---

title: [ARFC] Deploy Aave Protocol v3.7 on Monad
Author: @Tokenlogic
Created: 2026-05-19
Updated: 2026-06-17 with Risk Service Provider feedback

---

Summary

This ARFC proposes deploying Aave Protocol v3.7 on the Monad Network.

Motivation

Monad’s pipelined EVM architecture delivers fast, high-throughput performance while remaining fully compatible with Ethereum, making it ideal for real-time financial applications. This directly supports the needs of neobanks and fintech platforms, which rely on quick transaction finality, scalability, and predictable costs.

By deploying Aave v3 on Monad, the ecosystem gains a proven liquidity layer that enables lending, borrowing, yield generation, and stablecoin infrastructure. Because of Monad’s full EVM compatibility, Aave can be integrated quickly with minimal changes, making it easier for existing Ethereum builders to adopt. Together, these positions Aave as the core liquidity engine within Monad, helping attract early users and capital while supporting the next generation of scalable, on-chain financial products.

Incentives Package

Monad Foundation will provide the following within the first twelve months of the Aave Protocol activation proposal being executed:

• $15M USD in incentives measured at the block when ACI distributes rewards via MASIv infrastructure
• 10M units of GHO will be acquired and retained for more than 6-months whilst respecting considerations for managing operating capital

The Aave DAO will provide the following within the first twelve months of the Aave Protocol activation proposal being executed:

• 0.50M units of GHO incentives to be distributed to support the growth and adoption of GHO on the Monad network

The Monad Foundation reserves the right to determine whether and when to migrate to Aave v4.

Post Growth Roadmap

After the initial launch of Aave Protocol v3.7, the next phase of growth is expected to evolve with the introduction of Pendle PT assets and Fastlane’s LST.

• Pendle PT-AUSD
• Pendle PT-sUSDe
• Pendle PT-reUSD
• Fastlane’s shMON

Specification

The below will be updated upon receiving feedback from various stakeholders in the lead-up to the deployment.

General Configuration

eMode #1 - Maple syrupUSDC

eMode #2 - Liquid Leverage

eMode #3 - Lido Yield Maximiser

eMode #4 - EtherFi Yield Maximiser

Aave DAO’s Contribution

Create an allowance for 0.5M aEthLidoGHO from Aave V3 Prime on Ethereum:

• Asset: aEthLidoGHO: 0x18eFE565A5373f430e2F809b97De30335B3ad96A
• Amount: 0.5M
• Spender: AFC 0x22740deBa78d5a0c24C58C740e3715ec29de1bFa
• Method: approve() aEthLidoGHO on the Aave Collector contract to the Aave Finance Committee (AFC) address.

GHO Stablecoin

Activate GHO Lane

Currently, the CCIP Bridge to Monad Network is v1.5 and requires upgrading to v1.6 before GHO lanes are established. TokenLogic will work with Chainlink to sync upgrade timelines and extend the new GHO lanes to/from the Monad Network

Current CCIP Bridge Configuration, which may change prior to implementation. The Gho Lane Activation uses the parameters in effect when the AIP is submitted.

• Bucket Capacity: 100M GHO
• Inbound Capacity: 1.5M GHO
• Outbound Capacity: 1.5M GHO
• Refill Rate: 300 GHO/sec

The table below lists the address of the new Monad deployments

Deploy GHO Stewards

GhoAaveSteward

• updateGhoBorrowCap: ±100%
• updateGhoBorrowRate: ±5% on optimal usage ratio, base variable rates, slopes
• updateGhoSupplyCap: Up to +100%

GhoGsmSteward

• updateGsmExposureCap: ±100%
• updateGsmBuySellFees: ±0.5% per side (FixedFeeStrategy)

Both stewards remain callable only by the GHO steward protocol.

GhoCcipSteward

• updateBridgeLimit : ±100%
• updateRateLimit: ±100%

GhoBucketSteward

• updateFacilitatorBucketCapacity : ±100%

Deploy stataUSDT0 remoteGSM

USDT0 deposits into stataUSDT0 trigger GHO transfers using Ethereum-held inventory via GSM.

3. Mint and bridge 50,000,000 GHO

Mint 50M GHO from the GhoDirectFacilitator and bridge to Monad via CCIP to Monad’s Collector.

4. Fund GhoReserve from Collector

From Collector, transfer to GhoReserve deployed on Monad for use by GSM.

Additionally, after a trial period with a maximum bridge amount of 1.5M across any network and a refill rate of 300 GHO per second, we are increasing the maximum bridge amount to 5.0M and the refill rate to 1,000 GHO per second.

Disclosure

TokenLogic is an active service provider to the Aave DAO, the beneficiary of stream 100072 and the KPI as outlined in this publication. The scope of this engagement is available via this forum proposal.

TokenLogic supports and maintains an independent delegate voting platform within the Aave community.

TokenLogic and associated entities have no undisclosed material conflicts of interest at the time of submission.

Next Steps

1. Gather feedback from the community.
2. If consensus is reached on this TEMP CHECK, escalate this proposal to the Snapshot stage.
3. Publish a standard ARFC, collect feedback from the community & service providers before escalating the proposal to the ARFC snapshot stage.
4. If the ARFC snapshot outcome is YAE, publish an AIP vote for final confirmation and enforcement of the proposal.

Copyright

Copyright and related rights waived via CC0.

Summary

LlamaRisk supports Aave deployment to Monad with specific considerations. The network launched its public mainnet on November 24, 2025, making it roughly 7 months old at the time of writing. While Monad’s parallel EVM execution architecture and full bytecode compatibility reduce deployment friction, the network’s relatively short operational history warrants conservative initial parameters.

Current TVL stands at approximately $359.5m. The ecosystem has attracted established DeFi protocols (Uniswap, Curve, and Morpho) alongside Monad-native applications (Neverland and Kuru), though liquidity remains concentrated in the former. Initial strong early usage on the network has compressed, with activity remaining relatively the same until recently, with a marginal uptick in active addresses in April 2026.

1. Network Fundamental Characteristics

1.1 Network Overview

Monad is a Layer 1 Proof-of-Stake blockchain that targets full EVM bytecode compatibility while re-engineering the execution layer for higher throughput. It is not an L2 or rollup; it is an independent L1 with its own validator set and consensus mechanism.

The network’s performance rests on four architectural components:

• MonadBFT: a pipelined, HotStuff-family BFT consensus (HotStuff-style) that separates ordering/finality from execution so validators can agree on block order while execution is performed out of the consensus hot path.
• Optimistic parallel execution: concurrent execution with conflict detection and re-execution for dependent states, rather than strictly sequential EVM execution.
• Asynchronous/deferred execution: consensus and execution are decoupled; block production is not gated on finishing prior-block execution.
• MonadDB: a custom state database layer described as part of the core architecture.

Target throughput is up to 10,000 TPS with 400 ms block times and ~800 ms finality. Current throughput averages are 16-47 TPS and 400.27 ms block times.

Architecture

Monad is designed as an EVM bytecode-equivalent Layer 1 with a performance model built around separating ordering/finality from execution. Transactions are still linearly ordered, but execution is implemented as optimistic parallel execution: independent transactions can be executed concurrently, and conflicts are handled by detecting incorrect reads and re-executing affected transactions; even with parallel execution, state updates are merged sequentially to preserve the deterministic EVM result.

MON is the chain’s native accounting and security asset. Transaction fees are denominated in MON, and the documentation specifies that deductions follow `value + gas_price * gas_limit` (i.e., charging against the declared gas limit). Validator voting weight and leader scheduling are stake-based, with MON staked by validators and delegated by holders, making MON the input to consensus participation and reward distribution.

Consensus is provided by MonadBFT, which targets speculative finality in a single round and full finality in two rounds. This finality structure matters for liquidation and arbitrage flows because actors either price in the small speculative-finality reversion tail or wait for two-round finality before executing size.

Source: MonadBFT, Monad docs

MonadBFT is a leader-based BFT protocol where a designated leader proposes the next block in each round. The leader rotates each round according to a schedule determined previously using the stake weights. After validators vote on the proposal, the leader aggregates votes into a quorum certificate once a supermajority threshold is reached. The next leader then builds on the highest-certified block, and finality is achieved by accumulating certificates across consecutive rounds, which is why the protocol distinguishes one-round speculative confirmation from two-round deterministic finality.

In the normal (happy) path, the leader is live and messages propagate on time, so validators form a QC (Quorum Certificate) for the proposed block in one round, and the following round extends it, producing deterministic finality on the second round. The unhappy path occurs when a round fails to gather timely votes into a QC, typically due to a non-responsive leader, delayed message propagation, or Byzantine behavior that disrupts vote collection. Timeout handling is round-based: if a validator does not observe a QC before its local timer expires, it stops waiting for that round, emits a timeout signal that carries its highest observed QC, and advances to the next round. The next leader uses the timeout signals to converge on the highest-certified chain tip and proposes a new block extending that highest QC, allowing the protocol to make progress without committing the stalled proposal. This preserves safety under the <1/3 faulty stake assumption but increases latency and can extend the time between speculative confirmation and deterministic finality.

Security

Monad’s security posture is documented through third-party review and a standing, incentivized disclosure program. The MiCA white paper states that the protocol underwent security audits by Zellic and Spearbit and that a public audit competition was completed ahead of the contemplated admission to trading, while also noting that undiscovered vulnerabilities may still exist in the core protocol.

For ongoing vulnerability reporting, the core client repository directs researchers to a Cantina bug bounty. Cantina is the primary disclosure channel for Monad core issues, with max rewards of $1,000,000 (Critical), $100,000 (High), and $35,000 (Medium). Scope is centered on chain-critical components: MonadBFT consensus safety/finality, RaptorCast networking (DoS, propagation delays, signature/Merkle verification), parallel execution determinism/state integrity, transaction + fee model correctness, and high-sensitivity execution components (MonadDB integrity and JIT vs interpreter consistency, including RCE-class risk).

Residual exposure is concentrated in client implementation and upgrade risk: defects introduced through new releases, parameter changes, or edge-case interactions under mainnet load can surface as consensus faults or execution inconsistencies, which would be higher impact than application-layer contract bugs due to their potential to affect chain-wide settlement guarantees.

Fees

Gas fees are near-zero, denominated and payable in MON. Monad transaction fees are EIP-1559 compatible: the effective gas price paid per unit of gas is the sum of a protocol-controlled base fee and a user-specified priority fee, and the amount charged is the transaction gas limit (i.e., deduction is value + gas_price * gas_limit).

Monad sets base_price_per_gas with a controller that targets block fullness rather than using Ethereum’s linear EIP-1559 update. For each block k, it first computes block_gas_k as the sum of gas_limit_tx across all transactions in the block. The next block’s base price is then updated multiplicatively:

Source: Gas Pricing, Monad docs

The parameters shown imply a utilization target of 80% (target = 160M) under a block_gas_limit of 200M and a minimum base fee of min_base_price_per_gas = 100 MON-gwei. This design hard-floors transaction inclusion cost and sets fee dynamics through a volatility-sensitive controller; liquidation and arbitrage execution quality therefore depends on how quickly base fees reprice as blocks move above target utilization and whether the min base fee and repricing path remain compatible with liquidator margins during congestion. Relative to Ethereum’s base fee controller, Monad’s controller is configured to increase more slowly and decrease more quickly, with the stated objective of reducing the risk of blockspace underutilization caused by an overpriced base_price_per_gas.

1.2 Decentralization and Legal Evaluation

Monad is disclosed as two core entities: Monad Foundation (a memberless Cayman foundation company; ecosystem/governance facilitation) and Category Labs (protocol engineering; rebrand from Monad Labs on Dec 16, 2024). Foundation leadership is described as Keone Hon and Eunice Giarta (co-GMs) with a board including Petrus Basson, Keone Hon, and Marc Piano; Category Labs is led by James Hunsaker (CEO).

Legal Evaluation

Monad’s disclosed legal perimeter follows a common three-entity pattern that separates ecosystem stewardship, software development, and token distribution mechanics. The Coinbase sale disclosure identifies MF Services (BVI) Ltd. as the token sale seller and as a wholly owned subsidiary of the Monad Foundation, indicating that primary distribution activity is routed through a BVI vehicle.

Separately, Monad publishes a MiCA-format white paper, which functions as a disclosure document for EU audiences (issuer/offeror identity, token function, technical description, and risk factors). This improves documentation quality and comparability but does not itself resolve cross-jurisdiction classification risk, as token treatment remains regulator- and fact-pattern-dependent outside the MiCA disclosure framework.

Key legal monitoring items are therefore concentrated in (i) entity boundary clarity (which entity controls token distribution, incentives, and treasury actions), (ii) governance and control disclosures (board/management authority, delegation and upgrade processes), and (iii) disclosure consistency across primary-sale documentation and the MiCA white paper, particularly where representations about token rights, restrictions, conflicts, and distribution discretion affect regulatory interpretation and counterparty diligence.

Upgrades are executed as scheduled hard forks tied to client releases and activation timestamps; protocol “revisions” are activated at a future timestamp, and node operators are expected to upgrade ahead of that activation. MON holders do not currently have direct on-chain voting over upgrades; the white paper states governance participation is expected via validator delegation and notes there are no current plans for on-chain governance with MON.

Validators

As of early 2026, the network is operated by a validator set in which only the top 200 validators by total stake are active each epoch. Validator registration is stake-gated with a 100,000 MON minimum self-stake, and delegation is supported. According to gmonads data, validator geographic dispersion spans 29 countries, including the United States (22.9%), the Netherlands (17.88%), Germany (15.5%), Finland (5.44%), and Singapore (5.18%), representing the largest share of delegated stake. Validators stake MON and are subject to penalties primarily through reward loss for downtime; current enforcement is not described as an active slashing regime.

Source: Monad Validators, gmonads.com, June 8th, 2026

Slashing

Current protocol documentation states that slashing is not live on Monad at this time; the enforced downside for validator downtime is loss of rewards for the validator and its delegators. This makes the present penalty regime primarily yield-based, with no in-protocol capital loss mechanism described as active. The lack of slashing adds an incentive risk layer, given the limited set of validators and the outsized influence the largest stakers can have on operations.

1.3 Activity Benchmarks

This section benchmarks whether Monad’s DeFi footprint is large enough to support a production money market without relying on incentive-driven flows. The focus is on balance-sheet size (TVL and stablecoin float), where liquidity is actually deployed (sector concentration), and whether the chain shows enough transactional throughput to keep liquidations and arbitrage functional during volatility states.

Network TVL

Source: Monad TVL, DefiLlama, June 8th, 2026

There’s currently around $359.5m in DeFi TVL and $425.7m of stablecoin supply on the chain. Bridged TVL is reported at $600m.

Source: Monad DeFi TVL, Dune, June 8th, 2026

At the time of writing, lending is the largest tracked DeFi segment at $328.6m TVL, led by Morpho ($123m), Euler ($86m), Curvance ($56m), and Neverland ($44m), which indicates an existing strong interest in lending-based protocols. Leading DEXs include Balancer v3 ($17m), Uniswap v4 ($14m), and Curve ($10m).

Network Activity

Source: Monad - Active Addresses, Dune, May 29th, 2026

The daily active user trend shows significant fluctuations and irregular bursts, with peaks reaching close to 150,000 users at launch, while the 7-day average remains at 9,000 new users.

Source: Monad - Active Contracts, Dune, June 8th, 2026

Daily active contracts show a front-loaded spike at launch, with activity briefly reaching the high-teens thousands before rapidly compressing into a lower, steadier baseline.

A notable contract registration spike occurred on December 2nd, 2025, when 17,934 new contracts were created in a single day.

Source: Monad - Daily Tx Fees, Dune, June 8th, 2026

Daily transaction fees show an initial launch-driven spike in late November, where total fee spend briefly reached $35k per day, followed by a rapid compression into a stable baseline. From January onward, fees remain range-bound with intermittent bursts and a modest pickup in volatility around early February, but without returning to the initial launch peak.

1.4 Security

Monad’s infrastructure has undergone multiple independent security audits. 16 audits have been completed to date, including:

• Zellic (August - September, 2025):
  • Compiler: 1 informational issue found. Issues were acknowledged and/or fixed.
  • RPC: 4 medium, 1 low, and 1 informational issues were found. Issues were acknowledged and/or fixed.
  • Consensus: 5 critical, 2 high, 1 medium, and 3 informational issues were found. Issues were acknowledged and/or fixed.
  • Database: 3 informational issues were found. Issues were acknowledged.
  • Execution: 1 high, 3 medium, 1 low, and 7 informational issues were found. Issues were acknowledged and/or fixed.
  • Networking: 4 critical, 2 high, 2 medium, 1 low, and 1 informational. Issues were acknowledged and/or fixed.
• Spearbit (November, 2025): 1 critical, 15 high, 10 medium, 8 low, and 13 informational issues were found. Issues were fixed or acknowledged.
• Code4rena (September, 2025): 4 high and 7 medium risks were found.
• Ottersec (December, 2025 - March, 2026):
  • BFT: 4 medium, 5 low, and 5 informational. Issues were acknowledged and/or fixed.
  • Execution: 1 medium, 3 low, and 4 informational. Issues were acknowledged and/or fixed.
  • JIT: 11 low and 6 informational. Issues were acknowledged and/or fixed.
  • RPC: 3 low and 2 informational. Issues were acknowledged and/or fixed.
  • DB: 1 high, 3 low, and 1 informational. Issues were either partially or fully resolved.
• Runtime Verification (March, 2026): 4 medium and 2 low severity findings. Issues were either partially or fully resolved.
• Perimeter (January - March, 2026)
  • RPC & Execution: 1 high, 1 low, and 3 informational issues were found. Issues were either partially or fully resolved.
  • Fuzzing Report: 1 high, 1 low, and 3 informational. Issues were either partially or fully resolved.

2. Network Market Outlook

2.1 Market Infrastructure

Bridges

Cross-chain infrastructure for Monad is available through messaging and bridging protocols, including Chainlink CCIP, which is listed as officially supported cross-chain infrastructure (via MonadBridge), deBridge, and LayerZero for omnichain bridging, alongside additional providers such as Wormhole, Hyperlane, Relay, LI.FI, and Across Protocol. A full provider summary can be found here, covering setups on Monad and links to architectural documentation.

Users should verify official interfaces and contract addresses before transferring assets and consider limiting transfer sizes to manage exposure.

Key assets bridged to Monad, their supported architecture includes:

A full token list of bridged assets can be found [here](GitHub - monad-crypto/token-list · GitHub), which contains all supported assets and the bridging infrastructure used on Monad mainnet.

 {
      "chainId": 143,
      "address": "0xaB6e5a0C3799d020c790D34F7B2C02639e238AF7",
      "name": "Syrup USDC",
      "symbol": "syrupUSDC",
      "decimals": 6,
      "extensions": {
        "coinGeckoId": "syrupusdc",
        "bridgeInfo": {
          "protocol": "Chainlink CCIP",
          "bridgeAddress": "0x33566fE5976AAa420F3d5C64996641Fc3858CaDB"
        },
        "crossChainAddresses": {
          "1": {
            "address": "0x80ac24aA929eaF5013f6436cdA2a7ba190f5Cc0b"
          },
          "8453": {
            "address": "0x660975730059246A68521a3e2FBD4740173100f5"
          },
          "42161": {
            "address": "0x41CA7586cC1311807B4605fBB748a3B8862b42b5"
          }
        }

Source: Monad tokenlist, syrupUSDC, Github, June 8th, 2026

Lending

• Morpho – Largest lending protocol by TVL.

• Neverland – Monad-native, built on Aave v3 architecture. Accounts for a significant portion of native lending activity.

• Gearbox

• Euler V2 – Deployed from day one with RedStone Oracle integration.

• Curvance – Monad’s lending layer for leveraged yield.

• Folks Finance (xChain) – Present on Monad (small in current snapshots).

• TownSquare – additional lending venue on Monad.

DEXs

• Uniswap V4

• PancakeSwap V3

• Curve

• Balancer

• Kuru – Monad-native on-chain order book DEX with hybrid AMM design. Fully on-chain CLOB leveraging Monad’s low latency.

• LFJ (Trader Joe)

RPC Node Services

RPC node services on Monad include Alchemy, Ankr, Blockdaemon, BlockPI, Chainstack, dRPC NodeCloud, Dwellir, Envio, GetBlock, OnFinality, Quicknode, Spectrum, Tatum, thirdweb, Triton One, and Validation Cloud.

Oracles

• Chainlink – CCIP live; Data Feeds and Data Streams expanding.
• RedStone – Primary oracle for multiple Monad-native protocols (Neverland, Euler, PerplTrade).
• Pyth Network – Integrated for price feed data.
• Switchboard, Stork, Band Protocol, Supra, API3 – Additional oracle infrastructure.

Critically, over 86 Chainlink feeds are available on Monad, including market reference and exchange rate feeds, which are used in Aave pricing schemas.

Wallets

Supported wallet types:

• Software: Phantom, Atomic Wallet, Backpack, Binance Wallet, Bitget Wallet, HaHa, Keplr, MetaMask, OKX Wallet, Rabby Wallet, Safepal, and Trust Wallet
• Hardware: Ledger, Safepal, and Tangem
• Institutional: Porto by Anchorage Digital and Utila

Toolkits

Foundry, Hardhat, and Solonet are currently supported development toolkits.

Indexers

• Common data: Allium, Birdeye Data Services, Codex, Dune Sim, GoldRush (by Covalent), Goldsky, Mobula, Moralis, Quicknode, Rarible, Sequence, SQD, SonarX, thirdweb, Unmarshal, Zerion.
• Smart contract indexers: Envio, Birdeye Data Services, Codex, Dune Sim, GoldRush (by Covalent), Goldsky, Mobula, Moralis, Quicknode, Rarible, Sequence, SQD, SonarX, thirdweb, Unmarshal, Zerion, The Graph

2.2 Liquidity Landscape

Depth is concentrated in a handful of core pools on Uniswap v4, Curve, and Balancer, with a steep drop-off outside the top tier and limited redundancy across venues. This structure can support routine trading, but liquidation capacity at scale is constrained by pool-specific depth and the risk that activity bottlenecks through the same few routes during volatility.

It should be noted that the lion’s share of Balancer liquidity is in a single Wrapped Neverland pool (LP tokens), along with the remaining pairs with meaningful liquidity.

2.3 Ecosystem Resilience

As an independent L1, Monad’s security model differs from L2 deployments. It does not inherit Ethereum’s security and must maintain its own validator set and economic security. Key points:

• MonadBFT requires >2/3 honest stake weight. With 200 validators reported, the set is reasonable for a chain at this stage of its mainnet history but remains relatively untested under adversarial conditions.
• The optimistic parallel execution model is architecturally novel. While audited and open-source, production edge cases may still surface.
• TVL concentration in a small number of protocols (Uniswap, Curve, and Neverland account for a majority) means ecosystem resilience is tied to the health of these deployments.
• The open-source codebase (GPL-3.0) is a positive signal for auditability, as it allows independent parties to review, reproduce, and test client behavior.

2.4 Ecosystem Growth Potential

Monad is positioned as a high-throughput, EVM-compatible L1 that reduces integration friction for Ethereum-native applications and tooling. Monad chain supports full EVM bytecode compatibility and performance targets around 10,000 TPS with sub-second finality and very short block times (0.4 seconds per block), which expands the feasible design space for money markets and liquidation infrastructure that are otherwise constrained by latency and throughput.

A relevant consideration is the observed user drop-off after the initial launch period. On-chain activity indicators show an early spike followed by a step-down to a lower, more stable baseline, consistent with incentive- or novelty-driven activation that did not persist at initial levels. This increases reliance on a narrower set of power users and integrated applications for borrow demand, liquidation flow, and arbitrage, and raises sensitivity to changes in incentive schedules and venue-specific liquidity programs.

The network’s native gas token and staking asset, MON, implies a gas-economics model that is not dependent on ETH for fee payment. On ecosystem formation, Monad Foundation has disclosed an application-focused incentive matching program (Monad Momentum) aimed at retention and revenue metrics and tokenomics messaging that earmarks a material allocation for ecosystem development.

2.5 Major and Native Asset Outlook

Monad’s asset base is currently stablecoin-heavy, with ~$425.7m in stablecoin supply and 57.32% USDC dominance. Stablecoin float is large relative to DeFi TVL, implying a meaningful share of liquidity sits outside tracked DeFi venues rather than being intermediated on-chain.

Externally bridged inventory totals ~$600m, led by USDC (~$254m) and USDT0 (~$87m), with additional sizeable balances in major-asset derivatives such as wstETH (~$53m) and wrapped BTC variants including cbBTC (~$16m) and WBTC (~$9m). Native MON liquidity is not the primary driver of balance-sheet size at this stage; the effective risk footprint is therefore driven by stablecoin rails and ETH/BTC derivative liquidity and their ability to absorb stress flows.

2.6 Tokenomics

Source: Monad tokenomics, Monad docs, 2026

Monad states an initial supply of 100,000,000,000 MON and states the token will be inflationary via ongoing issuance to validators, with a fee-burning mechanism that can partially offset issuance depending on realized network fee volume. The published initial allocation framework assigns 38.5% to ecosystem development, 27.0% to the team, 19.7% to investors, 7.5% to a public sale, 4.0% to the Category Labs treasury, and 3.3% to an airdrop.

The dominant tokenomics risks are multi-year dilution and unlock overhang from large non-circulating insider and ecosystem allocations, plus discretionary distribution risk from the ecosystem budget; secondary uncertainty is the steady-state inflation outcome because the net supply path depends on usage-driven fee burn versus protocol issuance and staking participation.

3. Onchain discoverability

Monad maintains its official block explorer for real-time transaction, block, and validator monitoring. MonadScan, built by Etherscan via its Explorer-as-a-Service program, provides the standard Etherscan interface with contract verification and developer APIs. Additional explorers include SocialScan and MonadVision.

Network traceability is available on DefiLlama, Dune Analytics, Nansen, and Token Terminal.

4. Access Control

Network-level operations, upgrades, and administrative bounds are handled by the core client source code running on local validator nodes. Upgrades (such as modifying gas token costs, changing virtual machine specifications, or implementing new cryptographic precompiles) are managed via coordinated Software Releases. Revisions on Monad, commonly known as hard/soft forks on other chains, are coordinated with future timestamp activations. This allows validators to choose to accept the revision and upgrade ahead of time. Once the scheduled upgrade timestamp is reached, a supermajority of validators transition to the new behavior simultaneously, allowing the chain to upgrade without interruption.

As stated in section 1.2, Monad Revisions are effectively controlled by Category Labs, thus centralizing access control of the network with the engineering team behind Monad.

The MONAD_NINE upgrade (March 2026) represents the first major governance action post-mainnet, covering EVM memory cost changes (MIP-3), reserve balance checks (MIP-4), and Ethereum Fusaka compatibility (MIP-5). Mainnet change logs can be found here.

5. Impact of AAVE Deployment

The primary risks to Aave on Monad are linked to execution and finality assumptions under stress and to the operational dependencies introduced by cross-chain rails and oracle selection. Monad markets itself as a high-performance, EVM-compatible L1 with parallel execution and sub-second deterministic finality; in practice, parallelism is workload-dependent and degrades when many transactions contend for the same state, which is a relevant failure mode for liquidation-heavy periods where activity concentrates around a small set of collateral and liquidation contracts. Monad’s own materials also distinguish deterministic finality at two slots, which is a direct input into liquidation timing assumptions and MEV-driven execution quality.

The network has established core infrastructure categories required for an Aave deployment. Monad’s infrastructure directory lists multiple oracle providers that are active in the ecosystem, including API3, Band Protocol, Blocksense, Chainlink, Chainsight, Chronicle, Pyth Network, RedStone, Stork, Supra, Switchboard, Terminal 3, UMA Protocol, and others; for Aave this creates optionality but also makes oracle standardization and operational dependency mapping a first-order design input because risk quality becomes feed- and operator-specific.

On bridging, Monad operates a native bridge interface that is powered by Wormhole, and Wormhole states that the bridge uses Wormhole NTT together with Axelar General Message Passing as infrastructure to move assets such as MON and ETH between Monad and Ethereum. This implies that a meaningful share of initial asset inflows and potential stress outflows are coupled to Wormhole and Axelar liveness and security assumptions.

Liquidity depth remains a gating factor for liquidation efficiency and bad-debt outcomes. At launch, the “Aave effect” can itself attract incremental liquidity and accelerate TVL growth, but this effect is not guaranteed to translate into durable secondary-market depth at later stages. Current liquidity indicates meaningful balance-sheet capacity on the chain, but it does not by itself guarantee resilient secondary-market depth in the specific collateral venues liquidators rely on during fast repricings. In this context, supply caps and asset selection would typically be the main control surface to align liquidation feasibility with observed venue depth and oracle coverage, at the cost of constraining early revenue potential.

6. Asset suggestions

6.1 Overview

Individual asset-level risk reviews for each asset will be published in a follow-up post.

6.2 Asset parameters

General Configuration

E-Mode 1: Maple syrupUSDC

E-Mode 2: Liquid Leverage

E-Mode 3: Lido Yield Maximiser

E-Mode 4: EtherFi Yield Maximiser

Liquidity Requirements

The liquidity requirement for each proposed asset is defined as exit (swap) liquidity available on-chain, not total value locked. Each requirement is sized as a cover ratio applied to the asset’s supply cap: 10% across the general asset set, 5% for wstETH and weETH (collateral only within E-Mode against wETH). Swap depth is measured along the path a liquidator would realistically execute: stablecoins stable-to-stable, LSTs to wETH, and other volatile assets to the deepest available stablecoin.

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Introduction

This analysis covers the proposed assets for the initial listing on Monad, specifically cross-chain assets already listed on Aave instances. This review provides an overview of key aspects, including chain-specific characteristics, bridging infrastructure, contract implementations, access control, liquidity, and other risk-related factors.

Comparative table

Assets

USDT0

USDT0 is a cross-chain version of Tether’s standard USDT stablecoin, deployed as an OpenZeppelin TransparentUpgradeableProxy contract that uses the TetherTokenOFTExtension. The implementation contract extends the TetherTokenV2 contract, adding cross-chain functionality. To mint and burn bridged USDT0, the OFT contract uses LayerZero to send and receive cross-chain messages.

The asset is bridged via a lock-and-mint model, in which the underlying USDT is backed by locked supply on the Ethereum network. At the time of writing, 87M USDT0 has been bridged to Monad, with bridging enabled from all OFT-enabled chains.

The asset is already listed on other Aave instances, following the exact implementation on other chains, such as Plasma and Mantle. The implementation does not introduce any additional risks relative to the asset’s existing listings on Aave.

Bridge Configuration

USDT0 on Monad uses only the native bridge 3 DVNs setup, which consists of USDT0, LayerZero Labs, and Canary (as opposed to a dual design that includes the legacy mesh bridge). USDT0 doesn’t implement any rate limits for bridge transfers.

Access Control

While deployed behind a TransparentUpgradeableProxy, the contract’s proxy admin has been set to a 0x000 address, indicating that admin privileges have been renounced. The zero address cannot call the upgradeTo function nor reassign the proxy admin.

The owner of the oftContract and USDT0 contract on Monad is set to a 3/5 Multisig via OpenZeppelin Ownable.

Sensitive functions exposed by the contracts include:

• setOFTContract: Sets the address that can mint/burn cross-chain in TetherTokenOFTExtension. Owner only.
• updateNameAndSymbol: Changes token name and symbol in TetherTokenOFTExtension. Owner only.
• crosschainMint/Burn: OFT Contract Only.
• transferOwnership: Transfers ownership to a new address. Owner access only.
• renounceOwnershipRenounces ownership, leaving the contract without an owner. Owner access only.

Liquidity

USDT0 liquidity on Monad is currently concentrated in a Curve 3pool, with the top 5 pools representing a total TVL of less than $5M.

Price Feed Recommendation

For USDT0 pricing, we recommend using the USDT/USD Chainlink price feed with the CAPO stable adapter, consistent with other USDT0 onboardings such as Plasma.

CAPO Configuration

The stable cap adapter is recommended to bound the upward price deviation at 4% ($1.04). This is in line with stablecoins on other markets.

USDC

Circle’s USDC on Monad is deployed as an upgradable ERC20 FiatTokenProxy contract that uses the FiatTokenV2_2 implementation contract. Version 2.2 inherits from FiatTokenV2_1, FiatTokenV2, and FiatTokenV1. USDC is natively minted on Monad, with Circle Mint enabling minting and bridging via CCTP on Monad. Redemptions through Circle Mint are accessible only to qualified persons/businesses. The token’s design is consistent with other chains where USDC is listed on Aave.

At the time of writing, ~228M USDC has been minted on Monad. The implementation does not introduce any additional risks compared to the asset’s existing listings on Aave.

Bridge Configuration

USDC is bridgeable to and from Monad via CCTP. The bridge contractTokenMessengerV2is deployed behind AdminUpgradableProxy. TokenMessengerV2 utilizes a burn and mint mechanism.

Access Control

The contract uses an ownable pattern, which allows the owner to set the master minter, pauser, blacklister, and rescuer addresses. The FiatTokenV2_2 itself declares no new roles, inheriting them from the Ownable, Pausable, and Blacklistable contracts and the FiatTokenV1 contract.

USDC exposes the following roles and sensitive functions:

• Owner: The only role that can assign and reassign other admin roles. Inherited from Ownable. Set to EOA __(__26e0).
  • Can call updateRole and transferOwnership of the owner role.
• Pauser: Contract pausing role, inherited from Pausable. Set to EOA (e8Ea).
  • Can pause / unpause transfers and approvals.
• MasterMinter: Controls the minter registry and allowances, inherited from the FiatTokenV1.
  • Can call configureMinter to add/update minters and removeMinter.
• Minters: Minter-assigned addresses inherited from FiatTokenV1. Current minters include TokenMinterV2, EOA (4826), EOA (597a), EOA (0A8e), EOA (A794), EOA (04A7), and EOA (677c).
  • Can call mint up to the addresses’ minting allowance and burn against their own balance.
• Blacklister: Address that can black list accounts from receiving/transferring USDC. Inherited from. Set to EOA (D6cd).

MasterMinter roles:

• Owner: Authority to trigger configurations of controllers and allowances. Assigned to EOA (a0E6).
• Controllers: Per-minter allowance managers.
• The MasterMinter contract is owned by EOA __(__a0E6)

The bridge contract exposes the following roles (TokenMessengerV2):

• Rescuer: Can retrieve sent USDC. Assigned to EOA (91a1).
• Denylister: Blocks bridge entry per address. Assigned to EOA (5b66).
• FeeRecipient: Receives fees. Assigned to EOA (6379).
• MinFeeController: Adjusts the min fee. Assigned to EOA (9AE2).
• LocalMinter: The bridge’s mint authority is assigned to TokenMinterV2.
• Owner: can call upgradeTo, addRemoteTokenMessenger, removeRemoteTokenMessenger, setLocalMinter, setFeeRecipient. Assigned to EOA (4a47).

TokenMinter roles:

• TokenController: owner equivalent that can callsetMaxBurnAmountPerMessage, addLocalTokenMessenger, and pause/unpause the contract. Assigned to EOA (e69C).
• Pauser: Independent pause from TokenMessengerV2. Assigned to EOA (1fBb).
• LocalTokenMessenger: authorized to call mint/burn on TokenMinter. Assigned to TokenMessengerV2.

A per-transaction burn cap is applied with maxBurnAmountPerMessage on TokenMinterV2. This sets the maximum a single burn operation can process - currently set to 10M USDC.

Liquidity

Price Feed Recommendation

For USDC pricing, we recommend using the USDC/USD Chainlink price feed with the CAPO stable adapter, consistent with other USDC onboardings such as Mantle.

CAPO Configuration

The stable cap adapter is recommended to bound the upward price deviation at 4% ($1.04). This is in line with stablecoins on other markets.

USDe & sUSDe

USDe and sUSDe on Monad are deployed as non-upgradeable OFT contracts and use the standard OFT ERC20 token implementation. Both contracts have no proxy pattern and no upgrade functions exposed. StakedUSDeOFT extends USDeOFT , adding a blacklist mechanism on top of the inherited OFT and rate limit logic. The token and OApp are the same contract for both assets. This implementation is similar to that of other instances, such as Plasma. At the time of writing, neither asset had a circulating supply on Monad.

Bridge Configuration

Both assets bridge via LayerZero OFT. The OApp configuration uses a 4/0 DVN setup with required DVNs including: Horizen, LayerZero Labs, Canary, and Nethermind.

Access Control

USDeOFT and StakedUSDeOFT share the same role structure inherited from OFTOwnable2Step:

• OWNER: Controls all sensitive functions, including setPeer, setDelegate, setRateLimiter, setRateLimits, and setBlackLister (sUSDe only). Two-step ownership transfer pattern. Assigned to 5/10 Safe.
• RATE_LIMITER: Can call setRateLimits to adjust per chain outbound caps. Owner-controlled

StakedUSDeOFT adds:

• BLACKLISTER: Can call updateBlackList to blacklist/unblacklist addresses. Blacklisted recipients on inbound transfers have funds redirected to the owner. Owner-controlled.

Liquidity

Uniswap USDe/USDT and sUSDe/USDe pools are planned to be introduced. Onboarding for this asset should be contingent on the necessary liquidity being deployed to these pools.

Price Feed Recommendation

For USDe, we recommend pricing USDe using the Chainlink USDT/USD feed, covered via a stable cap adapter.

For sUSDe, we recommend using the Chainlink sUSDe/USDe exchange rate with a CAPO adapter, and using the USDe CAPO stable adapter as the base price.

These implementations are consistent with the approach adopted across all Aave instances for USDe-denominated assets.

CAPO Configuration

The stable cap adapter is recommended to bound the upward price deviation at 4% ($1.04). This is in line with stablecoins on other markets.

sUSDe’s yield has been compressing recently, operating within a 2-10% band since June 2025. We recommend setting Snapshot Delay at 7 days, providing sufficient smoothing against short-term volatility, with maxYearlyGrowthRatio at 11.17%.

Source: sUSDe Historical APY, Dune, June 24, 2026

mUSD

mUSD is MetaMask’s USD stablecoin, deployed as an OpenZeppelin TransparentUpgradeableProxy contract that uses the MUSD implementation contract. The token is bridged using a hub and spoke, with the implementation contract inheriting from the base MExtension contract, which wraps and unwraps the underlying $M tokens backing mUSD (via the SwapFacility contract). The implementation contract adds governance and compliance features, such as pausing, role-based access control, and the ability to seize tokens from frozen accounts.

The asset is already listed on Aave’s Core and Linea markets, using the same MUSD implementation contract. At the time of writing, ~503K mUSD are currently circulating on Monad.

Bridge Configuration

mUSD on Monad uses M0’s native hub and spoke bridging architecture, leveraging Wormhole’s cross-chain messaging infrastructure, Native Token Transfers (NTT). Ethereum acts as the hub, with $M being bridged via a lock/release mechanism. Monad as the spoke chain operates $M minting and burning via a SpokePortal contract, which is then wrapped to originate mUSD. Cross-spoke transfers are gated behind a crossSpokeTokenTransferEnabled parameter, while hub-spoke bypasses this check.

There are no rate-limiting parameters in the Portal base contract. No inbound or outbound transfer limits are defined or enforced, and transfer volume is bounded only by the crossSpokeTokenTransferEnabled flag and supported bridging path configuration. Message delivery is handled by the bridge adapter - HyperlaneBridgeAdapter.

Access Control

mUSD employs OpenZeppelin’s role-based access control framework to manage sensitive functions, with the Monad setup mirroring the existing Ethereum and Linea setups.

The mUSD contract exposes the following roles:

• DEFAULT_ADMIN_ROLE: can grant and revoke all other roles (superadmin). Assigned to TimelockController 1.
  • TimelockController is assigned the TL DEFAULT_ADMIN_ROLE
  • 3/5 Multisig (3b04) is assigned the TL CANCELLER_ROLE, EXECUTOR_ROLE, and PROPOSER_ROLE
• PAUSER_ROLE: Pauses/unpauses all wraps, unwraps, and mUSD transfers. Assigned to 2/3 Multisig (c8f3) and M0: Deployer.
• FREEZE_MANAGER_ROLE: Freeze/unfreeze accounts. Assigned to EOA (A464) and EOA (5246).
• FORCED_TRANSFER_MANAGER_ROLE: Seizes tokens from frozen accounts. Assigned to EOA (5246).
• YIELD_RECEIPT_MANAGER_ROLE: Can trigger yield claims and set the recipient address. Assigned to 3/7 Multisig (4E6c) and EOA (5fbf)

The SpokePortal is deployed as an ERC1967 proxy, with the contract following a UUPS upgrade pattern. Upgrades are executed via upgradeToAndCall. Three roles are defined:

• DEFAULT_ADMIN_ROLE: Can grant/revoke roles, and call upgrades. Assigned to a 3/5 Safe.
• PAUSER: Can pause the portal’s inbound and outbound transfers of $M token transfers. Assigned to EOA (40BB).
• OPERATOR_ROLE: Controls bridge configuration. Can call enableCrossSpokeTokenTransfer to open $M flows between spoke chains. Assigned to EOA (40BB).

The SwapFacility contract, which is critical for the underlying $M backing, exposes the following roles and sensitive functions:

• DEFAULT_ADMIN_ROLE: sets Extensions and M Swapper contracts. Assigned to 3/5 Multisig (9d19).
• PAUSER_ROLE: Can pause/unpause swap paths. Assigned to M0: Deployer.
• M_SWAPPER_ROLE: wraps M into any extension (non-rebasing ERC20) or unwraps back to M. Assigned to SpokePortal.

Timelocks employ a 3-day minimum delay.

Liquidity

Price Feed Recommendation

We recommend using a fixed feed for mUSD pegged at $1.

AUSD

Agora USD on Monad is issued behind AgoraDollarErc1967Proxy, an upgradeable proxy contract that uses the OpenZeppelin transparent proxy pattern. The implementation contract references the AgoraDollar contract, which inherits from the AgoraDollarCore contract functionalities. AUSD is bridged using LayerZero’s OFT Adapter and supports ERC3009 for gasless token transfers and ERC2612 for approvals via signatures.

The asset is already listed on Aave’s Avalanche instance, but it is the natively issued implementation. The bridging mechanism adheres to LayerZero’s OFT standards. The implementation and bridging architecture does not introduce any additional risks. At the time of writing, 32.8M AUSD is currently circulating on Monad.

Bridge Configuration

The AgoraMintBurnOFTAdapter contract uses the OFT standard to bridge AUSD, using a burn and mint mechanism. Its functionality includes standard cross-chain messaging and rate-limit capabilities. The OApp configuration uses a 5/0 DVN setup comprising Deutsche Telekom, Horizen, Frax, Canary, and Nethermind.

AUSD implements rate limits for bridge transfers. The current rate limit is set to 5 M AUSD for both inbound and outbound within a 4-hour window.

Access Control

AUSD uses a 2-layered role-based access control system that delegates role management. The Monad roles consist of the access control manager, pauser, and rate limit manager. These roles enable holders to:

• ACCESS_CONTROL_MANAGER: can grant and revoke every other role and controls contract upgrade logic functions, which include access to setIsTransferUpgraded, setIsTransferFromUpgraded, setIsTransferWithAuthorizationUpgraded, and setIsReceiveWithAuthorizationUpgraded. Assigned to EOA (30e2)
• PAUSER: can pause/unpause the token operations. Assigned to EOA (2a25)
• MINTER: can mint AUSD. Assigned to EOA (d7ff)
• BURNER: Can unilateral burn tokens. Assigned to EOA (dC1D)
• RATE_LIMIT_MANAGER: controls the mintable limits on Monad. Assigned to EOA (d6dc)
• FREEZER: can freeze accounts, blocking any transfers. Assigned to EOA (4681)
• BRIDGE_MINTER: Bridge permitted to mint on the Monad. Assigned to AgoraMintBurnOFTAdapter.
• BRIDGE_BURNER_ROLE: Bridge permitted to burn tokens on Monad. Assigned to AgoraMintBurnOFTAdapter.

The OFT adapter follows the same access-control pattern, with roles including: access-control manager, pauser, and rate-limiter manager.

• ACCESS_CONTROL_MANAGER: Grants and revokes all other roles. Assigned to EOA (7570).
• PAUSER: Pauses all inbound and outbound bridging activity EOA (6498).
• RATE_LIMIT_MANAGER: Set max allowance per time window for inbound/outbound transfers. Assigned to EOA (3391).
• OWNER: Ownable permission that is separate from the role system. It controls who can configure the OApp endpoint level; these addresses have access to critically sensitive functions such as setDelegate, setPeer, and can call upgradeToAndCall (via the proxy admin). Assigned to EOA (7570)

Liquidity

Price Feed Recommendation

For pricing, we recommend using Chainlink’s AUSD/USD price feed.

CAPO

The stable cap adapter is recommended to bound the upward price deviation at 4% ($1.04).

WETH

WETH is deployed behind an ERC1967 proxy; however, the proxy is effectively immutable. The contract exposes no external upgrade function, no proxy admin contract is recorded in the admin slot, and the only role present on the contract is minter. The implementation address, therefore, cannot be changed through any on-chain mechanism. The implementation itself is a Wormhole Token contract.

As with other bridged WETH instances onboarded, Wrapped ETH on Monad follows the same immutable pattern. At the time of writing, 7,759 WETH are currently circulating on Monad.

Bridge Configuration

Monad WETH uses Wormhole’s MultiTokenNTT (Native Token Transfers) mechanism, a custom multi-token manager that enables bridging multiple assets within a single contract. For WETH, the NTT uses a hub-and-spoke design that locks tokens on the source ‘hub’ chain and mints the equivalent on ‘spoke’ chains, maintaining the total supply on the hub. ETH is wrapped and locked on mainnet before being transferred to Monad via the wrapAndTransferGasToken and IWETH.withdraw functions.

Cross-chain message routing and threshold attestations are handled by a GmpManager contract, which performs transfers using NttManagerMessage payloads and dispatches them to enabled transceivers. A 2/2 transceiver threshold is required for message attestations before execution.

WETH rate limits for bridge transfers in both directions are currently set to 0, meaning there is currently no inbound or outbound rate limit set for WETH in the bridging contract.

Access Control

WETH exposes no upgradeTo, upgradeToAndCall, or any admin-controlled upgrade functions. A single privileged role is exposed in the contract, minter, which is assigned to the bridge address (MultiTokenNTT).

• MINTER: Can mint WETH to any address and transfer minter authority to any new address via setMinter.

The access control privileges exposed by the MultiTokenNTT contract include:

• OWNER: Controls all sensitive bridge functions, including upgrade, setPeer (configures trusted remote bridge addresses per chain), setOutboundLimit / setInboundLimit, overrideLocalAsset (remaps foreign token representations), and unpause. Assigned to the Wormhole Governance contract.
• PAUSER: Can call pause all transfers and minting. Only the owner can unpause the bridge after it has been paused. Assigned to the Wormhole Governance contract.

The GmpManager follows the same Owner and Pauser pattern, with its own owner controlling the setPeer function for trusted remote GmpManager addresses per chain and transceiver/threshold configuration. The owner controls the transceiver set and threshold independently. The Owner and Pauser are assigned to the Wormhole Governance contract.

Liquidity

Price Feed Recommendation

We recommend using the Chainlink ETH / USD Price Feed.

cbBTC

Coinbase BTC (cbBTC) on Monad is issued behind a TransparentUpgradeableProxy, the implementation points to BurnMintERC20PausableFreezableTransparent, which inherits from BurnMintERC20PausableTransparent.

The asset is already listed on Aave’s Base and Core instances, but doesn’t follow the same FiatToken implementation. The implementation introduces no additional risks beyond the asset’s existing listings on Aave, as it uses a standard Chainlink burn-mint ERC20 with pause and account-freeze capabilities. At the time of writing, the circulating supply on Monad is approximately ~161 cbBTC.

Bridge Configuration

cbBTC uses Chainlink’s canonical cross-chain token standard. The proxy and token pool architecture is standard Chainlink infrastructure components, consisting of four primary contracts: a Router (entry point), a OnRamp contract at source, an OffRamp receiver, and a BurnMintTokenPool for mint/burn. On the Base chain source, the pool locks tokens, while the Monad pool mints. Inbound and outbound messages are routed using registered OnRamp and OffRamp contracts. The Monad BurnMintTokenPool contract uses a burn and mint mechanism when transferring cbBTC, acting as a middle layer between the onramp and offramp messages.

Message finality on the OffRamp is enforced via Merkle root commits signed by Chainlink’s OCR DON and optionally verified by RMN (Risk Management Network). The cbBTC rate limits for bridge transfers are currently set to 25.0 cbBTC for inbound transfers and 27.5 cbBTC for outbound transfers. Caps refill continuously at 0.00031828 cbBTC per second inbound and 0.00028935 cbBTC per second outbound, up to their respective capacities.

Access Control

The token uses OpenZeppelin’s role-based access control pattern. cbBTC’s roles and associated sensitive functions are as follows:

• DEFAULT_ADMIN_ROLE: Can grant and revoke all other roles. Assigned to RBACTimelock.
• MINTER_ROLE: Can mint cbBTC on Monad. Assigned to the BurnMintTokenPool contract.
• BURNER_ROLE: Can burn cbBTC. Assigned to the BurnMintTokenPool contract.
• PAUSER_ROLE: Can pause all token transfers, mints, and burns. Assigned to RBACTimelock.
• FREEZER_ROLE: Can freeze individual accounts, blocking transfers, mints, and burns to/from the frozen address. Freeze actions take effect even when the contract is paused. Assigned to RBACTimelock.

A separateccipAdmin role allows the holder to register/deregister the token from the CCIP TokenAdminRegistry. Role has no minting or governance powers. Assigned to RBACTimelock.

The token pool contract uses an owner control system. The Monad pool is owned by RBACTimelock, allowing it to:

• applyChainUpdates / applyRampUpdates: add or remove supported chains and their associated on/off ramps.
• Rate limit configuration, including capacity and refill rates per chain direction.
• setRouter: update the local CCIP router reference.
• Manage the pool’s allowlist, if whitelisting mode is enabled.

The Router uses a single-owner model. The owner assigned to RBACTimelock has controls over:

• controls applyRampUpdates (add/remove on-ramps and off-ramps) and
• setWrappedNative. The whenHealthy modifier gates ccipSend and routeMessage on the ARM proxy not being in a cursed state.

The OnRamp/OffRamp uses a single owner control system (assigned to RBACTimelock).

• Update feeQuoter, messageInterceptor, and permissionLessExecutionThresholdSeconds(via setDynamicConfig)
• applySourceChainConfigUpdates: enable/disable source chains and update associated OnRamp addresses.
• OCR configuration (transmitter set, signer set, threshold) via setOCR3Configs.

The Timelock applies a 3-hour minimum delay.

Liquidity

Price Feed Recommendation

We recommend using the cbBTC / USD Chainlink price Feed.

wstETH

wstETH is issued behind a TransparentUpgradeableProxy, the implementation is BurnMintERC20Transparent, a Chainlink-native contract that inherits AccessControlDefaultAdminRulesUpgradeable and ERC20BurnableUpgradeable. The asset is already listed on other Aave instances and follows the implementation as on other instances, such as MegaETH.

Bridge Configuration

wstETH uses Chainlink’s canonical cross-chain token standard. wstETH is bridged via Chainlink CCIP using a Lock/Release pool on Ethereum and a Burn/Mint pool on Monad. As described in cbBTC, the proxy and token pool architecture uses the same Chainlink infrastructure components, and the implementation introduces no novel risk surface beyond what is inherent to CCIP.

At the time of writing, the circulating wstETH supply on Monad is 21,037. Rate limits for bridge transfers use CCIP’s token-bucket model. Inbound transfers have a capacity of ~2,200 wstETH, and outbound transfers have a capacity of ~2,000 wstETH. Each cap continuously refills at approximately 0.0255 wstETH per second inbound and 0.0231 wstETH per second outbound.

Access Control

The token uses the same role-based access control pattern as cbBTC, except for an additional mandatory time delay for DEFAULT_ADMIN_ROLE transfers, a CCIP admin privilege, and the exclusion of the freezer and pauser roles. wstETH roles and their assignments:

• DEFAULT_ADMIN_ROLE: Assigned to RBACTimelock.
• MINTER_ROLE: Assigned to the BurnMintTokenPool contract.
• BURNER_ROLE: Assigned to the BurnMintTokenPool contract.

The ccipAdmin assignment allows the holder to register/deregister the token from the CCIP TokenAdminRegistry. Role has no minting or governance powers. Assigned to RBACTimelock.

The Router owner is assigned to the RBACTimelock.

The OnRamp and Offramp use a single owner control system, with the owners assigned to RBACTimelock. The timelock employs a 3-hour delay.

Liquidity

Price Feed Recommendation

We recommend pricing wstETH with a CAPO adapter using Chainlink’s wstETH/stETH exchange rate, with the ETH/USD price feed.

CAPO Configuration

Source: wstETH Historical APY, Dune, June 24th, 2026

Lido staking yield has fluctuated between 2% and 4% over the past year. Given the observed ceiling of 4.28% seen in February 2025, applying a 2.5x safety buffer, we recommend setting the max yearly growth to 10.7%. The 7-day snapshot is consistent with recommendations made on Plasma.

weETH

weETH on Monad is deployed behind a TransparentUpgradeableProxy with an EtherfiOFTUpgradeable implementation using the standard OpenZeppelin transparent proxy pattern. The implementation contract inherits from LayerZero’s OFTUpgradeable, Solady’s EnumerableRoles, OZ’s PausableUpgradeable, and a custom PairwiseRateLimiter.

On Aave V3, weETH is available on Ethereum Core, Base, Linea, Plasma, Ink, Arbitrum, and Scroll. Following the same implementation for bridged instances. The EtherfiOFTUpgradeable functions as both the token and the OApp contract on Monad.

Bridge Configuration

weETH uses LayerZero’s native OFT standard with peer-specific rate limits on bridge transfers, with the OFT logic and token logic co-located in a single upgradeable contract. The OApp configuration on Monad uses a 4/0 DVN setup: LayerZero Labs, Canary, Nethermind, and Horizen. Canonical weETH is locked on mainnet in the EtherfiOFTAdapterUpgradeable contract and currently holds 111K weETH, representing the total global bridged supply via LayerZero. At the time of writing, ~4.8 weETH are currently circulating on Monad.

Access Control

EtherfiOFTUpgradeable role management uses EnumerableRoles, with role assignments restricted to owner(), which is the EtherFiTimelock contract. The three defined roles and the owner privilege map are as follows:

• MINTER_ROLE**:** Set to the contract logic (unassigned).
• PAUSER_ROLE: Assigned to EOA (844D).
• UNPAUSER_ROLE: Assigned to 3/7 GnosisSafeProxy.

The contract proxy admin controls upgradeToAndCall. The timelock employs a 3-day time delay.

Liquidity

Price Feed Recommendation

For pricing, we suggest using Chainlink’s weETH/eETH exchange price feed with Chainlink ETH / USD as the base price, and a CAPO adapter.

CAPO Configuration

Source: weETH Historical APY, Dune, June 24, 2026

Yields have fluctuated between 2% and 4%. We recommend the same LST 2.5x buffer for weETH, based on an observed ceiling of 3.81% in April 2025, and yield stemming solely from staking rewards.

syrupUSDC

Monad syrupUSDC is deployed as a non-upgradeable BurnMintERC20 contract, with a flat OpenZeppelin access control. The implementation does not introduce any additional risks compared to the asset’s existing listings on Aave.

Bridge Configuration

syrupUSDC uses Chainlink’s canonical cross-chain token standard. Tokens are bridged via Chainlink CCIP using a Lock/Release pool on Ethereum and a Burn/Mint pool on Monad. syrupUSDC shares the same CCIP infrastructure as wstETH, with the only differences being the token contract and the pool layer addresses.

At the time of writing, there is effectively no circulating supply on Monad. Rate limits for bridge transfers use a token-bucket model. Inbound transfers have a capacity of ~9,482,758 syrupUSDC, and outbound transfers have a capacity of ~8,620,689 syrupUSDC. Each bucket refills continuously at 2,633.4 syrupUSDC per second inbound and 2,394.0 syrupUSDC per second outbound, up to their respective capacities.

Access control

The contract uses flat OZ access control with no proxy delegation layer. syrupUSDC roles and their assignments:

• DEFAULT_ADMIN_ROLE: Assigned to GovernorTimelock.
• MINTER_ROLE: Assigned to the BurnMintTokenPool contract.
• BURNER_ROLE: Assigned to the BurnMintTokenPool contract.

The ccipAdmin assignment allows the holder to register/deregister the token from the CCIP TokenAdminRegistry. Assigned to RBACTimelock.

The Router owner is assigned to the RBACTimelock.

The OnRamp and Offramp use a single owner control system, with the owners assigned to RBACTimelock. The Governor timelock employs a 24-hour time delay.

wstETH, cbBTC, and syrupUSDC share the same CCIP Admin (RBACTimelock), the role has no minting or governance powers and simply adds whitelisted assets eligible to use CCIP, thus it is likely a Chainlink-controlled contract.

Liquidity

Price Feed Recommendation

We recommend using the Chainlink syrupUSDC/USDC exchange rate defined in combination with the USDC/USD feed and CAPO adapter.

CAPO Configuration

Source: syrupUSDC Historical APY, Dune, June 24, 2026

We recommend setting the Snapshot Delay to 7 days and the maxYearlyGrowthRatio to 8.05%.

Conclusion

We believe this set of initial assets poses minimal risk for onboarding to the Monad instance. We note that some of the assets presented above have minimal to no circulating supply or liquidity at the time of writing. Stakeholders have indicated that the necessary liquidity will be made available to support these onboardings.

In cases where an EOA is used for critical roles or a timelock is not implemented in upgrades, we will follow up with the relevant teams to request further clarification on whether these EOAs are MPCs or to assign these roles to more secure mechanisms.

Thanks for raising this proposal.

Aave Labs previously published a dedicated Network Technical Assessment for Monad, available here: AL Technical Analysis: Aave v3.6 Monad. The assessment was performed against v3.6, and its findings remain applicable to v3.7 given no material differences in the Monad deployment scope between the two versions.

I support this proposal.

Monad represents a significant opportunity for Aave to establish an early leadership position in a new high-performance EVM ecosystem. Deploying at this stage allows Aave to become a core liquidity layer from the beginning rather than competing for market share later.

The proposed incentive package is particularly attractive. The commitment of $15M in ecosystem incentives together with the acquisition and retention of 10M GHO demonstrates meaningful alignment between Monad and Aave. I also view the expansion of the GHO ecosystem through remoteGSM, CCIP connectivity, and dedicated reserve infrastructure as an important strategic benefit beyond simple TVL growth.

At the same time, Monad remains an emerging network and actual adoption will need to justify the proposed growth assumptions. For this reason, ongoing monitoring of liquidity quality, utilization rates, and risk parameters will remain important as the market develops.

Overall, the proposal appears to offer a favorable balance between growth potential and risk, while strengthening Aave’s position as the preferred liquidity and lending layer across new blockchain ecosystems.

Following the asset risk assessment shared above, we provide an update on the price feed configuration for the initial Monad deployment.

Given that Monad launches with an already bootstrapped user base, with meaningful supply and borrow activity expected from the outset, we recommend enabling Smart Value Recapture (SVR) feeds from the first day of operation. Unlike a cold-start deployment where liquidation flow builds gradually, the existing activity on Monad means recapturable value is present immediately, so deferring SVR would forgo recapture revenue during a period when it is already available.

The configuration is equivalent to the system already in production on supported L2s, notably Base and Arbitrum, as described in [ARFC] Aave Chainlink SVR Multi-Network Expansion (Base, Arbitrum). SVR routes the oracle extractable value generated during liquidations back to the protocol rather than to external searchers, and the Monad setup applies the same wrapper and adapter pattern used on those networks. The SVR-enabled asset adapters consume the corresponding ScaledPriceAdapter SVR wrappers, while GHO and mUSD retain standard (non-SVR) feeds consistent with their pricing approach elsewhere.

The full adapter list is as follows.

Price Adapters (non-SVR)

• GHO: 0x26cb…109c
• mUSD: 0xbbb5…71a3

ScaledPriceAdapter (SVR wrappers)

• ETH/USD SVR: 0x47F1…e373
• cbBTC/USD SVR: 0x4869…1DdA
• USDT0/USD SVR: 0x1099…8885
• USDC/USD SVR: 0xd8Ba…7FE7
• AUSD/USD SVR: 0x7b8d…029A

Price Adapters (SVR-enabled)

• USDT: 0x3c18…2730
• USDC: 0x7879…F0D9
• AUSD: 0x6b7c…1D0C
• USDe: 0x3abA…f090
• wstETH: 0x7c1D…95A5
• weETH: 0x53E2…2FE1
• syrupUSDC: 0x2084…BdB4
• sUSDe: 0xfB19…4102