Title: [ARFC] Deploy a Crypto.com Aave v3 Instance

Author: ACI

Date: 2024-10-01

ARFC has been updated with latest Risk Parameters provided by Risk Service Providers. 2024-10-10

Summary

This proposal is for the creation of a specific Aave v3 instance in partnership with Crypto.com which will be used for their DeFi Staking product using WETH and cdcETH.

Motivation

Crypto.com is one of the world’s largest exchanges, currently listed as number 6 on DeFi Llama in terms of total assets. In addition to 100M+ global users since May 2024, they have a staked ETH product called cdcETH with over $80m TVL.

The original TEMP CHECK proposal to onboard cdcETH to the main Aave v3 instance, ended in an abstain result, indicating a desire of the DAO to further explore opportunities at a later time.

After discussions with the CDC team, ACI believes there are good synergies in creating a specific instance of Aave v3 that will allow them to integrate their DeFi Staking product and create a dedicated location for looping of cdcETH via emode to kickstart the instance liquidity, before including stablecoins to offer more yield options to CDC DeFi Staking users.

We encourage, delegates, tokenholders, and service providers to give feedback on this proposal.

Specification

The Crypto.Com Aave v3 instance will target the following:

• We target $60M+ for the CDC instance as a start with $50M+ on the WETH side.
• Drive liquidity to the new instance with a combination of their CeDeFi DeFi Staking product, Wallet integration, 3rd party specialized platforms and CDC-owned liquidity.
• The Crypto.com team has committed to $1 million worth of incentives for the first 6 months of launch to bootstrap initial liquidity. The ACI is in favor of matching this incentive amount via the Ahab program to increase the adoption velocity of this potential instance.

Contract address: 0xfe18aE03741a5b84e39C295Ac9C856eD7991C38e

Risk Parameters have been provided at ARFC stage by Risk Service Providers, and ARFC has been updated accordingly. 2024-10-10

Useful Links

Temp Check discussion: [TEMP CHECK] Deploy a Crypto.com Aave v3 Instance

Temp Check Snapshot: Snapshot

Audit: https://crypto.com/document/blocksec_securityaudit2024

Issuer: Crypto.com

DeFi Llama: https://defillama.com/protocol/crypto.com-staked-eth 2

Coingecko: https://www.coingecko.com/en/coins/crypto-com-staked-eth 1

Crypto.com Staking page: Crypto Staking — Crypto.com | Earn up to 16.64% per year by staking with us

Crypto.com Liquid Staking Q&A page: Liquid Staking | Crypto.com Help Center

Disclaimer

The Aave Chan Initiative is not directly affiliated with Crypto.com and did not receive compensation for creating this proposal.

Next Steps

1. Publication of a standard ARFC, collect community & service providers feedback before escalating the proposal to the ARFC snapshot stage.
2. If the ARFC snapshot outcome is YAE, publish an AIP vote for final confirmation and enforcement of the proposal.

Copyright:

Copyright and related rights waived under CC0

In favour of this proposal.

Summary

LlamaRisk recommends onboarding cdcETH to a new instance with ETH-Correlated eMode enabled, conditional on establishing a bug bounty program. Significant liquidity, access control, dependency, and governance risks nonetheless remain specific to cdcETH, namely:

• Circulating supply on mainnet is limited and largely controlled by Crypto.com addresses, especially DEX LP positions.
• Many critical contract parameters, including blacklist, ownership change, and, most severely, the Oracle source, can be upgraded without timelock by an alleged MPC wallet (which cannot be verified due to off-chain computation).
• The asset relies entirely on Crypto.com’s selection of staking providers, with no governance structure or transparency in the custody and provider selection process.

With that being said, the dedicated instance structure of this proposal and Crypto.com’s strong track record mitigate these risks to the point that we feel comfortable recommending onboarding, pending parameter alignment with @ChaosLabs and creating a bug bounty.

Collateral Risk Assessment

1. Asset Fundamental Characteristics

1.1 Asset

cdcETH is a liquid staking token issued by a leading centralized exchange, crypto.com. It has 2,000 ETH on mainnet staked through its solution, with another 34,000 on Cronos Chain. The asset was deployed on mainnet 270 days ago, and mainnet ownership is highly concentrated, with over 50% held directly by Crypto.com itself. On Cronos Chain, it was deployed over 300 days ago. It is a non-rebasing token earning up to 3.06% yield. There is no DAO, and staking is handled by Crypto.com.

Limited information is available about this asset aside from a whitepaper, an FAQ and a portal.

Aave has already onboarded many liquid staking tokens, meaning that onboarding another of this asset class presents limited incremental fundamental asset risk.

1.2 Architecture

Source: LlamaRisk

Users can stake ETH by using the custodial Crypto.com App. They first send ETH to the exchange’s address and then stake it. They will receive an amount of cdcETH based on an exchange rate (since it is non-rebasing), which they are free to use.

Should they wish to unstake it, they may either instantly unstake it (at the exchange rate) or unstake it for the underlying value if they want to sit in the withdrawal queue.

Limited information about the custody, staking organization, or operational infrastructure is available. There is mention that ETH is staked in industry-grade validators in the whitepaper that meet internal security assessments and have enjoyed 99.9% uptime and no slashing. However, given that collateral is held in permissioned addresses, this solution presents significant centralization and custody risks that warrant careful consideration.

1.3 Tokenomics

As a liquid staking token, there are few tokenomic structures to mention. It is a non-rebasing token whose supply reflects the amount of ETH staked into it. The cdcETH contract utilizes a redemption rate calculated by a ratio of issued cdcETH tokens and ETH staked in the protocol. This simple calculation means tokenomic risk is low.

2. Market Risk

2.1 Liquidity

Source: 1inch Aggregator, 2nd October, 2024

Onchain Ethereum mainnet liquidity for this asset is limited. While arbitrageurs may bridge cdcETH from the Cronos chain (where it is significantly more liquid), this presents a risk for liquidation.

Liquidators may encounter significant friction due to the limited onchain liquidity of cdcETH. This constraint could necessitate the redemption of cdcETH for underlying ETH through the Crypto.com exchange, introducing a substantial operational hurdle. The exchange’s KYC requirements present an additional layer of complexity for liquidators, potentially impeding the efficiency of the liquidation process.

2.2 Volatility

Source: CoinGecko cdcETH, October 3rd, 2024

cdcETH is as volatile as would be expected for a liquid staking token. There have been no large sustained depeg events in its history.

2.3 Exchanges

cdcETH is available primarily via the Crypto.com App. The majority of onchain trades are made on the Uniswap V3 pool, though this has limited liquidity and few transactions are made with only one trade in the past month.

2.4 Growth

Source: DeFiLlama, October 7th, 2024

cdcETH has seen a decrease in TVL on Cronos Chain since creation in dollar terms after a strong jump to over 100M$ in market capitalization. On mainnet, supply has remained largely static.

3. Technological Risk

3.1 Smart Contract Risk

This contract was audited in 2024. A bug bounty still needs to be implemented. There is no public GitHub repository, though contracts are verified onchain. A private GitHub repository presents additional risk as it reduces code transparency. Nevertheless, their clean audit provides reassurance that smart contract risk is mitigated.

Their team indicates cdcETH will be added to their HackerOne program by the end of the week.

3.2 Price Feed Risk

image2788×780 148 KB

Source: Example redemption ratio update via Etherscan, October 7th, 2024

An internal price feed reflecting the cdcETH to ETH redemption rate is documented. Its heartbeat is infrequent (in days), but as an exchange rate to a volatile underlying asset, this is to be expected. It is an onchain mathematical calculation based on a redemption rate so it is likely censorship resistant, making price feed risk relatively low.

It is worth noting that price feeds for this asset are upgradeable, making price feed risk significant.

3.3 Dependency Risk

Since Crypto.com controls this, significant dependency risk is placed on their custody practices. One security incident is documented occuring with user funds missing. Nevertheless, this centralized exchange operates a Proof of Reserve facility for many market cycles. It is a more reliable actor in the space. While dependency risk is significant, the entity with which the risk lies is responsible.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

cdcETH has no governance. It is maintained entirely by Crypto.com. This puts governance risk at the highest level because no checks and balances are visible in this asset’s management.

cdcETH has significant terms and conditions accepted by users staking the product. Crypto.com, more generally speaking, is a highly regulated entity that complies with jurisdictional regulation across many of the strictest and more favorable regimes ranging from the United States to Cyprus to Singapore. While it notably closed its United States Institutional exchange due to low demand in 2023, it’s the same market self-reportedly led recent volume resurgence - raising questions as to if the stated reason was actually why their institutional offering left the United States. This indicates an entity that spends significant resources dealing with regulatory matters before they arise, meaning that regulatory risk is lowered in some way. This makes sense as a centralized exchange custody of user funds - a more legally scrutinized activity.

After reviewing the terms and conditions of staking with Crypto.com, it is worth noting section 7.2 limits liability damages to $100 per customer for “FOR ANY LOSS OR DAMAGE ARISING IN CONNECTION WITH ON-CHAIN STAKING AND/OR LIQUID STAKING”. Other notable terms include:

• Fee adjustments at will
• Termination of access to staking at will
• Unstaking of your assets at will
• Ability to change these terms

While these do not inherently present risk to Aave DAO in their current form, as risk providers, we should be mindful of monitoring them should any changes be made. Terms and conditions are a potential risk vector. While significant regulatory risk remains, a good effort has been made to clarify and mitigate it.

4.2 Access Control Risk

The asset in question presents substantial access control risk. The designated owner address possesses the following elevated permissions:

• Updating the oracle
• Blacklisting other addresses
• Pausing contracts
• Minting and burning tokens
• Ownership transfers
• Rescuing tokens sent to the contract address

This address is an alleged MPC wallet (which cannot be verified due to off-chain computation). These are significant permissions that introduce significant risk. The strictest key management policies must be respected here; otherwise, the instance this is introduced is placed at considerable risk.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

5. Aave Crypto.com Instance Specific Parameters

To be provided after discussion with @ChaosLabs

6. Price feed

We recommend using the internal exchange rate, ETH/USD Chainlink feed, and CAPO.

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded partly by the Aave DAO. LlamaRisk is not directly affiliated with Crypto.com and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Update: Crypto.com Receives Wells Notice from SEC

We wish to provide the DAO with a concise commentary on the recent announcement regarding Crypto.com’s legal battle with the SEC.

On August 22, 2024, the Securities and Exchange Commission (SEC) issued a Wells Notice to Crypto.com, signaling its intent to recommend enforcement action against the platform. The SEC’s allegations stem from asserting that certain tokens traded on Crypto.com constitute Crypto Asset Securities and that the platform has been operating as an unregistered broker-dealer and securities clearing agency, contravening the Securities Act and Exchange Act. The tokens under scrutiny include SOL, ADA, BNB, FIL, FLOW, ICP, ATOM, ALGO, NEAR, and DASH.

In response to this regulatory challenge, Foris DAX Inc., operating as Crypto.com, has initiated legal proceedings seeking declaratory and injunctive relief. The lawsuit aims to prevent what Crypto.com characterizes as an unlawful expansion of the SEC’s jurisdiction over secondary-market transactions of specific network tokens on its platform.

The crux of Crypto.com’s legal argument rests on several important contentions. We highlight herewith two key points of the filing:

1. It seeks a judicial declaration that secondary-market transactions of the targeted network tokens on its platform do not constitute securities transactions as defined by the Securities Act and Exchange Act.

2. Crypto.com is petitioning for a declaration that it does not meet the criteria of a securities broker-dealer or securities clearing agency requiring registration under the Exchange Act for its platform operations.

Furthermore, Crypto.com is pursuing permanent injunctive relief to preclude the SEC and its officers from initiating any enforcement action predicated on the notion that transactions involving the targeted network tokens are securities transactions or that Crypto.com is operating as an unregistered broker-dealer or clearing agency.

It is noteworthy that, according to company disclosures, the Crypto.com group of companies maintains compliance with the diverse regulatory framework in the United States. The ongoing litigation has not precipitated any alterations to the company’s business compliance design, underscoring Crypto.com’s confidence in its regulatory posture.

Given the current state of affairs, preemptive measures are not warranted. Crypto.com’s resolute stance and commitment to vigorously defend its position in what is anticipated to be a protracted legal battle against the SEC demonstrate a strong belief in the merits of its case.

Overview

Chaos Labs supports the deployment of a new Crypto.com instance.

cdcETH

Crypto.com Staked ETH is an ETH liquid staking token offered by Crypto.com. Similar to wstETH, it accrues rewards in its price rather than rebasing. According to Crypto.com’s page on the asset, users can wrap their staked ETH for cdcETH after the staking “Activation” period ends. Additionally, they can withdraw according to the conversion rate. They note that users may receive their ETH after the “protocol-imposed on-chain unbonding period ends.” While not explicitly defined in the Terms of Service or FAQ, this likely refers to the Ethereum unstaking queue.

Liquidity

Currently, the vast majority of cdcETH exists on the Cronos network: 34,420 cdcETH. There is just 2,000 cdcETH on Ethereum, with 1,000 of this being held by a Crypto.com-linked account.

On Ethereum, its liquidity is spread across Uniswap V3, Balancer, and Curve, with $1.9M, $520K, and $1.12M TVL, respectively.

Overall, its average daily trading volume over the last 6 months is $236K. While its DEX liquidity and on-chain supply are limited relative to the proposed size of the instance, we recommend a setup that significantly reduces the liquidity demands.

As discussed above, the process of wrapping and unwrapping is instantaneous and doesn’t require additional fees. However, should the Ethereum withdrawal queue face delays, cdcETH unstaking would also be delayed, as is the case with other ETH LSTs.

Volatility

The asset’s current market cap stands just over $80M, and its volatility relative to ETH is 4.14% over the past 180 days; it is 6.08% over the past 30 days. These figures are in line with other ETH LSTs.

LTV, Liquidation Threshold, and Liquidation Bonus

Considering the asset’s liquidity and recent volatility increase, Chaos Labs recommends adopting listing parameters in line with similar assets. We suggest setting the Liquidation Bonus at 7.5%, in line with similar assets, while setting the LTV and Liquidation Threshold at 72.5% and 75%, respectively. However, we anticipate that this asset will be used entirely in E-Mode in the early stages of the deployment, and we have provided recommendations for E-Mode below.

Supply and Borrow Caps

Under Chaos Labs’ typical methodology, we determine supply and borrow caps at twice the DEX liquidity available under a price impact equal to the Liquidation Bonus.

However, given that this asset is anticipated to be used entirely in E-Mode with exchange-rate pricing, and with no uncorrelated assets available for borrowing, liquidations are highly unlikely in this instance. Thus, we recommend a more aggressive supply cap in line with the proposed values in the ARFC, rather than parameters constrained by Ethereum DEX liquidity.

IR Curve

We recommend aligning the Interest Rate curve and Kink to similar yield-bearing assets.

Pricing

Given the existence of withdrawals for cdcETH and its relatively long history with demonstrated mean reversion, we recommend using exchange rate pricing for the asset with CAPO. We note that the internal exchange rate is updated relatively infrequently, as demonstrated in the CAPO chart below. We do not anticipate that this will materially increase risk.

Instance Setup

To avoid incentive-farming looping behavior, we do not recommend allowing WETH to be used as a collateral asset. As such, we recommend disabling cdcETH borrowing. We note that incentives will be necessary in this market to ensure that supplying WETH is sufficiently lucrative.

SEC Wells Notice

We note that Crypto.com has received a Wells Notice (indicating forthcoming enforcement action) from the SEC, specifically targeting SOL, ADA, BNB, FIL, FLOW, ICP, ATOM, ALGO, NEAR, and DASH. Crypto.com has stated that they have filed suit against the SEC, arguing that the SEC “invented the term Crypto Asset Security out of whole cloth… The term has no foundation in the Securities Act of Exchange Act.” Given the likelihood of extended legal action, as well as the fact that ETH and cdcETH were not targets of the Wells Notice and cdcETH is not available to U.S. users, we do not find that this development presents additional risks to the Aave protocol.

Finally, we note that cdcETH did not depeg following this news.

cdcETH/WETH pair on VVS Finance on Cronos

Recommendations

CAPO

We recommend a maxYearlyRatioGrowthPercent of 5.11% for cdcETH, with a MINIMUM_SNAPSHOT_DELAY of 14 days. This recommendation is based on the frequent occurrence of rate distributions and relatively minimal rate variance observed over time, as seen in the plot below.

Disclaimer

Chaos Labs has not been compensated by any third party for publishing this recommendation.

Copyright

Copyright and related rights waived via CC0

Following recent discussions with Crypto.com and signing an NDA, LlamaRisk provides additional information about cdcETH. This update clarifies previous concerns and offers a more comprehensive view of security measures and operational procedures.

Custody solution

We’ve reviewed an audit by a reputable firm (undisclosed due to NDA) confirming Crypto.com’s robust custody solutions, which is compliant with SOC2 (Service Organization Control) Type 2, a year-long process that identifies:

• Security controls against unauthorized access, mitigating system abuse, theft, fraud, data removal, software misuse, and information alteration
• Quick detection of anomalies and incidents by monitoring staff
• Established frameworks for responding to security breaches

The SOC2 Type 2 framework’s security controls and processes have been effectively designed and implemented to protect the custody solution. Security is the core of SOC 2 compliance requirements.

Public repository

Crypto.com has made its cdcETH GitHub repository public. Key points:

• Uses Circle’s Wrapped Token OS ERC20 format (like cbETH, USDC)
• Identifies contract access controls and owner-changeable variables
• Includes detailed contract architecture diagrams
• Primary contract (FiatTokenProxy.sol) is functionally identical to other Wrapped Token OS tokens, with minor informational differences

MPC Address Custody Solution

Crypto.com uses a multistage contract interaction process, which, for security reasons, cannot be detailed. LlamaRisk reviewed the operational flow, which provides checks and balances to prevent unauthorized transactions. However, ownership of the Multi-Party Computation signer keys and adherence to these procedures cannot be independently verified. While an onchain Safe solution would be preferable, the reported efforts suggest good operational procedures.