[ARFC] Add XAUt to Aave v3 Core Instance

1. Asset Fundamental Characteristics

1.1 Asset

XAU₮, branded as “Tether Gold,” is an ERC-20 tokenized representation of investment-grade physical gold. Each on-chain unit is linked to one troy fine ounce of London Good-Delivery bars stored in high-security vaults in Switzerland while the token circulates on the Ethereum mainnet. Although functionally a “stablecoin,” XAUt behaves more like a fully asset-collateralized commodity receipt: price tracks spot gold, supply expands only when new bars are deposited, and holders may redeem whole bars (≈430 oz) for delivery inside Switzerland. Bars are individually allocated; a public lookup tool shows the bar serial number, purity, and weight against each address, satisfying London Good-Delivery traceability standards.

image572×528 38.5 KB

1.2 Architecture

Tether Gold is issued by TG Commodities, S.A. de C.V., a Salvadoran corporation - an authorized Stable-Asset Issuer and an authorized Digital-Asset Service Provider under the supervision of the Comisión Nacional de Activos Digitales (CNAD), holding Registration Number PSAD-0032.

XAU₮ is natively deployed on Ethereum; supply on other networks is accessed through wrapped representations (for example, XAUt0 on TON). Each wrapper introduces additional bridge contract and custody risk on top of the issuer’s operational and regulatory exposures.

image2437×818 214 KB

Off-chain infrastructure is concentrated in Switzerland, where London Good-Delivery bars are held in high-security vaults. The issuer affirms that the bullion is fully insured but does not disclose policy limits or underwriting counterparts. Control of the smart-contract mint and burn functions rests with a TG Commodities multisig wallet; no external escrow agent or notary participates in key management.

Whoever controls the private keys of an Ethereum address can move the token, and that act of on-chain transfer is the only formality required to convey the beneficial interest in the ounce of gold that backs each unit. However, the legal title to the underlying bullion does not jump from vault to vault with every token movement. It sits with a professional custodian mandated by TG Commodities and remains there until a KYC-verified holder redeems at least one whole London Good-Delivery bar; only at that moment is the title re-assigned (or the bar liquidated for cash).

The token life cycle, as set out in the Relevant Information Document (RID) published by TG Commodities, proceeds through several discrete stages:
(1) AGCL, a Tether affiliate, acquires LBMA-standard bars on the Swiss spot market;
(2) title to those bars transfers to TG Commodities once the metal is lodged in the vault;
(3) TG Commodities mints exactly one XAU₮ for every fine troy ounce received and credits the tokens to AGCL;
(4) KYC-verified customers remit U.S. dollars to Tether Gold at Swiss spot price plus a 25 bp creation fee;
(5) TG Commodities moves the required tokens from AGCL’s inventory to the purchaser’s blockchain address;
(6) secondary holders may freely transfer, trade, or pledge XAU₮ without further intervention by the issuer;
(7) any holder with at least 430 XAU₮, approximately one standard London bar, may redeem for physical delivery in Switzerland or instruct liquidation for fiat, whereupon the redeemed tokens are permanently burned.

On-chain Issuance/Redemptions

image1660×557 68 KB

The XAUt ERC-20 contract retains minting authority, though it has not been used in over three years. Instead, issuance and redemptions are handled off-chain by the Tether Treasury, which TG Commodities operate. This separation allows Tether to avoid minting new XAUt on demand and maintain a pre-minted, fully backed inventory for faster fulfillment. Currently, the treasury holds 59,645 XAUt out of the 246,524 tokens ever minted on Ethereum, a decline from its peak of 108,203 in March 2022, yet still representing a substantial 24.2% of the total supply. Notably, the treasury address is an externally owned account (EOA), not a smart contract, which means the entire accounting and issuance process occurs off-chain and remains unverifiable on-chain.

1.3 Tokenomics

Circulating supply mirrors the gold on deposit: every XAU₮ is minted only after an ounce of London Good-Delivery bullion is lodged in the Swiss vault and is burned on redemption. BDO Italia’s end-Q1 2025 attestation recorded 246,523.33 XAU₮ outstanding against the same number of fine ounces, about 7.7 tonnes of metal. The token has no hard cap; supply expands solely when TG Commodities acquires additional bars, so growth is driven by market demand rather than by any algorithmic mechanism.

Contractual convertibility into a specific ounce keeps secondary-market pricing tightly anchored to spot gold. Creation and redemption fees accrue entirely to TG Commodities, and storage and insurance costs are embedded in that spread. Because the token pays no yield, holders bear the opportunity cost of idle gold.

1.3.1 Token Holder Concentration

image1088×926 91.9 KB

The 10 largest Ethereum addresses jointly hold about 222,663 XAU₮ ≈ 90.3% of the supply. A single wallet alone (0x785…f7f6) controls more than 38 % of supply. Retail cohorts – addresses holding < 1 % of supply each – collectively own roughly 4 %.

The top 3 holders are:

• 0x785…f7f6 - tagged by Arkham as an address operated by RhinoFi (formerly DeversiFi);
• Tether Treasury - inventory under TG Commodities’ direct control, used for primary issuance and redemptions. Visible on-chain and referenced in Tether’s attestation.
• 0xf9b3…8057 - un-labeled on Etherscan but moves in lock-step with Treasury; pattern suggests an internal omnibus or OTC settlement account.

Several next-largest wallets belong to centralized exchanges such as Bitfinex, Bybit, and Bitget or custodians such as Cobo Custody, indicating that a material portion of the float may sit in omnibus accounts.

2. Market Risk

2.1 Liquidity

image1220×383 28.5 KB

Users can swap XAUt worth up to $9.44M (2800 XAUt) for USDC within a price impact of 6%.

2.1.1 Liquidity Venue Concentration

image964×588 98 KB

The total XAUt liquidity across DEXs on Ethereum is approximately $16.5M. The primarly liquidity hubs are the Uniswap V3 XAUt/WBTC ($17.9M TVL), Uniswap V3 XAUt/USDT ($2.35M TVL), Uniswap V3 PAXG/XAUt ($1.83M TVL), Curve XAUt/PAXG ($1.1M TVL), Uniswap V4 PAXG/XAUt ($313.7K TVL), and Uniswap V4 XAUt/USDT ($284.2K TVL).

2.1.2 DEX LP Concentration

Though XAUt liquidity is evenly distributed among DEXs on Ethereum, there is significant LP concentration, with a few entities providing the majority of liquidity in some pools. Below is the breakdown (as of June 20, 2025):

• Uniswap V3 XAUt/WBTC: 99.26% of the pool’s liquidity is supplied by a single EOA. This address is identified as belonging to Abraxas Capital Management on Arkham, with the deposit made recently on June 12, 2025, indicating a very recent addition of capital to the liquidity pool.
• Uniswap V3 XAUt/USDT: 42.62% of the pool’s liquidity is supplied by an EOA.
• Uniswap V3 PAXG/XAUt: The top liquidity provider is another EOA, holding 24% of the pool’s liquidity.
• Curve XAUt/PAXG: The top two LPs, Convex Finance and an EOA, hold 40.5% and 37.1% of the pool’s liquidity, respectively.

2.2 Volatility

image1484×706 122 KB

From the chart, it is evident that the secondary market price of XAUt on Ethereum has deviated from the gold spot price (XAU/USD) by more than ±1% on numerous occasions, often for prolonged periods throughout the year, including twice in the past month. However, as on-chain liquidity improves, the secondary market price on Ethereum is converging more closely with the true price of gold.

2.3 Exchanges

image1332×623 90.7 KB

Tether Gold (XAUt) is actively traded across multiple centralized exchanges (CEXs), providing additional secondary market liquidity. This has enhanced the efficiency of DEX/CEX arbitrage. Approximately $2M worth of XAUt can be sold on CEXs with no more than 2% slippage.

2.4 Growth

image1248×607 55.2 KB

Since March 2023, the on-chain supply of XAUt on Ethereum has remained constant at 246,524 tokens. However, the share held by externally owned accounts (EOAs) has been steadily increasing, while the share held by centralized exchanges (CEXs) continues to decline. This shift in ownership suggests that more XAUt is now in the hands of users likely to deploy it into DeFi protocols, signaling growing readiness for on-chain utility.

3. Technological Risk

3.1 Smart Contract Risk

According to Tether, smart contract reviews are conducted at two levels. The first level ensures that operating procedures are consistent and accurate and that all issues are identified and resolved. The second involves testing in a live environment to ensure that only the admin can access privileged functions such as minting, freezing, and unfreezing. However, Tether has not publicly available any of these audits or reviews. BlockSec published a blog highlighting a public transfer vulnerability in the Tether Gold smart contract. This issue was patched following an upgrade to the proxy implementation of XAUt on May 25, 2023, making it plausible that BlockSec was involved in the fix.

3.2 Bug Bounty Program

XAUt’s smart contracts are not included in Tether’s existing $10,000 bug bounty program, which only covers the Tether.to and app.tether.to domains. While the contracts have been battle-tested over the years, the absence of a dedicated bug bounty program leaves risk mitigation incomplete.

3.3 Price Feed Risk

Pricing XAUt accurately presents certain challenges, as the London Bullion Market, which primarily influences its value, remains closed on weekends, and gold price fixing occurs only twice on weekdays at 10:30 and 15:00 UTC. Chainlink’s XAU/USD price feed, which reflects the institutional gold spot price, offers a viable solution for pricing XAUt on Ethereum. It helps mitigate unnecessary volatility risks over the weekend that would be introduced by a direct 24/7 XAUt/USD feed (currently unavailable). The feed is categorized as low market risk, with a deviation threshold of 0.3% and a heartbeat of 24 hours. Price stagnation over weekends does not pose a significant risk, as liquidations cannot be triggered while the oracle remains static, and the likelihood of bad debt is minimal due to gold’s inherently low volatility.

3.4 Dependency Risk

Off-chain Operational Infrastructure
The functionality of XAUt depends entirely on the centralized infrastructure operated by TG Commodities Limited, its issuer. The on-chain issuance of XAUt tokens is done via the Tether Treasury EOA, which is not a transparent smart contract. The entire XAUt system hinges on accurate reconciliation between off-chain gold reserves and on-chain token supply. This bridge connecting physical audits, vault balances, treasury inventories, and token distribution is not automated or verifiable via smart contract logic. Any failure, delay, or misreporting in this reconciliation process could lead to mismatches between circulating supply and actual reserves, eroding trust in the system.

London Bullion Market
XAUt does not aim to maintain a static peg; rather, it seeks to track the dynamic price of physical gold. This creates a direct dependency on the health, liquidity, and accessibility of the global gold markets, primarily the London Bullion Market Association (LBMA), which serves as the global standard for wholesale gold price discovery. The price at which the issuer processes redemptions and the price reported by oracles for use in DeFi protocols are derived from this market. The stable functioning of the market is also essential.

Custodial & Physical Asset Risks
XAUt’s value critically depends on its physical backing, introducing risk from the third-party custodian who vaults the gold. This includes potential theft, fraud, or damage to the reserves. The system’s integrity also relies on infrequent or potentially inaccurate third-party audits, insurance policies that may not cover all loss scenarios, and a secure supply chain to guarantee the gold’s quality and legitimate origin. A failure in any part of this physical chain undermines the token’s value.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

The regulatory risk was discussed in detail during the TEMP CHECK stage. As there have been no material changes, that assessment remains applicable here.

4.2 Access Control Risk

4.2.1 Contract Modification Options

Here are the controlling wallets:

• Tether Multisig: A 3/6 threshold multisig deployed using a custom MultiSigWallet contract.

The following contracts power the XAUt architecture:

• XAUt: ERC-20 contract for the XAUt token. It is deployed behind an ERC1967Proxy that is controlled by the Tether Multisig.

No role-based access control mechanism is used for XAUt contracts, and the ERC-20 contract controlled by Tether Multisig is solely responsible for handling sensitive functions like mint, redeem, blacklist (addToBlockedList, destroyBlockedFunds, removeFromBlockedList), transfer, change allowance (permit, increaseAllowance, decreaseAllowance), and transfer ownership.

4.2.2 Timelock Duration and Function

Tether has not configured any timelock on XAUt contract upgrades. A timelock functionality for critical contract upgrades should be preferred to adhere to the standard risk practices.

4.2.3 Multisig Threshold / Signer identity

The 3/6 threshold multisig that controls XAUt is managed by Tether and also serves as the owner of the USDT contract on Ethereum.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.