Mantle initial assets. Technical overview
This analysis covers the assets proposed for the initial listing on Mantle. As these assets are already listed on one or more Aave instances, the review provides an overview of key aspects, including contract implementations and access controls for critical components relevant to protocol security during the listing process, to provide extra transparency for the community.
Disclosure: This is not an exhaustive security review of the asset like the ones conducted by the asset’s teams, but an overview analysis from an Aave technical service provider on various aspects we consider critical before listing an asset that is already listed on other Aave instances. Therefore, like with any security review, this does not make an absolute statement that the asset is flawless, only that, in our opinion, we do not see significant problems with its integration with Aave, aside from different trust points.
Assets
The following is a non-exhaustive overview of the assets’ smart contracts that will initially be listed on Mantle.
USDC
The Circle’s USDC token on Mantle is an upgradable contract that uses the ERC20 Fiat Token via the Fiat Token Proxy standard, consistent with other chains where USDC is listed on Aave, with a slight modification that allows only the L2StandardBridge from the OP Stack to mint and burn tokens. For access control, it employs the ownable pattern, which allows setting the master minter, pauser, blacklister, and rescuer addresses. The master minter can whitelist addresses to mint USDC. The pauser can pause and unpause transfers. The blacklister can block addresses from sending and receiving USDC. The rescuer can transfer ERC20 tokens sent to the USDC contract.
The implementation does not introduce any additional risks compared to the asset’s existing listings on Aave.
For USDC pricing, we recommend using the Capo stable adapter with the USDC/USD Chainlink price feed.
| Upgradable | Access Control | Minter and Burner | Locked funds on mainnet | Upgradable Locked funds | Locked funds access Control |
|---|---|---|---|---|---|
| USDC: Safe 6-of-14 | ownable: Safe 6-of-13 | whitelisted by the master minter (Safe 6-of-13): L2StandardBridge | - | - | - |
USDT0
The USDT0 stablecoin is an upgradable OZ Transparent Proxy that uses the TetherTokenV2 standard with an OFT extension.
The asset is already listed on other Aave instances and uses the same implementation, such as Plasma.
For access control, it uses the OZ Ownable, where the owner is set to a Safe 3-of-5. The principal role is to configure the OFT Contract and to upgrade the Proxy’s implementation.
The OFT extension gives an OFT Contract the capabilities to mint and burn the tokens. This OFT Contract is the adapter (LZ OApp) that receives messages from the LayerZero bridge to mint tokens.
The implementation does not introduce any additional risks compared to the asset’s existing listings on Aave.
For USDT0 pricing, we recommend using the Capo stable adapter with the USDT/USD Chainlink price feed.
| Upgradable | Access Control | Minter and Burner | Locked funds on mainnet | Upgradable Locked funds | Locked funds access Control |
|---|---|---|---|---|---|
| USDT0: ProxyAdmin → Safe 3-of-5 | ownable: Safe 3-of-5 | owner: Safe 3-of-5 and OFT Contract | OFTAdapterUpgradable | Proxy Admin → Safe 3-of-5 | Ownable: Safe 3-of-5 |
USDe & sUSDe
The Ethena’s tokens USDe and its staked version sUSDe on Mantle are non-upgradable and use the standard OFT ERC20 token implementation, including the standard LZ OApp and rate limiter capabilities.
Both assets are already listed on other Aave instances and follow the exact implementation on other chains, such as Plasma, Avalanche, and ZkSync. The implementation does not introduce any additional risks compared to the asset’s existing listings on Aave.
For access control, both contracts use OZ Ownable2Step with the same 5-of-11 Safe as owner, which controls, among other things, the OFT, the OApp, and the mint/burn rate limiter. Only sUSDe also has an owner-managed blacklist.
By featuring the OApp, the token contracts themselves act as the facilitator, receiving messages directly from the bridge (LZ endpoint) to mint and burn tokens. The implementation of both assets and their lock contracts doesn’t impose risks for the listing.
We suggest pricing USDe with the CAPO stable adapter using the USDT / USD Chainlink Price feed, while for sUSDe, we suggest a CAPO adapter using the sUSDe/USDe exchange rate provided by Chainlink with the USDe Capo Stable adapter as the base price. The suggestion is consistent with other instances where both assets are listed.
| Upgradable | Access Control | Minter and Burner | Exchange Rate | Locked funds on mainnet | Upgradable Locked funds | Locked funds access Control |
|---|---|---|---|---|---|---|
| USDe: Not upgradable | ownable 2-step: Safe 5-of-11 | LZ Endpoint | - | USDeOFTAdapter | - | Ownable: Safe 5-of-11 |
| sUSDe: Not upgradable | ownable 2-step: Safe 5-of-11 | LZ Endpoint | sUSDe / USDe (Provided by Chainlink Feed) | StakedUSDeOFTAdapter | - | Ownable: Safe 5-of-11 |
WETH
The WETH token is a non-upgradable contract that uses the LegacyERC20ETH implementation, part of the pre-deployed contracts in the Mantle ecosystem, providing an ERC20 interface for ETH deposited into the Mantle ecosystem. WETH can only be minted during a deposit transaction executed via the L2CrossDomainMessenger contract, using the same minting process as for MNT. It’s important to note that Mantle’s native token is MNT, not ETH. Therefore, the WETH address differs from the other OP Stack chains.
The implementation doesn’t impose risks for the listing.
For WETH pricing, we recommend using the WETH/USD Chainlink price feed.
| Upgradable | Access Control | Minter and Burner | Locked funds on mainnet | Upgradable Locked funds | Locked funds access Control |
|---|---|---|---|---|---|
| - | - | L2CrossDomainMessenger | Mantle OptimismPortal | ProxyAdmin → Safe 6-of-13 | - |
WMNT
The WMNT token is a non-upgradable contract that uses the OZ ERC20 implementation to wrap the chain’s native asset (in this case, MNT) into an ERC20-like token. WMNT is not precisely the same as WETH9, which is widely used on EVM chains. Still, because it implements the same methods and inherits OZ’s ERC20 implementation, it poses no risk to the listing.
For pricing WMNT, we recommend using the MNT/USD Chainlink price feed.
| Upgradable | Access Control | Minter and Burner | Locked funds on mainnet | Upgradable Locked funds | Locked funds access Control |
|---|---|---|---|---|---|
| - | - | - | Mantle OptimismPortal | ProxyAdmin → Safe 6-of-13 | - |
FBTC
The FBTC on Mantle uses the exact implementation as on mainnet and the same bytecode, which is already listed on Aave. Cross-chain transfers are controlled by the FireBridge contract, as described in the FBTC technical analysis here.
The implementation does not introduce any additional risks compared to the asset’s existing listings on Aave.
For pricing FBTC, we recommend using the BTC/USD Chainlink Price Feed to keep consistent with the mainnet instance.
| Upgradable | Access Control | Minter and Burner | Locked funds on mainnet | Upgradable Locked funds | Locked funds access Control |
|---|---|---|---|---|---|
| - | owner: governance multisig 5-of-8 | FireBridge | - | - | - |
Miscellaneous
-
The listed assets are the official contracts on the Mantle network. Among them, WMNT is the wrapped version of the native chain token, USDC and WETH are bridged via the canonical Mantle bridge, and FBTC is native and managed through its own bridge. For the other assets in this analysis, the responsible teams selected the LayerZero bridge, implementing the OFT standard to avoid liquidity fragmentation.
-
These bridged assets use the widely adopted OFT standard implementation with little to no changes, which does not affect their overall usability or security. When tokens are sent cross-chain via LayerZero, they are locked in an OFT Adapter contract. The messages are transmitted to the destination chain through the LZ endpoint, where the OApp (OFT adapter or the token itself) receives the message and mints the token. The tokens can be sent back by burning them (via OFT adapter or the token itself), which triggers a message on the LZ endpoint to release the tokens from their respective OFT adapters on the mainnet.
-
The assets on mainnet are secured and locked in an OFT Adapter extension contract, which implements the OFT mechanisms, locking and releasing the tokens as they are bridged through LayerZero.
-
For MNT, and WETH, the assets are locked in the Mantle OptimismPortal, using the same locking and releasing mechanism for cross-chain transfers.
-
The OFT and OApp audits can be found in the LayerZero audits GitHub repository here.
Conclusion
We believe the initial assets have no problems with integration into Aave, and there are no technical blockers for listing.