trail of Bits. Further scrutiny was applied specifically to PAXG, with ChainSecurity and CertiK conducting detailed examinations in 2019.

The audits found no severe security issues; all identified issues were addressed and resolved by Paxos.

The token contract is upgradable, but implementation hasn’t been changed since the original deployment.


Source: Etherscan, November 19th, 2024

3.2 Bug bounty program

There is no bug bounty program for PAXG contract(s).

3.3 Price Feed Risk

Besides the StoneX feed, several options are available to price PAXG:

3.4 Dependency Risk

PAXG incorporates a proxy-based upgradeable model where the logic resides in this PAXGImplementation contract, while the data storage lives in a separate proxy contract. Users interact with the proxy, which delegates function calls to the implementation contract.

Standards applied:

  • ERC-20, implementing core functions such as totalSupply, balanceOf, transfer, approve, and transferFrom for basic fungibility and compatibility with wallets/protocols;
  • OpenZeppelin’s SafeMath library for arithmetic operations to prevent overflows and underflows;
  • EIP-712 implementation for “beta delegated transfers,” which enables off-chain signature verification for transferring tokens on behalf of another address (e.g., customers’ gas fee coverage by a certain platform/exchange).
  • Ownership model where certain functions are only executable by an owner, supplyController, assetProtectionRole, feeController, and betaDelegateWhitelister.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

NYDFS Paxos’ authorization status ensures a high level of customer protection. Paxos is mandated to segregate customer assets from corporate assets, thus protecting customer funds or holdings even during Paxos’s insolvency. NYDFS requires Paxos to maintain separate accounting for customer assets on-chain and within internal ledger systems. The company must undergo regular audits to verify the alignment of on-chain records with physical and digital asset reserves. Paxos’s operations are also subject to routine NYDFS examinations, compliance monitoring, and policy assessments.


Source: DFS, November 13th, 2024

Paxos employs third-party analytical tools provided by ComplyAdvantage and Chainalysis to safeguard its operations against fraud and money laundering. This includes ongoing platform and on-chain monitoring to identify suspicious activities and take appropriate restrictive measures.

Paxos acquires gold from INTL FCStone, Ltd., a company registered in England and Wales. The gold comprises London Good Delivery bars, which are regulated by the London Bullion Market Association (LBMA), the precious metals bullion trade association.

For a refiner to be accredited on the Good Delivery List, they must meet stringent criteria, including a minimum of five years in operation and at least three years in refining the specific metal for which they seek accreditation. Additionally, they must have an established annual refining production of at least 10 tonnes for gold or 50 tonnes for silver, a tangible net worth of no less than £15 million, and ownership and financial standing that pass the Due Diligence tests of the Loco London Market. Moreover, applicants must implement LBMA’s Responsible Sourcing Programme and undergo an independent audit before submitting their application for Good Delivery Listing.

The London Good Delivery gold bars purchased by Paxos are securely stored with Brink’s Global Services Ltd., Hongkong and Shanghai Banking Corporation (HSBC), and Industrial and Commercial Bank of China Ltd (ICBC) Standard Bank, all of which are LBMA-approved vaults.

The seller, INTL FCStone, Ltd., claims to be a registered broker-dealer under the regulatory oversight of the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), and the Financial Conduct Authority (FCA). Following the name change to StoneX (announced in 2020), we have confirmed the authorization status of the entity.


Source: BrokerCheck FINRA, November 19th, 2024


Source: CFTC, November 19th, 2024


Source: FCA, November 19th, 2024

StoneX ensures that the gold backing, PAXG, is insured against potential loss. The insurance covers the gold while secured in vaults and during transportation. The protection aligns with industry standards for gold vaulting, ensuring that custodians hold an appropriate level of insurance to safeguard the metals they have.

Evidence on the independent auditor’s registration status with the Public Company Accounting Oversight Board:


Source: PCAOB, November 15th, 2024

4.2 Access Control Risk

Roles and Permissions:

  • Owner: Allows an assigned role (setAssetProtectionRole) to freeze/unfreeze accounts or wipe balances of frozen accounts, can pause/unpause contract functions to halt operations during emergencies and transfer ownership (proposeOwner).
  • SupplyController: Mints or burns tokens, adjusting total supply.
  • AssetProtectionRole: Can freeze, unfreeze, or wipe balances of accounts; the role is created for regulatory or law enforcement compliance.
  • FeeController: Manages fee-related settings (setFeeRate), including setting the transfer fee rate and changing the fee recipient.
  • BetaDelegateWhitelister: Manages the whitelist for delegated transfers, authorizing addresses to use betaDelegatedTransfer.

Owner, AssetProtectionRole, and FeeController roles are concentrated within 3/20 multisig. This presents an elevated operational risk, as the attack surface for social engineering and other threats is considerably larger than typical implementations. We recommend Paxos consider segregating day-to-day operational controls from critical actions, such as token contract upgrades, by implementing separate multisig wallets and timelock where applicable.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Aave V3 Specific Parameters

We believe PAXG can be safely integrated as a collateral asset. We will present join parameters with @ChaosLabs shortly.

Price feed

We recommend using Chainlink’s PAXG/USD feed (yet to be deployed), which is based on both CEX and DEX volume, including Binance, Kraken, Bybit and Uniswap V2 and V3.

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Change log

  • 2024-11-21: Change feed recommendation (XAU/USD → PAXG/USD)
2 Likes

Great to see this topic coming back and getting more (positive) attention :+1: totally in favor of this proposal.

Overview

Chaos Labs supports listing PAXG on Aave V3’s Ethereum instance. Below is our analysis and initial risk parameter recommendations.

Technical overview

PAX Gold (PAXG), developed by Paxos Trust Company, represents direct ownership of physical gold. Each PAXG token is backed by one ounce of a London Good Delivery gold bar stored in LBMA-accredited vaults.

Paxos Trust Company holds the physical gold backing in custody and is regulated under the NYDFS. PAXG is “bankruptcy remote” from its parent company, Paxos, ensuring that token holders are not affected by the parent company’s failure. The gold reserves are fully insured against loss or damage, providing additional security.

In terms of regulatory compliance, Paxos adheres to the standards set by the NYDFS. The company implements comprehensive AML and KYC procedures, including identity verification and ongoing transaction monitoring. These measures aim to prevent illicit activities and ensure that PAXG operates within the legal frameworks applicable in various jurisdictions.

ChainSecurity and Certik have audited PAXG’s smart contract, and no major vulnerabilities were detected. The contract is upgradeable, allowing Paxos to implement necessary updates. Although the implementation hasn’t been modified since the initial deployment, the upgrade is protected behind a 3/20 multisig. Compliance mechanisms like transaction freezing are integrated to meet regulatory requirements.

The minting of PAXG can be done through stablecoins, US dollars, or unallocated gold. While the minting through stablecoins and US dollars can be done through the website and takes up to two days, the minting through unallocated gold requires the gold assets to be deposited into a Loco London account and then transferred to Paxos. The minting through USD is done at the current gold market rate.

Redeem options include exchanging a minimum of 430 PAXG for a Loco London physical gold bar or exchanging a minimum of 0.01 PAXG for USD on the website. Redeeming also takes up to two days, and the redeemed PAXG tokens get burned.

Paxos provides monthly attestation reports conducted by independent auditors, such as WithumSmith+Brown, to verify that the total supply of PAXG tokens matches the amount of physical gold held in custody. The reports show that the deviation between the circulating tokens and the backing has been insignificant. Additionally, Paxos publishes detailed information about the gold bars, including serial numbers and custody locations, enabling token holders to verify their specific holdings.

Market Cap

PAXG’s average market cap over the last 180 days was $477.49M, with an average trading volume of $14.4M. The asset is currently live on Ethereum, and its daily transaction count has grown steadily over the last three months. The supply of PAXG has been slowly increasing since April 2024 after dropping significantly since its peak in 2022.

The asset is currently listed on multiple T1 and T2 CEXs, with Coinbase being the most notable missing exchange. This ensures that the DEX liquidity on-chain is supplemented by continuous CEX-DEX arbitrage.

Liquidity

Since 2021, PAXG has maintained strong on-chain DEX liquidity. The liquidity is concentrated entirely on Uniswap and mainly paired against WETH. DEX liquidity currently amounts to $21.9 TVL, of which $10.9M is buy liquidity.

Given the numerous dex listings, a significant amount of off-chain liquidity is present. Including only the major CEX platforms, the off-chain liquidity within a 2% price impact currently amounts to over $1.3M. This represents a significant improvement over the on-chain DEX liquidity within the same range and ensures that the on-chain price can be arbitraged efficiently to minimize price deviations.

PAXG/USDT orderbook depth Binance

Volatility

As PAXG volatility is closely correlated to gold, the asset registered an increase in daily volatility of 24.27% over the last month following the US election results. The daily volatility over the last 180 days has been registered at 15.26%, with the biggest price drop during the period being 3.74%.

As the PAXG token is tradable 24/7, it differs from the trading hours of the underlying gold. This often causes deviations from the gold oracle price, which is not updated during the weekend.
Our analysis has observed the biggest deviation to have occurred between the PAXG and XAU oracle prices to be of 22.2% in April 2024 during the Iran attack on Israel.

The London gold market, affecting PAXG pricing, operates from Sunday at 6 PM EST to Friday at 5 PM EST, closing daily between 5 PM and 6 PM EST. While PAXG can be traded around the clock on exchanges, direct redemptions through Paxos are not processed during weekends—from Friday at 5 PM EST to Sunday at 6 PM EST—and redemption prices are determined at the time of execution during market hours. However, we have identified a negligible change in CEX liquidity during off-market hours.

LTV, Liquidation Threshold, and Liquidation Bonus

Given the volatility registered for the asset and the likelihood of increased volatility during off-market hours, we recommend setting conservative initial parameters. We recommend setting an initial Liquidation Bonus of 6%, an LTV of 75%, and an LT of 70%.

Supply and Borrow Cap

In line with Chaos Labs’ approach to setting initial supply caps, we suggest a Supply Cap of 2x the liquidity available under the Liquidation Penalty’s price impact. Based on the current liquidity on Ethereum, we recommend a supply cap of 500 PAXG. As historically volatile assets’ primary use case is to be used as collateral, and the main borrow demand for PAXG would come from shorting, we do not recommend enabling PAXG as borrowable. Furthermore, enabling the asset to be borrowable poses the protocol to unnecessary risks derived from the setup of the oracle proposed.
While this supply cap is conservative given the liquidity available off-chain, Chaos Labs will monitor the market to propose supply and borrow cap increases if necessary.

Pricing

We recommend utilizing the XAU market price oracle for the PAXG asset. Chainlink already provides one such feed.

While, as we have covered previously, the off-market hours deviation between PAXG and its underlying asset, Gold, is significant, using this oracle setup does not pose significant risks to the protocol for the following reasons:

  • During periods of upside deviation, using the gold price feed instead of the PAXG oracle temporarily limits user borrowing potential until the gold price feed updates at the market open. This effectively acts as a reduced LTV during weekends, mitigating potential risks while only introducing minor constraints to the users.

  • On the downside, a deviation where PAXG trades significantly below the Gold oracle price would require a sustained drop of at least 19% from Friday’s close to Monday’s open to risk the creation of bad debt with the recommended LT—a scenario that is statistically improbable. Gold has not experienced a daily drop exceeding 10% in over 40 years, further emphasizing the low likelihood of such an event. Additionally, this risk is only present if PAXG fails to mean-revert to the XAU price before the market reopens.

    Even in extreme cases where PAXG deviates by over 25% during the weekend, allowing users to borrow more than the PAXG collateral is worth due to the higher Gold oracle price does not pose significant risk. Without oracle updates, these positions remain non-liquidatable as the deviation is in place, and by market open, when PAXG is likely to mean-revert to the Gold price, these positions would return to healthy states, ensuring protocol stability.

Utilizing the XAU price oracle thus provides a more robust and predictable valuation, mitigating unnecessary volatility risks associated with the PAXG-specific oracle.

Isolation Mode and Debt Ceiling

Chaos Labs also recommends including the asset in Isolation mode to avoid using it as collateral to borrow volatile assets. Additional volatility in the borrowed asset’s price significantly increases the risk of bad debt induced by off-market-hours oracle price deviations between PAXG and XAU.

As the risk mitigated by the Isolation mode is only limited to the magnitude of the deviation from the underlying, we determine a Debt Ceiling relative to the maximum amount of assets borrowed with the recommended LTV.

Specification

Following the above analysis, we recommend the following parameter settings:

Parameter Value
Network Ethereum
Isolation Mode Yes
Borrowable No
Collateral Enabled Yes
Supply Cap 500
Borrow Cap -
Debt Ceiling $900,000
LTV 70%
LT 75%
Liquidation Bonus 6%
Liquidation Protocol Fee 10%
Variable Base -
Variable Slope1 -
Variable Slope2 -
Uoptimal -
Reserve Factor -
Stable Borrowing Disabled
Flashloanable Yes
Siloed Borrowing No
Borrowable in Isolation No
E-Mode Category N/A

Disclaimer

Chaos Labs has not been compensated by any third party for publishing this recommendation.

Copyright

Copyright and related rights waived via CC0

2 Likes

This datapoint is very insightful, and we agree with @ChaosLabs’ recommended Oracle (XAU).

2 Likes