---

title: [ARFC] Deploy Aave v3 on X Layer
Author: @Tokenlogic
Created: 2025-09-25

---

Summary

This ARFC proposes the deployment of an Aave v3 Instance on X Layer.

Motivation

X Layer is expected to act as both a payment-focused network and a DeFi hub, creating new avenues for user onboarding, real-world adoption, and capital efficiency. Deploying on Aave v3 on X Layer continues the strategy of taking Aave to users. X Layer has the potential to significantly grow Aave’s reach, strengthen user acquisition through OKX’s user base, and capture fresh liquidity.

X Layer’s vision is to serve as a general-purpose platform for payments and DeFi, connecting users and businesses with on-chain opportunities. The core focus will be on building infrastructure that enhances both financial accessibility and scalable DeFi applications. Aave Protocol will be a key pillar of the X Layer ecosystem.

Specification

The below values are for indicative purposes only, that will updated upon receiving feedback from both LlamaRisk and Chaos Labs.

Aave Protocol

General Configuration

eMode #2

E-Mode #3

eMode #4

eMode #5

eMode #6

27/02/2026 Note: Upon discussions with the OKX team and Risk Service providers, the above tables have been updated to reflect on-chain liquidity considerations and X Layer’s preferred go-to-market strategy.

CAPO Parameters sUSDe

Upon confirmation of the Aave deployment on X Layer, the X Layer team will:

• X Layer will provide a rewards budget, currently being finalised.
• OKX wallet and exchange user base will be encouraged to use X Layer
• Early discussions with partners indicate additional rewards are being provided to support the adoption of various products.
• X Layer will support the integration and assist with boosting the adoption of Aave’s GHO stablecoin within its ecosystem, targeting real-world and institutional use cases.
• Collaborate with liquidity providers, institutional capital allocators, and partners to expand supply in Aave v3 for xBTC and stablecoins.
• Entrust TokenLogic and ACI, on behalf of Aave DAO, to manage the design and distribution of liquidity mining campaign to Aave users respectively.

Disclosure

TokenLogic does not receive any payment for this proposal.

Next Steps

1. Publish an ARFC to continue gathering community and Service Providers feedback.
2. Escalate proposal to ARFC Snapshot.
3. If the ARFC snapshot outcome is YAE, publish an AIP vote for final confirmation and enforcement of the proposal.

Copyright

Copyright and related rights waived via CC0.

Full support for this proposal.
As Aave’s partner, Balancer has already proposed deploying on X Layer too.
Being live on a new chain from day one and providing liquidity into the ecosystem while also enabling that liquidity to act as Aave market depth has proven a winner.

Summary

LlamaRisk supports Aave V3 deployment on X Layer. At this stage, the network has a comparatively low DeFi TVL of around $26 million and a total stablecoin market cap at $84.1 million, with usage still concentrated in early DEX activity and incentive-driven flows. X Layer is built with Polygon’s CDK and connected to the AggLayer, which provides cross-chain interoperability and unified bridging. The design runs on a single trusted sequencer with no fallback for forced inclusion, meaning ordering and liveness are centralized.

The gas token is OKB, whose supply has been fixed at 21 million following a one-time burn and contract upgrade in August 2025. All fees on the network are paid in this asset. Current issuance of stablecoins and other key tokens is through bridged variants rather than native deployments, which places reliance on bridge operators and external issuers.

While we initially support the list of assets proposed by @TokenLogic, we’ll be providing separate, asset-specific recommendations. This is due to the proposed onboarding of entirely new assets—OKB, xBTC, and USDG—onto Aave’s markets, which necessitates in-depth individual asset assessments. We will share these evaluations in due course in this same governance thread.

1. Network Fundamental Characteristics

1.1 Network Overview

X Layer is a Zero-Knowledge (ZK) Ethereum Layer 2 (L2) and is built with the Polygon Chain Development Kit (CDK) as part of a strategic collaboration between OKX and Polygon Labs. Following the Pessimistic Proofs (PP) upgrade, completed on August 5, 2025, it offers full compatibility with the Ethereum Virtual Machine (EVM), enabling developers to deploy existing Ethereum applications.

X Layer processes transactions through an EVM, while its state and data are kept off-chain. Standard execution occurs natively on L2, while Polygon’s Pessimistic Proof mechanism is triggered only for bridging and cross-domain settlement to establish verifiable finality on Ethereum or other connected chains. This approach differs from ZK and Optimistic rollups, where data publication to L1 is embedded into the core protocol.

Source: Polygon docs, September 30, 2025

X Layer architecture

The major components of X Layer are:

• Virtual Machine: EVM‑equivalent
• Consensus: Polygon Pessimistic Consensus
• Sequencer: Trusted
• Gas token: OKB (fixed supply at 21M post-burns/upgrades; L1 OKB phased out)
• Additional Features: AggSender for AggLayer interoperability, SP1 Prover for pessimistic proofs

Technical Overview

AggLayer is the coordination and settlement fabric that sits between many CDK chains and Ethereum. Its job is to police cross-chain value flows and to provide a common bridge. It tracks deposits and withdrawals across all connected chains through a unified accounting model. It accepts certificates from chains, verifies pessimistic proofs, and updates shared state on L1 so any chain can trust that another chain has not withdrawn more than it received.

Pessimistic proofs (PP) are the core of that safety model. Instead of re-proving every state transition, a chain proves that its withdrawals are backed by actual deposits recorded in the unified bridge. The proof is built in a zkVM prover pipeline and checked on L1. This closes the “bridge accounting” risk across the multi-chain set while avoiding the cost of full state proofs. It does not by itself validate the entire L2 state. Correctness inside a given L2 remains a function of the operator’s integrity and upgrade controls.

X Layer itself runs with a throughput of up to 5,000 TPS following the PP upgrade, positioning it to handle high-concurrency activity while relying on the AggLayer framework for settlement and cross-chain consistency.

Source: AggLayer docs, September 30, 2025

On X Layer, the transaction path is straightforward. A user submits a transaction through an RPC endpoint hosted by the operator. The trusted sequencer orders transactions and executes them in an EVM-equivalent environment. The resulting batches and certificates are posted to the AggLayer through an AggSender component. The SP1 prover stack produces pessimistic proofs when cross-chain value must be settled. The AggLayer verifies these proofs and updates the unified bridge and global exit root on Ethereum. Once the L1 contracts reflect the updated state, withdrawals and cross-chain messages become claimable on destination chains.

The on-chain contract set follows the CDK pattern. A SystemConfig-style contract on L1 holds critical parameters such as the sequencer address and pointers to other L1 components. A proxy admin pattern governs upgradeability for the L1 contracts that anchor the rollup and its bridge. X Layer’s sequencer is operated by the team. Inclusion policy, fee parameters, and emergency actions are operational decisions by the operator. Data and access for public users are provided through centralized RPC and explorer infrastructure.

1.2 Decentralization and Legal Evaluation

X Layer is an EVM-compatible Layer 2 network designed to scale Ethereum applications. It operates using a single sequencer controlled by the X Layer team. Unlike validator-based models, there are no independent validators participating in block production. This design centralizes ordering power and network liveness in the sequencer. Public RPC endpoints are provided through official documentation and are hosted on AWS infrastructure, with operations based in Hong Kong.

Architecture and Control
The sequencing model places control of transaction inclusion, ordering, and censorship resistance entirely under the operator of the sequencer. If the sequencer halts or censors, users cannot force inclusion on their own. Bridge functionality and system configuration rely on smart contracts that can be upgraded through administrative multisigs held by the Polygon team.

Censorship and Policy

There are no public records of enforced blacklisting of contracts or tokens. However, the architecture allows for censorship through the sequencer or restrictions at the RPC and explorer layers. This creates the technical capacity to block or limit access to specific contracts if policy requires it.

Economic and Market Conduct

Gas on the network is paid in OKB. With the sequencer centrally operated, policies for transaction ordering and MEV handling are set by the operator. This creates potential conflicts of interest where affiliates of the operator are active in trading, routing, or liquidity provision on the network.

Slashing

X Layer does not implement slashing. The network relies on a single sequencer and doesn’t have a public validator set. Operator behavior and system reliability are managed through access controls and administrative authority.

Legal Evaluation

Our legal analysis pertains to the X Layer Terms of Service, which serve as the publicly accessible and operative contractual framework governing the network. These terms are presented as a binding legal agreement between XLAYER TECHNOLOGY COMPANY LIMITED (referred to as “X Layer Foundation “) and each individual user. Nevertheless, the Terms do not specify the jurisdiction of incorporation for the company. During our comprehensive due diligence, the X Layer team has clarified that the entity is registered in Seychelles; however, no additional corporate identification or statutory particulars have been furnished.

With respect to limitations of liability, although the relevant disclaimers are notably comprehensive, it is important to recognize that many jurisdictions restrict or prohibit the exclusion of liability for certain consumer or statutory entitlements—particularly in regions such as the European Union, the United Kingdom, Australia, and various states across the United States. While the terms provide exclusions for gross negligence and fraud, the language, as currently drafted, fails to reference critical consumer protection statutes or those rights that cannot be lawfully excluded or waived.

The indemnification provision affords X Layer Foundation unfettered and unilateral authority to direct the defense and resolution of any relevant claim or proceeding, granting it “sole and absolute discretion” in such matters. This degree of discretionary control may invite scrutiny, as it departs from the more balanced standards often expected in contractual relationships, especially where indemnity is involved.

Regarding representations and warranties, the Terms unequivocally state that X Layer is offered strictly on an “as-is” and “as available” basis, with users assuming all associated risks. No form of representation or warranty—be it express, implied, or statutory—is provided. To the fullest extent permitted by applicable laws and regulations, X Layer explicitly disclaims, and users expressly renounce, any and all warranties or assurances of any nature, whether arising from law, custom, or the course of dealing.

The Eligibility provisions articulated in the Terms of Service delineate the baseline qualifications for users seeking access to the X Layer network. Natural persons are required to be at least eighteen years of age and must not be restricted, either by law or pursuant to the Terms, from accessing the Services. For institutional or organizational users, the Terms mandate that such entities be duly constituted under the laws of their respective jurisdictions and that the individual acting on the entity’s behalf possess formal authorization to bind the entity in legal agreements.

Notably, the Terms incorporate explicit prohibitions relevant to both “Restricted Persons” and “Restricted Locations.” Persons or entities who are citizens, residents, or physically situated in jurisdictions subject to comprehensive economic sanctions—such as Cuba, Iran, North Korea, Syria, Crimea, Donetsk, and Luhansk—are expressly barred from accessing the network. This exclusion extends to any party subject to penalties administered by international or national regulatory bodies, including the U.S. Office of Foreign Assets Control (OFAC), the European Union, the United Kingdom, and other global authorities. Furthermore, users are affirmatively required to certify, upon request, compliance with these requirements. These restrictive provisions are consistent with prevailing industry standards for blockchain and fintech platforms, reflecting efforts to mitigate exposure to global sanctions risk and reinforce compliance with anti-money laundering and counter-terrorist financing frameworks.

The Terms describe X Layer as an open-source, permissionless, layer 2 blockchain ecosystem that aggregates developer tools, distributed applications (DApps), digital assets, and relevant third-party interfaces. The Foundation explicitly denies any ongoing custodial relationship or direct control over assets, DApps, or third-party material, present or future, accessible through the X Layer network or its associated website.

When evaluating the regulatory status and posture of the X Layer network, it is noteworthy that, in response to our written inquiry, the X Layer team communicated that X Layer, functioning as a permissionless and decentralized blockchain protocol, is not classified as a regulated entity under the current legal and regulatory frameworks of major jurisdictions (i.e., the United States, European Union, United Kingdom, Singapore, and Hong Kong). However, it should be noted that nothing in our correspondence references, summarizes, or makes available the substance of X Layer’s legal analyses or counsel regarding the network’s regulatory exposure.

The Terms of Service specify that the agreement is governed by, and must be interpreted under, the laws of Singapore, without regard to any principles of conflict of laws. This choice of law provision is standard for entities operating within or seeking regulatory certainty with respect to Singapore’s recognized legal environment, especially given Singapore’s status as a leading global hub for fintech and digital asset innovation. The selection of Singaporean law confers predictability and the benefit of a relatively business-friendly statutory and common law tradition; however, the global accessibility of the network means that mandatory consumer protections or public policy laws of other jurisdictions may nonetheless apply as overriding statutes, particularly for users outside Singapore.

The Terms adopt a multi-tiered dispute resolution structure. In the event of a controversy or claim, parties are first directed to pursue resolution through mediation administered by the Singapore International Mediation Centre, in accordance with its procedural rules. Should mediation fail to yield a resolution within ninety days, all disputes are to be referred to binding, confidential arbitration administered by the Singapore International Arbitration Centre under its prevailing rules. The arbitral seat is Singapore, proceedings are conducted in English, and the panel is to be composed of three arbitrators, each party appointing one and a third being selected by the SIAC President.

1.3 Activity Benchmarks

X Layer went live in April 2024. X Layer currently holds around $26.7 million in total value locked, after spending much of the year closer to the 5 to 10 million range. Activity has expanded sharply in recent months, with temporary peaks above 30 million. The sharp pickup in DEX volumes from September reflects stacked catalysts that landed in August 2025: the PP upgrade that raised throughput and cut costs, with chain-specific incentives including a 100 million dollar ecosystem fund as well as launch of a memecoin acceleration program by PotatoSwap. Alongside this growth, trading volumes accelerated to over 60 million at their highest point before easing back toward the 50 million range.

Source: DefiLlama, September 30, 2025

Daily metrics: X Layer L2

Polygon-based X Layer chain activity shows mostly steady day counts in the tens to low hundreds, with USD volume arriving in short bursts. Activity dipped through late 2024, then improved into mid and late 2025 with more consistent throughput.

Source: Dune, September 30, 2025

Daily metrics: Ethereum L1

The X Layer official bridge on Ethereum shows heavy use in early 2024, a cooling phase into late 2024 and early 2025, and then a clear pickup from mid-2025 with rising daily transactions and several sharp value spikes. That pattern fits renewed bridging and liquidity shifts, with more users moving assets and a few high-value days driving the USD peaks.

Source: Dune, September 30, 2025

1.4 Security

X Layer inherits the audited Polygon CDK (formerly zkEVM) stack and benefits from Polygon’s AggLayer, combining security from both the underlying technology and the aggregated verification layer.

Polygon CDK audits:

• Spearbit (March, 2023): 1 critical and 1 informational
• Spearbit-2 (March 27, 2023): 3 critical, 4 incompatibility, 2 low and 21 informational
• Spearbit-1 (March 27, 2023): 7 critical, 1 incompatibility, 1 high, 1 medium and 22 informational
• Spearbit (August 21, 2023): 1 low and 5 informational
• Spearbit (June 20, 2023): 2 high, 1 low and 5 informational
• Verichains (March 19, 2024): 2 critical, 1 medium, 1 low, and 15 informational
• Hexens (December 23, 2024): 2 informational
• Hexens (February 27, 2023): 4 critical, 1 high, 1 medium, 3 low and 7 informational

AggLayer audits:

• Spearbit (March, 2023): 4 mid, 16 low, and 30 informational
• Hexens (February, 2023): 4 critical, 1 high, 1 medium, 3 low and 7 informational
• Sigma Prime (January, 2024): 2 medium, 1 low and 3 informational
• Sigma Prime (February, 2024): 7 medium, 4 low and 9 informational
• Sigma Prime (June, 2024): 1 high, 1 medium, 1 low and 4 informational

Bug Bounty

X Layer participates in the OKX bug bounty program on HackerOne. Researchers can submit security findings related to the network, with rewards scaling by severity and payouts reaching up to 1,000,000 USD for critical issues.

Access Control

On Ethereum mainnet, the PolygonPessimisticConsensus contract is the consensus anchor for X Layer’s pessimistic proof mode, and it exposes an admin address. The admin can transfer and accept the admin role and can set the trusted sequencer identity and its URL.

1. The L1/L2 contracts are managed by Polygon team using Safe 5/12 PolygonAdminMultisig:

• 0xcAB31b6A7b4d2eCd562A09e2BfA46535a18862f9
• 0xAb3506507449bF1880f3337825efd19ac89E235E
• 0x54c401eD03D086fE13221E5422165f3b024265d9
• 0x21618593F7147235aC8D511d68A547C935F9d417
• 0xED7cC82235A7757702475c8f77c7830c095FB5a2
• 0xdFEd8373695a7b3DaF268CF91e71f6a7024A56Da
• 0xffbfc0c8331C5fc912DDA3C6D4A86eEB80203238
• 0xeD44D1CFfB91e163CB7126bdEeA83959f175dB37
• 0x516eEcfb38aA308c5f1878497108c7d054fd46B7
• 0x4c1665d6651ecEfa59B9B3041951608468b18891
• 0xA0B02B28920812324f1cC3255bd8840867d3f227
• 0xEad77b01ea770839F7f576Cd1516Ff6A298d9dB2

2. The Safe 6/8 PolygonSecurityCouncil multisig is used to activate an emergency state in both the manager and the shared bridge, pausing all connected projects and allowing system contracts to be upgraded immediately.

• Signers (8): 0xFe45…2e4b, 0xaF46…261D, 0xBDc2…FEFf, 0x4c16…8891, 0x3ab9…D622, 0x49c1…0E86, 0x9F7d…86A0, 0x2188…1C28

3. The Safe 3/8 PolygonCreateRollupMultisig can interact with the PolygonRollupManager to deploy new projects based on predefined rollup implementations and connect them or other AggLayer chains to the manager.

• Signers (8): 0xAb35…235E, 0x3038…D3b5, 0xa439…AE31, 0xD947…fCFC, 0xCE27…AaAc, 0x0B84…Ca77, 0x0185…22A6, 0x7316…4496

4. EOA 1

• Can interact with PolygonPessimisticConsensus
  • sole address that can force batches

5. EOA 2

• Can interact with PolygonPessimisticConsensus
  • must provide a signature for each pessimistic proof, attesting to a valid state transition

6. EOA 3

• Can interact with PolygonPessimisticConsensus and set the trusted sequencer address

Smart Contracts

1. PolygonPessimisticConsensus: Admin Address

   System contract defining the X Layer logic. It only enforces bridge accounting (pessimistic) proofs and is otherwise kept minimal as the Layer 2 state transitions are not proven.

   • Roles:
     • admin: EOA 3
     • forceBatchAddress: EOA 1
     • trustedSequencer: EOA 2

2. AggLayerGateway: Admin Address

   A verifier gateway for pessimistic proofs. Manages a map of chains and their verifier keys and is used to route proofs based on the first 4 bytes of proofBytes data in a proof submission. The SP1 verifier is used for all proofs.

   • Roles:
     • addPpRoute: Timelock; ultimately PolygonAdminMultisig
     • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
     • aggchainDefaultVKey: PolygonAdminMultisig
     • freezePpRoute: PolygonAdminMultisig

   Can be upgraded by: PolygonAdminMultisig with 3 day delay

3. PolygonSharedBridge: Admin Address

   The shared bridge contract, escrowing user funds sent to Agglayer participants. It is usually mirrored on each chain and can be used to transfer both ERC20 assets and arbitrary messages.

   • Roles:
     • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
     • proxiedTokensManager: Timelock; ultimately PolygonAdminMultisig

   Can be upgraded by: PolygonAdminMultisig with 3 day delay

4. PolygonRollupManager: Admin Address

   The central shared managing contract for Polygon Agglayer chains. This contract coordinates chain deployments and proof validation. All connected Layer 2s can be globally paused by activating the ‘Emergency State’. This can be done by the PolygonSecurityCouncil or by anyone after 1 week of inactive verifiers.

   • Roles:
     • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
     • createRollup: PolygonAdminMultisig, PolygonCreateRollupMultisig
     • defaultAdmin: Timelock; ultimately PolygonAdminMultisig
     • emergencyCouncilAdmin: PolygonSecurityCouncil
     • trustedAggregator: EOA 4, EOA 5
     • tweakParameters: PolygonAdminMultisig

   Can be upgraded by: PolygonAdminMultisig with 3 day delay

5. PolygonGlobalExitRootV: Admin Address

   A merkle tree storage contract aggregating state roots of each participating Layer 2, thus creating a single global merkle root representing the global state of the Agglayer, the ‘global exit root’. The global exit root is synchronized to all connected Layer 2s to help with their interoperability.

   • Roles:
     • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig

   Can be upgraded by: PolygonAdminMultisig with 3 day delay

6. Timelock

   A timelock with access control. In the case of an activated emergency state in the PolygonRollupManager, all transactions through this timelock are immediately executable. The current minimum delay is 3d.

   • Roles:
     • timelockAdmin: PolygonAdminMultisig (no delay if in emergency state), Timelock (no delay if in emergency state); ultimately PolygonAdminMultisig (no delay if in emergency state)

7. SP1Verifier

   Verifier contract for SP1 proofs (v5.0.0).

8. SharedProxyAdmin

   • Roles:
     • owner: Timelock

Concerns arise around the use of EOAs for the admin, forceBatchAddress, and trustedSequencer roles in the PolygonPessimisticConsensus contract, given the level of influence this contract has on the chain, the absence of state validation, and the lack of any upgrade delay if one of these keys were compromised.

Sequencer

The Sequencer’s private key is managed and protected by a dedicated address owned by X Layer Asset Security Team.

The address deployed on: 0x610de9141a2c51a9a9624278aa97fbe54b27c102

2. Network Market Outlook

2.1 Market Infrastructure

Bridge

X Layer can be accessed through third-party liquidity bridges such as RetroBridge, Rhino.fi, Meson, XY Finance, Owlto, and Orbiter, along with Polygon’s portal integration. Users should confirm official interfaces and contract addresses before moving assets and limit transfer sizes to manage exposure.

DEXs

Currently, there are 10 DEX protocols on X Layer, with the overall trading volume leaning towards PotatoSwap with around $18m USD volume. The list of existing DEXs includes:

• PotatoSwap ($14.39m), Curve Finance ($5m), DyorSwap ($4.76m), OkieSwap ($874,034), AbstraDEX ($637,929), LFGSwap ($521,554), iZUMi Finance ($227,871), Quickswap ($99,276), Revoswap ($69,370), JaceSwap ($41,401)

Lending

A few lending protocols are deployed on X Layer:

• ZeroLend ($40,929)
• River ($15,070)
• Dolomite ($1,872)

Tooling

• Bridging/Interoperability Protocols: 7 bridging/interoperability protocols support X Layer
• Cross-Chain: For cross-chain communication and messaging X Layer uses LayerZero and Connext
• RPC Node Services: RPC node services on X Layer include QuickNode, Blockdaemon, ZAN and Ankr
• Oracles/Data Services: Oracles and data services include Chainlink, API3, RedStone and SupraOracles.

CEXs

Currently, OKX appears to be the only major CEX with direct, native X Layer network support for deposits and withdrawals. Other exchanges may add support as the network grows in adoption and liquidity.

2.2 Liquidity Landscape

X Layer DEX liquidity is highly fragmented across several AMMs and routing aggregators. Depth shifts with mercenary TVL, so large trades are often split across multiple pools, which increases slippage and fee drag. The current list includes:

• USDT/USD₮0 on Curve Finance ($2.958m TVL)
• USDC/USD₮0 on Curve Finance ($1.04m TVL)
• USDG/USD₮0 on Curve Finance ($1.0m TVL)
• WOKB/USDT on PotatoSwap ($348k TVL)
• USD₮0/WOKB on PotatoSwap ($241.53k TVL)
• USDT/WOKB on OkieSwap ($185.75k TVL)

The team is preparing to seed $5 million of liquidity into X Layer DEX pools, targeting execution within a 5–8% slippage tolerance, following LlamaRisk recommendations. This increase is intended to support larger trades without destabilizing pricing, with the expectation that incentive programs associated with an Aave market launch will further deepen DEX liquidity.

Incentive program

The Pay rewards program on X Layer credits yield for holding USDC or USDT in the Pay balance. Accrual is automatic with monthly distribution and the reward rate can change or stop at the platform’s discretion. Eligibility requires keeping assets inside the Pay account on X Layer.

In addition, incentive programs are active for USDG with an advertised yield of around 4.1% APY, as well as for ETH/USD and xBTC/USD DEX LP tokens.

Fee structure

X Layer uses OKB as the gas token. Transaction fees are paid in OKB and are calculated on L2 as gas used multiplied by the gas price, with execution and fee enforcement occurring on the L2 sequenced chain. State and data are kept off chain in “Pessimistic Proof” (PP) mode, so routine user transactions do not include a separate Ethereum L1 data fee component.

There is no separate per-transaction Ethereum L1 blob fee in this configuration because X Layer runs on Polygon CDK’s Pessimistic Proof mode with external data availability. Routine transaction data is not posted to Ethereum L1, and the pessimistic proof mechanism is focused on securing the bridge’s accounting. Cross-chain actions such as withdrawals are settled on Ethereum through bridge contracts, and any L1 verification costs appear as bridge fees rather than as an additional charge on every L2 transaction.

2.3 Ecosystem Resilience

Grant program

As of today, OKX has active chain-specific incentives for X Layer, most notably a $100M “X Layer Ecosystem Fund” aimed at builders, along with liquidity incentives to attract projects. The fund was announced in late August and reiterated in OKX’s upgrade notes in mid-August, which also highlighted liquidity programs connected to the X Layer rollout.

Liquidity depth

Liquidity on X Layer is not yet deep at the ecosystem level. Depth is fragmented across many long-tail tokens, with limited concentration in high-quality base assets, which increases slippage and execution risk for institutional-sized orders until larger market makers, incentives, or cross-chain liquidity connectors scale up.

Source: GeckoTerminal, September 29, 2025

2.4 Ecosystem Growth Potential

X Layer is developed by OKX as a payments-first L2 built on Polygon CDK. Its positioning centers on converting OKX exchange and wallet flows into on-chain settlement for everyday transfers and commerce. OKB functions as the gas asset, and OKX Pay routes stablecoin activity through X Layer, aligning the chain with a payments and settlements use case rather than yield-first DeFi.

This focus reflects an adoption path that connects existing OKX products with on-chain rails across retail and merchant scenarios. The emphasis is on low fees, high throughput, and tight wallet integration so that stablecoin movement and basic financial primitives can operate with minimal friction in the OKX environment.

X Layer integrates the Polygon CDK stack and connects to AggLayer for interoperability and shared verification. The OKX distribution surface, including the exchange, wallet, and Pay, provides an installed base that can seed liquidity and transactions. Ecosystem growth is expected to come from anchor integrations in payments, simple credit, and selected DeFi venues, supported by targeted funding and rewards that are builder- and utility-oriented.

2.5 Major and Native Asset Outlook

Source: X Layer docs, September 30, 2025

The list of major assets deployed on X Layer includes Wrapped OKB, Wrapped ETH, Wrapped BTC, xBTC, USDT, USD₮0, USDC, USDG, Bridged USDC.e and DAI. With USD₮0 being the biggest asset with $53.3m fully diluted market cap. The stablecoins total suppy is estimated at $84.1m, with 196k on DAI, 6.89m on USDC, 12.4m on USDT, 9m on USDG and 53.3m on USD₮0.

2.6 Tokenomics

OKB total supply is fixed at 21,000,000 following a single-instance burn of 65,256,712.097 OKB sourced from historical repurchases and treasury reserves that was executed on Aug 15, 2025, and a contract upgrade on Aug 18, 2025, that removed mint and burn functions on the L1 ERC-20 proxy. Implementation currently resolves to 0x81A4…E094 on Ethereum. X Layer uses OKB for gas via its L2 representation.

3. Onchain discoverability

Activity dashboards for X Layer are available on TokenTerminal and DefiLlama. Also there is an available subgraph for X Layer on TheGraph. DEX liquidity can be viewed through Geckoterminal. There is also available a Dune dashboard for general metrics about X Layer and Ethereum L1:

The OKX also developed and maintains a blockchain explorer for X Layer.

4. Impact of Aave Deployment

At present there is no competitive lending market on X Layer. Existing deployments such as ZeroLend, Dolomite, and Timeswap have very limited liquidity, with aggregate TVL in the tens of thousands, far below thresholds needed to support meaningful credit creation. This leaves most stablecoin and asset balances idle and constrains secondary markets.

An Aave v3 deployment would represent the first institutional-grade lending venue on the chain, setting the baseline for collateral standards, risk parameters, and market depth. Its arrival could anchor credit formation and provide the liquidity foundation for other protocols to build against.

Current activity levels on X Layer remain limited, and the chain itself is still early in its lifecycle. This raises concerns about whether liquidity, user adoption, and transaction flow will reach sustainable levels in the near term, as low activity could constrain lending demand and reduce the effectiveness of an early deployment.

Disclaimer

This review was independently prepared by LlamaRisk, a community-led decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

In connection with the forthcoming X Layer deployment, we present our analysis for USDG onboarding.

Summary

We recommend listing USDG on Aave V3 X Layer as a deposit and borrow-enabled, non-collateral asset. The primary risk at this stage is low native liquidity on X Layer, which increases price impact and calls for conservative supply/borrow caps until market depth improves. A full USDG risk assessment has already been completed on the Core market, and the detailed methodology results are available here.

On X Layer, USDG on-chain liquidity is limited. The main venue is a USDG/USDC pool on Curve with about $1 million in TVL. Executing a swap of 545,000 USDG for USDC in that pool results in approximately 10% slippage. Outside that pool, displayed depth at tight spreads is thin, and block-size orders face slippage risk. Larger flows are presently more efficient through primary mint and redeem channels or centralized venues until additional mainnet liquidity is deployed.

Token Holder Concentration

Source: X Layer explorer, October 28, 2025

The current USDG distribution on X Layer shows a significant degree of token concentration. Out of the 9m USDG in circulation, the top five addresses collectively hold more than 80% of the total supply. This distribution indicates a very limited level of holder diversification, suggesting that liquidity and transactional activity are primarily concentrated among a few institutional or operational wallets.

Top 5 USDG holders on X Layer:

• OKX Deposit – 5,488,323.81 USDG (60.80%)
• Curve: USDG/USDT0 Pool – 508,985.95 USDG (5.64%)
• OKX – 499,090.75 USDG (5.53%)
• OKX Hot Wallet – 425,880.55 USDG (4.72%)
• OKX Hot Wallet – 330,744.03 USDG (3.66%)

Market Risk

1) Liquidity

Source: Curve Finance, October 28, 2025

On X Layer, USDG DEX liquidity is concentrated in the newly deployed Curve USDG/USDC pool launched on 24 September, with around 1 million dollars in TVL.

1.1 Liquidity Venue Concentration

Current on-chain liquidity for USDG on X Layer is concentrated in the Curve USDG/USDT0 pool. The active pool functions as the primary depth venue for swaps and routing of USDG against a stable counterpart.

On-chain traces indicate additional venues exist or are being prepared. We identified upcoming Uniswap v3 USDG/WOKB and USDG/xBTC pools in development based on the deployed factory and USDG holdings. We also verified USDG in the Pancake USDG/USDT0 pool contract on X Layer.

1.2 DEX LP Concentration

On X Layer, USDG currently exhibits limited secondary market depth. The primary onchain venue is a USDG/USDC pool on Curve, with current depth liquidity set at $1M in TVL, and the OKX address being the largest Liquidity provider.

Volatility

Source: LlamaRisk, October 28, 2025

November saw a 9.24% deviation event in the first week after USDG trading went live on Kraken and immediately after Paxos’ launch announcement. New listings commonly exhibit thin order books and fragmented price discovery; a single small trade can set the daily “low” that aggregators record.

On January 30, 2025, the “high” appears to be an isolated print rather than a broad market premium. On the core USDG/USD market on Kraken, the 52-week range shows extreme ticks (low ≈$0.91, high ≈$1.606) but day-to-day trading clusters tightly around $1; this pattern is consistent with one-off outliers that lift the aggregator’s daily high without reflecting a sustained move.

Growth

As of October 28, there is limited on-chain data to assess USDG growth on X Layer following its recent launch. The current supply on X Layer stands at 9,026,311 USDG, representing roughly 1.21% of the total USDG circulating supply across other networks.

Price Feed Risk

For USDG pricing on X Layer, we suggest using Chainlink’s USDG/USD price feed as the primary oracle source. This feed operates with 10 underlying oracles and updates every 24 hours, providing better transparency and resilience for the stablecoin valuation. The deviation threshold for this price feed is set to 0.25%.

Multisig Threshold / Signer identity

On X Layer, the USDG contract follows the same access control structure as on Ethereum. Paxos uses four role-based access controls for the USDG contract, each controlled by Paxos defaultAdmin address backed by proprietary offline HSMs that enforce multi-person approvals. The admin address, which sits at 0x3Af3e85f4f97De7AD0f000B724Fb77fE5ffc024B is operated by the Paxos team and governs all four roles, with each role’s functions ultimately controlled by the defaultAdmin address.

• DEFAULT_ADMIN_ROLE: controls governance of the token’s privileges. It can grant and revoke every other role, change role-admin relationships, rotate the IERC-5313 owner, and authorize UUPS upgrades through the contract’s authorizeUpgrade gate.
• PAUSE_ROLE: operates the emergency halt. Holders can call pause() and unpause() to toggle the token’s whenNotPaused guard, which blocks on-chain transfers and any other functions wired to that modifier.
• ASSET_PROTECTION_ROLE: enforces account-level controls. Holder can freeze and unfreeze specific addresses and invoke a post-freeze wipe that burns the frozen balance on chain to reflect lawful seizure or forfeiture.
• SUPPLY_CONTROLLER_MANAGER_ROLE: administers mint/burn operators and their limits. Holder can add and remove “supply controllers” that execute mint and burn, and configure guardrails such as per-controller permissions and rate or cap parameters.

Aave V3 Specific Parameters

Aave V3 specific risk parameters for USDG will be presented jointly with Chaos Labs prior to instance deployment.

Price Feed Recommendation

We recommend using Chainlink USDG/USD price feed as the primary oracle source. It is advisable to use a CAPO adapter to prevent misreporting on the upper side.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

In connection with the forthcoming X Layer deployment, we present our analysis for xBTC onboarding.

Summary

LlamaRisk supports the onboarding of xBTC as a part of the Aave X Layer deployment, conditional on improved liquidity conditions. The current lack of onchain supply (10 xBTC/~$1.13M) and DEX liquidity would represent onboarding an asset without meaningful demand on the network; the OKX team indicated that they intend to provide an initial $10M seed liquidity to bootstrap xBTC. The BTC wrapper is managed centrally by OKX, with key access control roles assigned to MPCs.

OKX has addressed previously identified legal concerns by confirming that all BTC supporting the xBTC program is securely held in designated, segregated addresses under the exclusive control of Aux Cayes, with no commingling or unauthorized use of assets. Access to xBTC is restricted to verified users in permitted jurisdictions, following a mandatory KYC process, with eligibility currently limited to clients of OKX Seychelles and institutional users in OKX Bahamas. Aux Cayes, incorporated in Seychelles and regulated as a Virtual Asset Service Provider under the VASP Act 2024, continues to operate lawfully under transitional licensing provisions, with its status confirmed by the Seychelles Financial Services Authority. OKX’s legal memorandum concludes that the xBTC program is fully compliant with Seychelles’ regulatory framework, authorizing Aux Cayes to offer and administer all aspects of the xBTC product.

1. Asset Fundamental Characteristics

1.1 Asset

OKX Wrapped BTC (xBTC) is a Bitcoin (BTC) wrapper backed 1:1 by native BTC custodied by OKX. xBTC is minted when users withdraw BTC from their OKX account to a supported network address (currently, Sui, Aptos, Solana, and X Layer). Underlying BTC is redeemed back into user accounts when xBTC is deposited on the OKX Exchange.

Source: OKX

1.2 Architecture

The core functions of xBTC - minting, burning, transferring, and receiving - are controlled by a permissioned system. A managed deny list controls which addresses can receive and transfer xBTC.

BTC deposits are held in OKX’s Bitcoin reserve address, which consists of BTC secured for xBTC minted on other networks. Proof of reserves is made available via the OKX homepage. The OKX team indicated that the reserve is a locked address, which strictly stores segregated BTC.

An internal alert system monitors and enforces the minting and burning of 1:1 BTC from OKX exchange addresses.

Source: Bitcoin Reserve, OKX, October 28, 2025

1.3 Tokenomics

xBTC is minted on a 1:1 basis with BTC deposits via OKX, and is burned when redeemed to maintain parity. Given that minting is facilitated by OKX, the liquidity and supply of xBTC are dependent on the availability of BTC on OKX.

Redemptions through OKX are permissioned and require an OKX account; this limits potential liquidations to OKX-approved liquidators.

1.3.1 Token Holder Concentration

A total of 10 xBTC (~$1.13M) is available on X Layer, with supply almost exclusively held in an OKX EOA. 29 holders are currently registered.

Source: X Layer explorer, xBTC, October 28, 2025

2. Market Risk

2.1 Liquidity

There is currently no meaningful liquidity to swap out of xBTC. Supply is still concentrated in an OKX deposit wallet. Following a discussion with the OKX team, they indicated that they intended to provide an initial $10M seed liquidity to an xBTX/USDT0 pool.

2.1.1 Liquidity Venue Concentration

A Uniswap USDG/xBTC pool appears to be the only pool available for xBTC currently; however, no meaningful liquidity is yet available.

2.1.2 DEX LP Concentration

DEX liquidity is yet to be established on X Layer for xBTC.

2.2 Volatility

X layer markets have yet to be established; therefore, volatility data is unavailable.

2.3 Exchanges

xBTC is currently not available on Centralized exchanges.

3. Technological Risk

3.1 Smart Contract Risk

A Zellic audit was completed on xBTC’s EVM code on October 14, 2025. 1 medium severity issue was found, which the team acknowledged. The issue is related to a custom transfer-role functions implementation, which DEFAULT_ADMIN_ROLE could bypass. However, this is by design.

The final report is yet to be published, with the team sharing an initial draft with us for this review.

3.2 Bug Bounty Program

xBTC smart contracts are covered under a live OKG bug bounty program hosted on HackerOne with a max bounty of $1 000 000.

3.3 Price Feed Risk

A Chainlink BTC/USD price feed is available on X Layer. The price feed has a 0.5% deviation and a 24-hour heartbeat.

3.4 Dependency Risk

xBTC relies on OKX to effectively maintain a 1:1 custody of the underlying BTC. As shown in section 1.2, reserves across chains are held in a single reserve address, accounting for underlying BTC on Sui, Aptos, X Layer, and Solana.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

We have undertaken a detailed evaluation of the xBTC User Agreement, specifically addressing the intricacies surrounding minting and redemption rights, corresponding obligations, custody arrangements and representations, assurances of bankruptcy remoteness, as well as the segregation of assets.

4.1.1. Mint/Redeem Rights and Obligations

Minting (Subscription):
The Agreement prescribes that the user initiates a ‘subscription’ to xBTC by withdrawing BTC from their OKX account to a designated blockchain-compatible wallet address. On completion of this process, the user receives xBTC, which constitutes a wrapped on-chain representation of BTC, minted by an OKX-proprietary smart contract. It is expressly stipulated that this conversion is neither guaranteed to be instantaneous nor immune from suspension, rejection, or outright failure, all of which rest wholly within OKX’s discretion. During such periods of delay or failed execution, Users may find themselves unable to access either the withdrawn BTC or the newly minted xBTC. Furthermore, OKX retains unfettered authority to deny, pause, or terminate any xBTC subscription activity at any time and without advance notice or any obligation of redress. Redemption of xBTC is strictly circumscribed—permissible exclusively via the procedures articulated in the Agreement—and any off-platform transfer, sale, or disposition results in the forfeiture of redemption privileges tied to the associated BTC. Stringent compliance obligations are imposed, including Know-Your-Customer (KYC), anti-money laundering (AML), and Travel Rule requirements. Critically, the minting and associated functionalities are customized for and managed solely by OKX, with no recourse to third-party validation or adherence to open standards.

Redemption:
The process of converting xBTC back to BTC is similarly defined and equally restrictive: redemption is only initiated by depositing xBTC into the user’s OKX account. This purportedly straightforward transaction is, however, also potentially subject to delays, outright failure, or rejection, all at the discretion of OKX. The Agreement is unequivocal that redemptions undertaken outside this process are unsupported and thus void. While OKX commits to using “best efforts” to maintain a 1:1 redemption parity between xBTC and BTC, it simultaneously disclaims responsibility for any divergences in this ratio arising on external platforms. Should the aggregate BTC reserve held by OKX fall short of the total outstanding xBTC, redemptions become available solely on a pro-rata basis; thus, users must accept the real possibility that full redemption may be unattainable, and the Agreement offers no guarantee against such shortfalls. OKX reserves the unqualified authority to halt or suspend redemptions at any juncture, further underscoring the absence of any assurance as to user convertibility rights.

As a result, the entire mint and redeem framework is characterized by broad, largely unrestrained discretion on the part of OKX. There exists neither an absolute nor an irrevocable entitlement for users to subscribe to or redeem xBTC. Users are thereby exposed to elevated risks of asset inaccessibility, whether due to technical disruptions, policy amendments, compliance barriers, or the necessity of proportionate redemption if reserve assets prove inadequate.

4.1.2. Custody Commitments and Assurances

The Agreement purports that BTC utilized for xBTC subscriptions “will be segregated”; however, it immediately qualifies this by affording OKX the latitude to “from time to time pool such BTC with other users’ assets in non-segregated omnibus accounts, at its discretion.” This flexibility is further substantiated through direct reference to Clause 4.5 of the overarching OKX Terms of Service, which explicitly provides: “By accepting these Terms, you expressly agree to the pooling of your Digital Assets with the Digital Assets of other users. Digital assets of users are not protected by deposit protection or a deposit insurance scheme. In the case of an irreconcilable shortfall, deposited assets or funds may not be fully recoverable.” Accordingly, the legal or physical segregation of user assets is not only unguaranteed but flatly superseded by provisions enabling asset pooling and collective management.

Within this framework, users are made subject to all risk factors outlined throughout this Agreement and the more comprehensive OKX Terms of Service, both of which contain numerous, explicit disclaimers of liability. OKX specifically disavows responsibility for the vast majority of losses—most notably those deriving from technical malfunctions, unauthorized access, hacking, operational errors, catastrophic events, or otherwise. Furthermore, OKX offers no guarantee regarding the value of the asset, the absolute ability to redeem it, or the efficacy and security of the custody infrastructure and underpinning digital asset networks.

It is therefore evident that OKX’s custody undertakings are minimal and extensively caveated. The Agreement permits, and indeed contemplates, the routine comingling of user assets in a non-segregated, pooled context. Any assurances of asset protection or custodial transparency are limited, placing the risk burden squarely on users’ shoulders.

4.1.3. Bankruptcy Remoteness and Segregation of Assets

The Agreement is silent with respect to bankruptcy remoteness, offering no explicit assurances that user assets will be insulated from claims by OKX’s general creditors in the event of insolvency. There are no provisions establishing a trust, instituting escrow arrangements, or designating third-party custodians to safeguard user BTC; accordingly, the Agreement fails to confer any form of statutory, contractual, or structural protection that would elevate user assets above the reach of an insolvency administrator or liquidator. The language concerning asset pool shortfalls—specifically the application of a “pro rata return” mechanism—implicitly recognizes that users hold no individualized property rights in specific BTC. Rather, their interests are limited to an undifferentiated claim against a collective asset pool. This absence of individualized entitlement means, in a liquidation scenario, user BTC may be swept into the estate available for distribution to all creditors.

While the Agreement alludes to OKX’s intention to “endeavour” to segregate BTC used in connection with xBTC subscriptions, this aspiration is immediately tempered by the express allowance that such assets “may be pooled in non-segregated omnibus accounts.” There is, therefore, no binding contractual obligation on OKX to preserve strict segregation between the BTC held for xBTC users and other assets in its custody—including those belonging to the platform itself or to other users. In practical terms, this means client BTC may be freely commingled, used to satisfy the obligations of OKX, or exposed to setoff rights held by counterparties or creditors in the ordinary course of business.

In the absence of a robust framework mandating asset segregation or a clear declaration of trust in favor of xBTC users, the legal position of customers is precarious. Users’ BTC may be swept into OKX’s general pool of assets, exposed to commingling, and therefore potentially leveraged or appropriated to meet unrelated OKX liabilities.

4.1.4. Clarification Round

The legal deficiencies identified above have been communicated to OKX representatives, with an explicit request for clarification as to how the company intends to mitigate or resolve these concerns. In response, OKX has asserted that the BTC underpinning the xBTC program is maintained in a designated, locked address, which is solely controlled by Aux Cayes. This locked address, according to OKX representatives, is subject to strict segregation protocols, ensuring it remains entirely distinct from BTC held on the OKX exchange for other client purposes or from OKX’s proprietary funds. The company maintains that there is no commingling of user assets in these reserve accounts under any circumstances.

Furthermore, OKX states that BTC held within these designated reserve (locked) addresses is not subject to staking, lending, rehypothecation, or any form of use as liquidity, collateral, or for other third-party purposes.

OKX has provided a shareable legal memorandum regarding the xBTC programme, which discloses that both subscription to, and redemption from, xBTC are presently limited to users of OKX Seychelles and OKX Bahamas, the latter being restricted exclusively to institutional clientele. All users must complete a mandatory KYC process before gaining access to restricted services such as xBTC, ensuring that services are only provided in jurisdictions where they are legally permitted.

Addressing the permissibility of Aux Cayes Fintech Co. Ltd. (the operator of xBTC program) in delivering these services, it is relevant to note that Aux Cayes is a legal entity incorporated in the Seychelles, and is subject to oversight as a Virtual Asset Service Provider (“VASP”) governed by the Virtual Asset Service Providers Act, 2024 (“VASP Act”), under the regulatory authority of the Seychelles Financial Services Authority (“FSA”).

Aux Cayes has duly submitted its licence application pursuant to the transitional framework established for pre-existing VASPs that were in operation prior to the commencement of the Act, having filed by the statutory deadline of 31 December 2024. Until the issuance of a full licence, it continues to operate lawfully under the transitional provisions as set forth in the VASP Act.

The regulatory framework enshrined in the VASP Act and its accompanying Regulations empowers licensed VASPs to engage in a variety of regulated activities, including:

• Virtual asset exchange services – exchange between virtual assets or between virtual assets and fiat currency.

• Transfer services – conducting or arranging transfers of virtual assets between wallets or accounts.

• Safekeeping or administration of virtual assets or instruments enabling control over virtual assets (i.e., wallet provider services).

• Participation in or provision of financial services related to an issuer’s offer or sale of a virtual asset.

Verification of Aux Cayes’ registration as a VASP has been independently confirmed through the FSA’s publicly accessible online registry.

Source: FSA Licensed VASPs, Date: October 28th, 2025

OKX’s legal memorandum ultimately concludes that the xBTC program, as operated by Aux Cayes, is squarely within the remit of the VASP Act. Thus, under the laws of Seychelles, Aux Cayes holds the requisite legal authority to offer the xBTC product, encompassing both the minting and burning of xBTC as well as the custodianship of the underlying BTC wallet.

4.2 Access Control Risk

xBTC is deployed behind a Transparent Upgradeable Proxy, with the current implementation contract deployed on September 18, 2025.

4.2.1 Contract Modification Options

A Role-Based Access Control system is utilized. The roles and their associated capabilities are outlined below:

• MINTER_ROLE: Can mint and burn tokens, assigned to MPC 1.
• DENY_LISTER_ROLE: Can pause/unpause transfers and manage the deny list, assigned to MPC 2.
• DEFAULT_ADMIN_ROLE: Has admin privileges, assigned to MPC 2.

Sensitive functions accessible by each role include:

• DEFAULT_ADMIN_ROLE:
  • All Deny List Role functions
  • grantRole assigns roles to addresses
  • revokeRole removes roles assigned to addresses
• MINTER_ROLE:
  • mint & burn xBTC
  • transferMinter relinquishes the role to a new account
• DENY_LISTER_ROLE:
  • pause and unpause all token transfers
  • setReceiver determines where newly minted are sent
  • addToDenyList & removeFromDenyList controls a permissioned Deny list that blocks addresses from sending/receiving tokens
  • transferDenyLister relinquishes the role to a new account

These roles highlight the highly centralized controls that roles have key contract functions, i.e,. minting, transferring, pausing, and determining where newly minted xBTC are sent (and indirectly, access to the underlying BTC redemption right).

4.2.2 Timelock Duration and Function

No timelock has been deployed on the xBTC contract, meaning sensitive actions such as upgrades, sensitive calls, or role changes can be executed without delay or public notice.

4.2.3 Multisig Threshold / Signer identity

MPCs are controlled internally by OKX; no external parties are involved in the management of control systems. Admin actions require internal review and senior management approval.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Aave V3 Specific Parameters

Aave V3 specific risk parameters for xBTC will be presented jointly with Chaos Labs prior to instance deployment.

Price feed Recommendation

We recommend using the Chainlink BTC/USD price feed available on X Layer.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

In connection with the forthcoming X Layer deployment, we present our analysis for OKB onboarding.

Summary

As part of our X Layer risk review, we present this assessment of OKB covering token architecture, liquidity profile, pricing infrastructure, and regulatory context. We recommend onboarding OKB to the Aave v3 X Layer instance, provided that reliable oracle coverage and active monitoring are maintained. The main concern is low and fragmented DEX liquidity on X Layer, which increases slippage and execution risk. We expect the X Layer team to supply additional liquidity to improve market depth and ensure a stable and smooth launch.

1. Asset Fundamental Characteristics

1.1 Asset

OKB is the native utility token of the OKX ecosystem, with a fixed total supply of 21 million tokens on X Layer. It serves as an integral component of the platform’s operational and incentive structure. OKB functions as the native fee token on X Layer, where it is used to pay for gas and transaction execution within the network.

1.2 Architecture

OKB on X Layer functions as the network’s fee token. All transactions, computations, and storage on the L2 are metered in OKB and settled within X Layer’s EVM state. The protocol treats OKB as the native asset, so users must hold OKB to pay gas and execute contracts.

Wrapped OKB on X Layer uses the WETH9-style wrapper to present OKB as an ERC-20 compatible token. The wrapper accepts native OKB, issues WOKB one-to-one, and allows redemption back to native OKB. This preserves ERC-20 interfaces for DEXs, vaults, and lending protocols while keeping gas paid in the native unit.

Bridging connects Ethereum and X Layer through the AggLayer and supported third-party routers. Canonical OKB is escrowed on the origin side and released on the destination after finality. Redemptions burn the representation and unlock the escrowed amount.

Supply on the X Layer is a routing of the fixed 21 million OKB total. The L2 does not mint OKB and does not govern supply policy. Any changes to circulating supply occur at the issuer and treasury layer and then propagate to X Layer through deposits and withdrawals.

Pricing relies on oracles that consume centralized and decentralized venues. For protocol safety on X Layer, the recommended feed is Chainlink OKB/USD. Using this oracle as the primary on-chain source is consistent with standard protocol safety practices.

1.3 Tokenomics

OKB total supply was permanently fixed at 21,000,000 tokens following a one-time burn of 65,256,712.097 OKB on August 15, 2025. The burned tokens were sourced from historical buybacks and treasury reserves.

1.3.1 Token Holder Concentration

Source: OKB concentration, October 28, 2025

Source: WOKB token holdings, October 28, 2025

On X Layer, the OKB is almost entirely held under OKX native custody, with only about 0.32% of the total supply issued as wrapped tokens.

Token holdings show a concentrated distribution across liquidity pool (LP) contracts, with the top 10 addresses collectively controlling over 35% of the total supply.
Most top LP positions experienced positive daily changes, suggesting active liquidity provision and potential rebalancing activity. Overall, liquidity remains primarily pool-driven, with on-chain concentration implying dependency on a few active DeFi pools for price stability and depth.

Top 5 holders of OKB:

• Potato LP (DOGSHIT/WOKB) – 6,842.12 OKB (10.02%)
• Potato LP (KINGX/WOKB) – 2,843.27 OKB (4.17%)
• In LP (INS/WOKB) – 2,482.01 OKB (3.64%)
• Potato LP (LABUBU/WOKB) – 2,408.79 OKB (3.53%)
• DYOR LP (XDOG/WOKB) – 2,311.68 OKB (3.39%)

2. Market Risk

2.1 Liquidity

Source: OKX Swap, October 28, 2025

Current depth implies a 9.89% slippage for selling 1750 OKB. Considering OKB’s overall market capitalization and trading activity, this indicates that OKB has low DEX liquidity on X Layer. Large on-chain transactions or forced liquidations could trigger significant price fluctuations on DEXs due to limited liquidity depth.

We proposed to the X Layer team an initial liquidity target of 5 million in USD with expected slippage between 5-8% as a starting point, with additional liquidity to be provided progressively as the market matures and trading activity deepens across decentralized venues.

2.1.1 Liquidity Venue Concentration

Source: GeckoTerminal, October 28, 2025

Most liquidity sits in memecoin pairs, primarily Potato LPs and DYOR LPs. Total DEX liquidity shown here is about 50k OKB across the top 100 Liquidity Pool addresses. That is roughly 0.238% of a 21m OKB supply.

The biggest stablecoin pools include:

• OkieSwap USDT/WOKB - $233.05K TVL
• QuickSwap USDT/WOKB - 328.46k TVL
• PotatoSwap USDT/WOKB - 344.25k TVL

2.1.2 DEX LP Concentration

OKB DEX liquidity shows low concentration, with liquidity dispersed across multiple small pools, many paired with memecoins. Individual pool depth remains limited, leading to fragmented routing and higher execution costs. Almost all liquidity provision appears to come from the X Layer team and supported protocols.

2.2 Volatility

Source: OKX, October 28, 2025

Following the August token burn, volatility increased sharply, and the price surged up to a peak of 258.44 USD, marking a 472.97% increase over a period of roughly nine days with daily trading volume around 180.85K OKB (21.6M in USD).

2.3 Exchanges

Source: CoinGecko, October 28, 2025

Centralized exchange liquidity for OKB remains dominant, with OKX accounting for roughly 57.8% of total trading volume in the OKB/USDT pair. Depth within ±2% on OKX exceeds $2.05 million combined, which supports tight spreads around 0.01%. Secondary liquidity is distributed across Gate.io, LBank, XT.COM, and Bitunix, each contributing between 4% and 6% of global daily turnover.

Aggregate 24-hour volume across the top ten exchanges totals approximately $33.0 million, indicating moderate but sufficient centralized liquidity for stable price discovery and institutional execution. This depth contrasts with low on-chain liquidity on X Layer, confirming that OKB price formation remains primarily centralized, with OKX dictating benchmark pricing. Note that OKB continues to be absent from onshore regulated exchanges.

2.4 Growth

As the network’s native token, the growth of OKB is expected to correlate with the expansion of activity on X Layer and its associated applications. At the time of writing, approximately 68k WOKB has been wrapped and is circulating on X Layer out of the 21 million total OKB supply, indicating that only a small fraction of total tokens are currently active within the on-chain ecosystem.

3. Technological Risk

3.1 Smart Contract Risk

WOKB is built on the WETH contract framework. The WETH standard was created as an open-source initiative by contributors from MakerDAO, 0xLabs, and Gnosis. Its WETH9 implementation is a proven and broadly adopted model across EVM networks.

As a widely used wrapper implementation, WETH code often forms part of protocol audits that integrate it, for example:

• Sherlock - EdgeLayer (May, 2025)
• Openzeppelin - Scroll (October, 2023)
• Dedaub - Maverick Protocol (March 2023)

3.2 Bug Bounty Program

The OKB token is covered under the OKX bug bounty program on HackerOne. Researchers can report security vulnerabilities related to OKB or its supporting infrastructure through the OKX Bug Bounty Program, with rewards determined by issue severity and payouts reaching up to $1,000,000 for critical findings.

3.3 Price Feed Risk

For OKB pricing, we recommend using the Chainlink OKB/USD price feed as the primary oracle source. The feed aggregates data from 10 underlying oracles and refreshes every 24 hours, offering enhanced transparency and robustness in stablecoin valuation. Its deviation threshold is configured at 0.5%.

3.4 Dependency Risk

The primary dependency risk related to OKB stems from its direct connection to the OKX ecosystem. This dependency is amplified by the high concentration of OKB supply held in OKX custody, with only a small fraction circulating as wrapped tokens. Any negative development, such as legal restrictions, security breaches, or operational interruptions within the OKX ecosystem, would likely have an immediate and significant impact on the liquidity and overall market perception of OKB.

The core use cases of OKB are concentrated within the OKX. The long-term viability of the token, therefore, relies on the sustained global presence and strategic expansion of the OKX ecosystem.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

There is no standalone “OKB Terms of Use” or token-specific contract. In practice, the legal treatment of OKB is subsumed under OKX’s platform agreements, together with any product-level terms that govern where and how the token may be held or used. The baseline instrument is the OKX global Terms of Service, which applies to use of the OKX venue and to all listed “Digital Assets,” encompassing OKB. The current page reflects an original publication date of 29 August 2023 and a last update on 12 May 2025, and it incorporates the platform risk statement, dispute-resolution and arbitration provisions, and other boilerplate that collectively structure the contractual relationship.

The global platform for “all other users” is operated by Aux Cayes FinTech Co. Ltd., a company incorporated in the Seychelles. This entity is named as a counterparty in the global Terms of Service and—critically—is the same entity that entered a U.S. guilty plea in February 2025 for operating an unlicensed money-transmitting business and for AML program failures. The resulting resolution included approximately $505 million in combined criminal fines and forfeiture, together with an obligation to retain an independent compliance consultant through February 2027, which functions as a forward-looking remediation and monitoring commitment.

Within the European Union, OKX’s operations have been consolidated under a MiCA authorization held by OKCoin Europe Limited, licensed by the Malta Financial Services Authority and passported into France. The AMF record evidences a broad scope of services—custody and administration, operation of a trading platform, exchange of crypto-assets for funds and for other crypto-assets, execution of orders, placing, reception and transmission of orders, portfolio management, and transfer services on behalf of clients—signalling a full-stack CASP profile for EU delivery. In parallel, OKX France Technology Company SAS voluntarily deregistered as a PSAN on 28 July 2025 as part of this consolidation. In the European Union (MiCA) specifically, the AMF’s CASP passport entry for OKCoin Europe Limited lists the authorized services verbatim as follows: “Providing custody and administration of crypto-assets on behalf of clients”; “Operation of a trading platform for crypto-assets”; “Exchange of crypto-assets for funds”; “Exchange of crypto-assets for other crypto-assets”; “Execution of orders for crypto-assets on behalf of clients”; “Placing of crypto-assets”; “Reception and transmission of orders for crypto-assets on behalf of clients”; “Providing portfolio management on crypto-assets”; and “Providing transfer services for crypto-assets on behalf of clients.”

In the United Arab Emirates (Dubai), OKX Middle East Fintech FZE holds a VARA VASP license (reference VL/23/12/003) that covers Exchange Services, Lending and Borrowing, and Management & Investment Services, with permission to serve institutional, qualified, and retail clients. OKX publishes Dubai-specific customer documentation aligned to these license buckets—including a trading venue Code of Conduct and product terms under the VA Lending & Borrowing permission—which, among other things, clarify that OKX Dubai does not provide investment advice.

In Singapore, OKX SG Pte. Ltd. operates as a Major Payment Institution under the Payment Services Act, authorized to provide both digital payment token services and cross-border money transfer services. The Monetary Authority of Singapore’s Financial Institutions Directory records the entity and its status.

In Australia, OKX conducts spot services through OKX Australia Pty Ltd as an AUSTRAC-registered digital currency exchange, while derivatives are restricted to “wholesale clients” and provided by OKX Australia Financial Pty Ltd, which holds an Australian Financial Services Licence. OKX’s disclaimer delineates this two-entity model and the client segmentation. In Australia’s local Terms of Service, the permitted activities are set out expressly: “Part B Digital currency exchange … Crypto to fiat, fiat to crypto, and crypto to crypto via Convert and Spot Service,” accompanied by the note that “These Services are not regulated under the Australian financial services licensing regime and [are] not subject to regulation by ASIC.” For derivatives, “Part C Derivatives … These Services are available to wholesale clients only. These are the only Services that are regulated under the Australian financial services licensing regime and subject to regulation by ASIC.” For on-chain yield, “Part D On-Chain Earn … is not regulated under the Australian financial services licensing regime and is not subject to regulation by ASIC.”

In the United States, OKCoin USA Inc. functions as the licensed counterparty. The U.S. site states that OKCoin USA Inc. is registered with FinCEN as a Money Services Business and holds state money-transmitter licences listed via NMLS, with the U.S. Terms of Service governing the platform relationship.

In the United Kingdom, OKX does not hold an MLR registration as a cryptoasset exchange or custodian. Access to the U.K. retail market proceeds under the Financial Conduct Authority’s financial promotions regime. OKX has implemented the mandated risk warning, user categorization, and appropriateness testing and has publicly indicated the use of authorized approvers to lawfully communicate promotions. These are permissions under marketing law rather than conduct or prudential authorizations, and they therefore constrain both what can be offered and the manner in which it may be described to U.K. consumers.

4.2 Access Control Risk

The Wrapped OKB contract is a permissionless, non-upgradeable contract similar to WETH9.

Aave V3 Specific Parameters

Aave V3 specific risk parameters for OKB will be presented jointly with Chaos Labs prior to instance deployment.

Price feed Recommendation

We recommend using the Chainlink OKB/USD price feed as the primary oracle source for reliable on-chain pricing.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

General Update

Since the initial ARFC, the market structure for the X Layer deployment has evolved significantly following a strategic shift in X Layer’s focus on native assets. The asset listing has been refocused around OKX’s xAsset suite (xBTC, xETH, xSOL, and their staked variants xBETH and xOKSOL), replacing the previously proposed third-party stablecoin and yield-bearing assets. This shift reflects a deliberate strategy focused on assets with a direct path to liquidity via OKX’s infrastructure, where the X Layer team can meaningfully support depth and market-making from day one.

A key component of this deployment is the integration with OKX’s CEX Earn product, expected to serve as a primary source of initial liquidity. This creates a flywheel where OKX’s existing user base can deposit xAssets into Aave markets directly through the exchange interface. This approach reduces the cold-start problem typical of new chain deployments and positions Aave as the underlying yield layer for one of the largest centralised exchange ecosystems.

Specification

Aave Protocol

The following outlines the initial listing parameters, which will be refined by @ChaosLabs and @LlamaRisk, with @BGDLabs providing a security review in line with the new asset onboarding process.

General Configuration

eMode #1

eMode #2

E-Mode #3

eMode #4

eMode #5

eMode #6

Disclosure

TokenLogic does not receive any payment for this proposal. TokenLogic has no business dealings with either OKX or X Layer beyond what is performed on behalf of the Aave DAO.

Copyright

Copyright and related rights waived via CC0.

Summary

LlamaRisk supports the initial parameters and the setup of the market for the deployment of Aave V3 on X Layer. An initial $12M has been earmarked to bootstrap liquidity on the network. We have determined that this is sufficient to support liquidations and scaling under the parameters proposed.

We agree with the proposed launch of the X Layer instance with the strategic subset of assets presented. While some initial assets will be made available within standard market configurations limited to stablecoin borrowing, specialized E-modes will enable targeted risk mitigation and improved capital efficiency for highly correlated assets. Therefore, the sole recommendation is to exclude E-Modes 1, 2, and 3 from the initial setup in order to avoid duplication of collateral-borrow paths.

Initial Setup

The X Layer instance will utilize a hybrid model, supporting both general market borrowing and specialized E-mode configurations. The stablecoin market will be anchored by USDT0, USDG, and GHO.

The primary collateral set will consist of xAssets - native to X Layer - including xETH, xSOL, xOKSOL, xBETH, and wOKB. To maximize capital efficiency while isolating risk, these will be supported by LST-correlated E-modes, allowing high-efficiency loops between liquid staking tokens and their underlying assets.

xAssets represent approved asset types on the Asset Class Allowlist, such as wrappers and LSTs. Additionally, correlated xAsset E-modes will be introduced to enable potential leveraged staking use cases.

Chain-Specific Asset Evaluations

Note: xAssets are yet to be onboarded on other Aave markets; these assets have been analysed in-depth within our asset review framework and presented in separate responses on this forum thread.

USDT0

USDT0 serves as the canonical representation of USDT on X Layer.

• Standard: LayerZero’s OFT standard.
• Mechanism: Uses a lock-and-mint architecture on Ethereum Mainnet (via OFTAdapter), ensuring 1:1 backing and cross-chain interoperability without fragmented liquidity pools.
• Access Controls: The contract is an upgradable OpenZeppelin Transparent Proxy. Ownership and ProxyAdmin functions are controlled by a 3/5 Safe Multisig, with the OFT Contract acting as the authorized minter/burner adapter.

Total supply of the asset currently sits at 53M. The initial liquidity of the asset is yet to be bootstrapped sufficiently; the largest pool (Curve V3 USDC/USDT0) currently sits with approximately $731K in USDT0.

Source: X Layer Explorer, February 14th, 2026

USDG

USDG is a natively issued on X Layer by Paxos.

• Standard: OpenZepplin Universal Upgradeable Proxy Standard (ERC1967).
• Mechanism: The SupplyControl contract manages the access control system for token minting and burning on X Layer. USDG is minted through a chain-native off-chain control system, with 1:1 reserves held in cash and short-duration U.S. government instruments.
• Access Controls: owned by an IERC5313-style Admin address, using four role-based access controls, each controlled by Paxos’ defaultAdmin address backed by proprietary offline HSMs that enforce multi-person approvals.

The total supply of USDG on X Layer is 279M, with the majority of the supply held by an OKX Cold Wallet address. The largest liquidity source is a Uniswap USDG/USDT0 pool, which holds 424K.

Source: X Layer Explorer, February 14th, 2026

Asset Liquidity

The heuristics used to determine adequacy for initial supply and borrow caps are based on the following:

• Projected Price Impact: Based on the $12M in expected liquidity, we anticipate that once deployed, liquidity will be sufficient to support a target price impact threshold of 5-7.5% for collateral assets.
• Contingency on deployment: The proposed parameters and caps outlined in this document are valid for the initial deployment phase only. A final validation of realized liquidity depth and DEX router efficiency will be required post-deployment to ensure that the Aave Effect and committed bootstrapping efforts meet the necessary safety requirements for scaling.
• Correlated E-Modes: In this deployment, assets will be grouped into specific E-Modes to safely maximize efficiency. This limits borrowing to stablecoins and LSTs (xBETH and xOKSOL) that can be used to borrow their respective underlying assets (ETH and SOL)

*Current DEX liquidity as of February 14th, 2026

The following commitments have been confirmed with strategic partners to ensure sufficient liquidity at launch. We further expect that targeted incentive programs, as well as DEX launches, will immediately grow the liquidity TVL at the time of deployment.

Parameter Recommendations

LlamaRisk supports the initial parameters for the deployment proposed by TokenLogic, with a sole recommendation to exclude E-Modes 1, 2, and 3 from the initial setup in order to avoid duplication of collateral-borrow paths. In addition, we recommend the following Chainlink price feeds to be used on this market:

• ETH/USD; to price xETH and as a basis to price xBETH, in conjunction with xBETH internal exchange rate.
• SOL/USD (under development): to price xSOL and as a basis to price xOKSOL, in conjunction with xOKSOL internal exchange rate.
• OKB/USD: to price WOKB.
• BTC/USD: to price xBTC.
• USDG/USD: to price USDG.
• USDT0/USD: to price USDT0.

Other parameters, such as the CAPO limits are to be presented jointly with @ChaosLabs.

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

xSOL Asset Review

Summary

LlamaRisk supports onboarding xSOL to the Aave V3 X Layer instance. The SOL wrapper is managed centrally by OKX, with underlying SOL custodied in a locked reserve address. Key access control roles are assigned to MPCs managed by the X Layer team. Withdrawals are facilitated by OKX, introducing permissioned barriers for redemptions.

Onchain supply is currently worth $1.5M, with 2 pools supplying the only sources of DEX liquidity. As with other xAssets, liquidity will be bootstrapped to support the onboarding, with modest initial supply caps intended to introduce the Solana-native asset.

The asset’s recent deployment offers little insight into its volatility or growth, and lacks a Chainlink price feed. The X Layer team has informed us that a Chainlink SOL/USD price feed is still under development. We therefore recommend onboarding contingent on the price feed being deployed to support efficient pricing.

Full Asset Evaluation

1. Asset Fundamental Characteristics

1.1 Asset

xSOL is a cross-chain wrapped SOL representation, backed 1:1 by native SOL, custodied by OKX. xSOL is minted when users send SOL to the designated xSOL reserve address or when a user withdraws SOL from their OKX account to a supported network address (currently only deployed on X Layer). Underlying SOL is redeemed back into user accounts when xSOL is deposited on the OKX Exchange.

1.2 Architecture

xSOL minting, burning, and transferring are controlled through OKX’s MPC system. SOL deposits are held in OKX’s SOL reserve address, which consists of SOL secured for xSOL. The reserve holding underlying SOL can be viewed through Solana explorers, like Solscan, and via a public dashboard. The reserve is a locked address that is controlled, which strictly stores segregated SOL.

The core components of xSOL include:

• xSOL: an ERC-20 contract for X Layer wrapped SOL. Inherits from xToken contract.
• Reserve Address: Solana-based address that stores underlying xSOL.
• Mint & Burn Controller: MPC that controls xSOL minting and burning operations.
• TimelockController: Manages sensitive admin functions.
• Authorized Receiver: Dedicated address that receives newly minted xSOL
• Admin: MPC that manages updates and controls transfer restrictions/blacklisting.
• ProxyAdmin: Can modify contract parameters or implement xSOL upgrade.

An internal verification engine monitors and enforces the minting and burning of 1:1 SOL from OKX exchange addresses.

A Chainlink PoR is planned to support reserve attestations, which will reference the public reserve address linked above. The X Layer team indicated that this initial setup is planned to be updated in the future to incorporate a 3rd party auditor.

1.3 Tokenomics

A mint and burn mechanism is used on X Layer for xSOL with a corresponding deposit and withdrawal messaging system on Solana for SOL. No supply cap is in place for xSOL on X Layer. Given that minting is facilitated by OKX, liquidity and supply for xSOL are dependent on SOL availability on OKX or user deposits into the controlled reserve.

image1051×169 28 KB

image1062×140 25.7 KB

Source: X Layer Internal Documentation, February 13th, 2026

xSOL follows established wrapper patterns, with permissioned minting and burning.

1.3.1 Token Holder Concentration

Current supply is 18,843 ($1.5M) with 547 holders. Supply is concentrated on 3 accounts, which hold over 96% of xSOL on X Layer:

• OKX. Deposit_1 EOA: 48.89%
• Uniswap xSOL/USDT0: 29.28%
• Uniswap xSOL/xOKSOL: 18.57%

2. Market Risk

2.1 Liquidity

image468×375 16.1 KB

Source: xSOL swap USDT0, Uniswap, February 13th, 2026

Meaningful liquidity is currently lacking. Additional liquidity has been committed to support onboarding, with $1M and $2M allocated to the xOKSOL/xSOL and xSOL/USDT0 pools, respectively.

2.1.1 Liquidity Venue Concentration

As shown in section 1.3.1, Uniswap represents the sole venue for xSOL liquidity. As of February 13th, liquidity in each pool amounted to $789K in the xSOL/USDT0 pool and $551K in the xSOL/xOKSOL pool.

2.1.2 DEX LP Concentration

image1236×414 27 KB

Source: xSOL/USDT0 LPs, Debank, February 13th, 2026

image1242×215 9.61 KB

Source: xSOL/xOKSOL LPs, Debank, February 13th, 2026

Given the asset’s recent deployment, liquidity is primarily supplied by the X Layer team, resulting in a single LP source for both pools.

2.2 Volatility

image736×344 18.5 KB

Source: xSOL/USD, Geckoterminal, February 13th, 2026

image792×397 21.7 KB

Source: SOL/USD price feed (Base), Chainlink, February 16th, 2026

xSOL price data is limited, with data only available from January 21st. Since then, secondary market price action in the USD pool has remained closely correlated with a SOL/USD Chainlink price feed.

2.3 Exchanges

image1312×276 38.1 KB

Source: SOL spot markets, OKX, February 16th, 2026

image734×284 14.8 KB

Source: SOL/USDT, OKX, February 16th, 2026

The spot market on OKX experiences considerable volume, as shown above, the SOL/USDT market is the largest, with 24-hour volume exceeding $90M. Money flows from these pairs show predominant net outflows within these pairs; however, it should be noted that this coincides with the recent market volatility seen recently.

image1315×221 28.4 KB

Source: SOL perp markets, OKX, February 16th, 2026

image733×282 17.2 KB

Source: SOLUSDT perp market, OKX, February 16th, 2026

The perpetual market for SOL is similarly active in terms of volume, across 3 separate markets. Open interest, as shown above, has fluctuated between 3.97M contracts and 2.67M in the largest SOLUSDT perpetual market over the 30 days observed.

2.4 Growth

image855×492 31.4 KB

Source: xSOL Market Cap, Coingecko, February 13th, 2026

Limited growth was observed at the time of writing as measured by onchain TVL, given the token’s recent deployment. As shown in section 2.3, OKX exchange represents a large base for potential growth for xSOL on X Layer, given that xSOL is minted when users withdraw SOL from OKX.

3. Technological Risk

3.1 Smart Contract Risk

A Zellic audit was completed on xSOL and other assets on December 23, 2025. 1 medium severity, 2 low severity issues, and 1 informational issue were found. The team acknowledged the issues and implemented fixes to the medium and low-severity issues. The medium issue was related to potential addresses on the denylist being able to transfer funds from accounts that granted them allowances. The final report is yet to be shared publicly.

3.2 Bug Bounty Program

xSOL smart contracts are covered under a live OKG bug bounty program hosted on HackerOne with a max bounty of $1M.

3.3 Price Feed Risk

No Chainlink price feed has been deployed, with the team indicating that it is still in development.

3.4 Dependency Risk

xSOL relies on OKX to effectively maintain a 1:1 custody of the underlying SOL custodied on OKX and on Solana. The Solana reserve creates an additional foreign network dependency, one that Aave has yet to deploy on. xSOL does not call external unverified functions, calling only internal system functions.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

To the extent other X Layer assets are governed by the same dedicated wrapped-token user agreement that applies across all wrapped 1:1 assets, they should be treated as operating within the same core legal architecture as xETH. On that premise, the legal analysis prepared for xETH is directionally applicable to such X Layer assets, particularly the findings regarding (i) the assets’ legal construct, (ii) the eligibility and access model, and (iii) the authorisation and regulatory perimeter status of the operating entity.

4.2 Access Control Risk

xSOL is deployed behind a Transparent Upgradeable Proxy, with the current implementation contract.

4.2.1 Contract Modification Options

A Role-Based Access Control system is utilized. The roles and their associated capabilities are outlined below:

MINTER_ROLE: Can mint and burn tokens, assigned to MPC 1.

DENY_LISTER_ROLE: Can pause/unpause transfers and manage the deny list, assigned to MPC 2.

DEFAULT_ADMIN_ROLE: Has admin privileges over Timelock, ProxyAdmin, and xSOL, assigned to MPC 2.

TimelockController Roles manage sensitive admin functions through a timelock delay mechanism. assigned to MPC 2:

• PROPOSER_ROLE: initiates transactions to the queue.
• EXECUTOR_ROLE: executes transactions after a delay.
• CANCELLER_ROLE: can cancel pending operations.

Sensitive functions exposed by each role include

MINTER_ROLE:

• mint & burn xSOL
• transferMinter relinquishes the role to a new account

DENY_LISTER_ROLE:

• pause and unpause all token transfers
• setReceiver determines where the newly minted are sent
• addToDenyList & removeFromDenyList controls a permissioned Deny list that blocks addresses from sending/receiving tokens
• transferDenyLister relinquishes the role to a new account

DEFAULT_ADMIN_ROLE:

• All Deny List Role functions
• grantRole assigns roles to addresses
• revokeRole removes roles assigned to addresses

PROPOSER_ROLE:

• schedule schedules a single transaction (target address, value, and data).
• scheduleBatch schedules multiple transactions to be executed in sequence.

EXECUTOR_ROLE:

• execute triggers the actual call to the target contract once the delay has ended.
• executeBatch triggers a group of function calls.

CANCELLER_ROLE:

• cancel deletes a pending operation before it is executed.

These roles highlight the highly centralized controls that roles have key contract functions, i.e, minting, transferring, pausing, and determining where newly minted xSOL are sent (and indirectly, access to the underlying SOL redemption right).

4.2.2 Timelock Duration and Function

TimelockController enforces a 3-day delay for upgrades and role changes.

4.2.3 Multisig Threshold / Signer identity

MPCs are controlled internally by OKX; no external parties are involved in the management of control systems. Admin actions require internal review and senior management approval.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

xOKSOL Asset Review

Summary

LlamaRisk supports onboarding xOKSOL to the Aave V3 X Layer instance. The cross-chain LST would represent the first Solana-based listing on Aave, introducing unique staking dynamics, such as the account-based controls for staking and an internal control system for minting, burning, and accounting for rewards that accrue to xOKSOL. Due to the recent deployment of xOKSOL, little price history, liquidity, and growth can be gleaned presently.

Onchain supply is currently worth $1.16M, with a single correlated pool supplying DEX liquidity. As with other xAssets, liquidity will be bootstrapped to support the onboarding, with modest initial supply caps intended to introduce the Solana native asset. Given the absence of a stablecoin pool pair, we recommend limiting borrowing to xSOL, which will be enforced via the E-Mode-only setup.

Additionally, onboarding should be contingent on the deployment of a SOL/USD price feed. A Proof of Reserves is highly recommended. Both of these sources are still under development at the time of writing.

Full Asset Evaluation

1. Asset Fundamental Characteristics

1.1 Asset

xOKSOL is an LST that represents an onchain receipt of OKX’s Solana staked token, OKSOL. The non-rebasing token earns yield from SOL delegated by OKX to validators, tracking staking rewards through an ever-increasing internal exchange rate. Slashing is currently not implemented on Solana, but is expected to be in the future.

Solana Staking

Staked SOL forms the basis of Solana’s Proof of Stake model, allowing validators to secure the network by processing transactions and participating in the network’s consensus model. Validators earn SOL for performing these critical functions, with rewards consisting of a protocol-defined inflation rate, which is calculated per epoch, and transaction fees.

image720×405 49.7 KB

Source: Solana Cluster Economics, Anza Docs, January 13th, 2026

Relative to ETH staking, SOL staking is more granular, with different accounts used to perform different functions in the staking process:

• Staking Account: used to delegate SOL to one validator at a time.
• Delegated Vote Address: delegated validator address.
• Staking Authority: signs transactions for operations such as delegating stake and deactivating the stake delegation
• Withdrawal Authority: signs transactions for operations such as withdrawing un-delegated stake.

1.2 Architecture

OKSOL is the sole underlying asset for xOKSOL, which is managed internally by OKX. The proportional share of xOKSOL to OKSOL is determined by the exchange rate. OKSOL’s underlying SOL is deposited with OKX validators

Key components that enable xOKSOL include:

• OKSOL: an internal CEX LST that represents delegated SOL to OKX delegators.
• Mint & Burn Controller: MPC that controls xSOL minting and burning operations.
• ExchangeRateUpdater: contract validates and constrains exchange rate updates
• Admin: MPC that manages updates and controls transfer restrictions/blacklisting.
• TimelockController: Manages sensitive admin functions
• Authorized Receiver: Dedicated address that receives newly minted xOKSOL.
• ProxyAdmin: Can modify contract parameters or implement xSOL upgrade.

Reserves

Underlying OKSOL is managed by an internal OKX ledger, i.e., not on an onchain reserve address. A public dashboard reflects OKX’s total staked SOL, underlying SOL backing xOKSOL being pooled in the same staking addresses that delegate to validators.

Current staking accounts for SOL:

• AYqLQqmp7ZbWCcaqbGmbLCewsSZANvvivuGTed5nrBiT
• 2QZMrbJjFZx9XHDMr2ADEWQNWkCqdXvoEKJJHYS2zJjx

The stake authority account:

• GcJFx1MZJ8Zn7PwtRprnzrXz4NyApdm16yAkCFQ4JvG

The withdrawal authority address assigned:

• 3WjxkXbu9JBosUWUnJpjzec7Wa4rSkWo9khUbbLDCssk

image1247×332 27.5 KB

Source: xAssets, OKX, February 15th, 2026

A Chainlink PoR feed is intended to provide cross-chain backing proof, with the withdrawal address acting as the PoR reference. The initial setup is planned to be updated in the future, post-Aave onboarding, to incorporate a 3rd-party auditor.

Validators

SOL is staked through OKX-operated Solana validators. Solana’s validation design is based on a rotating, stake-weighted selection of a leader who broadcasts transactions in a Proof of History data structure.

2 validators are currently delegated SOL.

• 3Gzmaw7NVNeaTzYBySzSwsU8ctTNy2DBRkxi46fumw3X
• 2tucttroqFNXsrYeMBQ8LfzKNfgwT2rHBzAF6RzbbHEp

image1119×625 44.6 KB

Source: OKX Validator, Solana Beach, February 15th, 2026

Exchange Rate

xOKSOL inherits its exchange rate logic from the StakedTokenV1 contract, using an offchain system to account for SOL accruals. As staking rewards increase, a permissioned oracle pushes updates on X layer. xOKSOL‘s oracle address points to the ExchangeRateUpdater, which can make updateExchangeRate calls. Onchain accounting, therefore, relies on OKX monitoring and related systems to record accruals through OKX’s internal OKSOL accounting ledger.

The exchange rate is updated periodically by a permissioned MPC within enforced bounds:

• maxAllowances: Maximum exchange rate change allowed per full interval
• intervals: Time period over which max change is allowed.

The exchange rate is updated after every Solana epoch (~2-3 days), which is triggered by internal OKX automated systems.

Rewards

OKSOL receives the same base staking rewards of 5% to 8% as native staking on Solana. At the time of writing, OKSOL APR was 5.52%. Validator rewards are paid every epoch (~2-3 days), and automatically compounded if left staked

Transaction fees are market-based participant-to-participant transfers. Delegators are charged a commission fee to the validator they have SOL staked to as a service charge. Validators can charge delegators a commission rate for their services, ranging from 0% to 100%.

Validator fee and the service fee are deducted before updates to the exchange rate are made, which are currently 1% for validator commissions and 1% for OKX service fees. These fees are subject to change.

Slashing

As stated in section 1.1, slashing is not currently implemented on Solana and is part of the Solana staking roadmap. Assessing slashing risk is currently not possible until implemented; SOL staked with a malicious validator could therefore effectively be slashed up to 100% of its value. This risk factor should be kept in mind once slashing is implemented. Should OKX delegated validators get slashed, the xOKSOL exchange rate decreases, and the docs indicate that losses will be absorbed by OKX.

Unstaking

Delegated SOL can be unstaked after a cooldown period. Solana docs indicate that cooldowns take “several epochs”; the exact time a cooldown can last is dependent on the actions of other staking participants. Solana limits how much can be delegated and undelegated in a single epoch. This is based on the rate of change to total network stake, a function of the previous epoch’s total effective stake, total deactivating stake, and the stake program’s configured cooldown rate.

SOL in cooldown continues to earn rewards and will remain exposed to slashing. Accumulated rewards are delivered at the end of the cooldown along with the initial stake.

Given that the cooldowns can last at least up to 2 epochs, and therefore 4-6 days, should OKX stake a significant portion of SOL, access to timely liquidatable SOL would be limited; thus, an adequate liquidity buffer is required to support withdrawals.

Withdrawals

Withdrawals are active for xOKSOL, with an estimated 2-minute delay. OKX indicated that they maintain a 3-5% liquidity buffer to support instant exchange redemptions, without waiting for unbonding periods.

1.3 Tokenomics

A mint and burn mechanism is used for xOKSOL on X Layer. xOKSOL is minted when a user withdraws their OKSOL to X Layer. Underlying OKSOL is minted on OKSOL when users stake SOL on OKX, receiving an equivalent amount of OKSOL at the prevailing exchange rate.

image1056×126 21.6 KB

Source: xOKSOL mint flow, X Layer docs

When a user deposits xOKSOL back on OKX, it is burned, and the user receives their OKSOL plus accumulated staking rewards.

image1043×143 29.1 KB

Source: xOKSOL burn flow, X Layer docs

No supply cap is in place for xSOL on X Layer. Given that minting is facilitated by OKX, liquidity and supply for xSOL are dependent on SOL availability on OKX or user deposits into the controlled reserve.

1.3.1 Token Holder Concentration

A total supply of 13,494.8 xOKSOL (~$1.16M) is currently circulating on X Layer, 17 holders. 2 accounts represent 98% of the available supply, namely the OKX Deposit EOA and xOKSOL/xSOL Uniswap pool.

2. Market Risk

2.1 Liquidity

image468×385 15.7 KB

Source: xOKSOL swap USDT0, Uniswap, February 13th, 2026

Meaningful liquidity is currently lacking. Additional liquidity has been committed to support onboarding, with $1M allocated to the xOKSOL/xSOL pool.

2.1.1 Liquidity Venue Concentration

As shown in section 1.3.1, Uniswap represents the sole venue for xSOL liquidity. As of February 15th, xSOL/xOKSOL pool TVL is $561K.

2.1.2 DEX LP Concentration

image1242×215 9.61 KB

Source: xSOL/xOKSOL LPs, Debank, February 13th, 2026

Given the asset’s recent deployment, liquidity is primarily supplied by the X Layer team, resulting in a single LP source for both pools.

2.2 Volatility

None at this stage, given the token’s recent deployment.

2.3 Exchanges

image1305×183 17.1 KB

Source: CEX spot market, OKX, February 16th, 2026

Underlying CEX version (OKSOL) is traded on OKX. The spot market for OKSOL currently consists of 2 trading pairs, OKSOL/SOL and OKSOL/USDT. At the time of observation, the 24-hour trading volume for OKSOL/SOL amounted to $903.20K, with the order book weighted towards sell-side pressure (~68%).

The OKSOL/USDT market is notably smaller, with a 24-hour trading volume of $228.03K, and an order book weighted towards more sell orders (~74%).

2.4 Growth

image1312×276 38.1 KB

Source: SOL spot markets, OKX, February 16th, 2026

None at this stage, given the token’s recent deployment. As shown in section 2.3, OKX exchange represents a large base for potential growth for xOKSOL on X Layer, given the high SOL trading volume across 4 spot markets.

3. Technological Risk

3.1 Smart Contract Risk

A Zellic audit was completed on xOKSOL and other xTokens on December 23, 2025. 1 medium severity, 2 low severity issues, and 1 informational issue were found. The team acknowledged the issues and implemented fixes to the medium and low severity issues. The medium issue was related to potential addresses on the denylist being able to transfer funds from accounts that granted them allowances. The final report is yet to be shared publicly.

3.2 Bug Bounty Program

xOKSOL smart contracts are covered under a live OKG bug bounty program hosted on HackerOne with a max bounty of $1M.

3.3 Price Feed Risk

The xOKSOL exchange rate model is calculated as 1 xOKSOL = exchangeRate * 1 SOL. Like other LSTs onboarded onto Aave, a Chainlink SOL/USD used with the internal exchange rate, along with a CAPO adapter, would be used to price xOKSOL.

3.4 Dependency Risk

Validators

Validators and Solana staking represent the main dependencies for xOKSOL. Underlying SOL staked with validators relies on the clients used being efficient and maintaining uptime to generate the yields for OKSOL. Validators can set their own commissions and, in the future, will be exposed to slashing risk once implemented. xOKSOL, thus, could become exposed to adverse price risk if yields earned are below the expected APR due to underperforming validators or in the event a validator is slashed, potentially exposing up to 100% of underlying SOL. X Layer docs state that economic losses will be covered by OKX and will not be passed over to tokenholders.

Network

Solana network outages pose a risk to SOL accessibility, with the longest historical downtime reaching 19 hours. As the issuer of xOKSOL, unstaking SOL may take longer in these events.

Exchange Rate Management

xOKSOL’s exchange rate relies on effective monitoring and reporting on Solana and X Layer, respectively. An inaccurate, stale, or manipulated exchange rate would manipulate the actual underlying assets that xOKSOL represents. For Aave, this collateralisation risk is inherent to the assets’ design and collateral location.

Reserve Management

As xOKSOL is minted based on withdrawals from OKX, the internal controls must align reserves to mint and burn rates to ensure that the X Layer representation does not exceed available minted OKSOL. Incorrect accounting of these rates risks the undercollateralization of the asset.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

To the extent other X Layer assets are governed by the same dedicated wrapped-token user agreement that applies across all wrapped 1:1 assets, they should be treated as operating within the same core legal architecture as xETH. On that premise, the legal analysis prepared for xETH is directionally applicable to such X Layer assets, particularly the findings regarding (i) the assets’ legal construct, (ii) the eligibility and access model, and (iii) the authorisation and regulatory perimeter status of the operating entity.

4.2 Access Control Risk

xOKSOL is deployed behind a Transparent Upgradeable Proxy, with the current implementation contract.

4.2.1 Contract Modification Options

A Role-Based Access Control system is utilized. The roles and their associated capabilities are outlined below:

MINTER_ROLE: Can mint and burn tokens, assigned to MPC 1.

DENY_LISTER_ROLE: Can pause/unpause transfers and manage the deny list, assigned to MPC 2.

DEFAULT_ADMIN_ROLE: Has admin privileges over Timelock, ProxyAdmin, and xOKSOL, assigned to MPC 2 BB.

ExchangeRateUpdater Owner: manages callers, determines the parameters (rate changes and intervals of change), and can transfer ownership. Assigned to MPC 2:

ExchangeRateUpdater Caller: can make allowance-based updates, limited by contract parameters assigned to MPC 1

TimelockController Roles manage sensitive admin functions through a timelock delay mechanism. assigned to MPC 2:

• PROPOSER_ROLE: initiates transactions to the queue.
• EXECUTOR_ROLE: executes transactions after a delay.
• CANCELLER_ROLE: can cancel pending operations.

Sensitive functions exposed by each role include

MINTER_ROLE:

• mint and burn xOKSOL
• transferMinter relinquishes the role to a new account

DENY_LISTER_ROLE:

• pause and unpause all token transfers
• setReceiver determines where the newly minted tokens are sent
• addToDenyList and removeFromDenyList control a permissioned Deny list that blocks addresses from sending/receiving tokens
• transferDenyLister relinquishes the role to a new account

DEFAULT_ADMIN_ROLE:

• All Deny List Role functions
• grantRole assigns roles to addresses
• revokeRole removes roles assigned to addresses

PROPOSER_ROLE:

• schedule schedules a single transaction (target address, value, and data).
• scheduleBatch schedules multiple transactions to be executed in sequence.

EXECUTOR_ROLE:

• execute triggers the actual call to the target contract once the delay has ended.
• executeBatch triggers a group of function calls.

CANCELLER_ROLE:

• cancel deletes a pending operation before it is executed.

ExchangeRateUpdater Caller:

• updateExchangeRate changes the value of the exchange rate and, in turn, the token’s value. Changes are limited by the allowance rate limit.

ExchangeRateUpdater Owner

• transferOwnership allows the owner to add a new caller or increase the rate limit allowance

These roles highlight the highly centralized controls that roles have over key contracts, i.e, minting, transferring, pausing, and determining where newly minted xOKSOL are sent.

4.2.2 Timelock Duration and Function

TimelockController enforces a 3-day delay for upgrades and role changes

4.2.3 Multisig Threshold / Signer identity

MPCs are controlled internally by OKX; no external parties are involved in the management of control systems. Admin actions require internal review and senior management approval.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Aave v3 X-Layer. Initial asset listings technical analysis - Cross-chain assets and native

Introduction

This analysis covers the assets proposed for the initial listing on X Layer. As these assets are already listed on one or more Aave instances (or their smart contracts are, like in the case of WOKB), the review provides an overview of key aspects such as contract implementations and access controls of critical components relevant to protocol security during the listing process, as extra transparency for the community.

Disclosure: This is not an exhaustive security review of the asset like the ones conducted by the asset’s teams, but an overview analysis from an Aave technical service provider on various aspects we consider critical before listing an asset that is already listed on other Aave instances. Therefore, like with any security review, this does not make an absolute statement that the asset is flawless, only that, in our opinion, we do not see significant problems with its integration with Aave, aside from different trust points.

Assets

The following is a non-exhaustive overview of the assets’ smart contracts that will initially be listed on X Layer.

USDT0

The USDT0 stablecoin is an upgradable OZ Transparent Proxy that uses the TetherTokenV2 standard with an OFT extension.

The asset is already listed on other Aave instances and follows the exact implementation on L2, such as Plasma.

For access control, it uses the OZ Ownable, where the owner is set to a Safe 3-of-5. The principal role is to set the OFT Contract and upgrade the implementation of the Proxy.

The OFT extension gives an OFT Contract the capabilities to mint and burn the tokens. This OFT Contract is the adapter (LZ OApp) that receives messages from the LayerZero bridge to mint tokens.

The implementation doesn’t impose risks for the listing.

For USDT0 pricing, we recommend using the Capo stable adapter with the USDT/USD Chainlink price feed.

USDG

The USDG token is an upgradable UUPS Proxy contract that uses the PaxosTokenV2 standard. The asset is already listed on the Aave Core instance and follows the same implementation as mainnet.

The OFTWrapper contract is a controller within the SupplyControl contract, with the ability to mint and burn tokens. This OFT contract is the adapter (LZ OApp) that receives messages from the LayerZero bridge to mint tokens.

The implementation doesn’t impose risks for the listing.

We recommend pricing USDG using a fixed 1 USD price feed, if following the same configuration used on mainnet (only borrowable, non-collateral).

WOKB

The WOKB token is a non-upgradable contract using the WETH9 implementation, wrapping the chain’s native asset (in this case, OKB) into an ERC20-like token. This standard is widely used on EVM chains and poses no risk to the listing.

We recommend pricing WOKB using its Chainlink OKB/USD Price Feed.

xBTC, xETH, xBETH, xSOL, xOKSOL

Please refer to the full analysis on the following posts.

Miscellaneous

• The listed assets are the official contracts on the X Layer network. Among them, WOKB is the wrapped version of the native chain token and USDC uses its native asset implementation. For the other assets in this analysis, the responsible teams selected the LayerZero bridge, implementing the OFT standard to avoid liquidity fragmentation.

• These bridged assets use the widely adopted OFT standard implementation with little to no changes, which does not affect their overall usability or security. When tokens are sent cross-chain via LayerZero, they are locked in an OFT Adapter contract. The messages are transmitted to the destination chain through the LZ endpoint, where the OApp (OFT adapter or the token itself) receives the message and mints the token. The tokens can be sent back by burning them (via OFT adapter or the token itself), which triggers a message on the LZ endpoint to release the tokens from their respective OFT adapters on the mainnet.

• The assets on mainnet are secured and locked in an OFT Adapter extension contract, which implements the OFT mechanisms, locking and releasing the tokens as they are bridged through LayerZero.

• The OFT and OApp audits can be found in the LayerZero audits GitHub repository here.

• We still recommend time-locking the upgradable admins of the upgradable assets and the ownership of general asset configurations that can add new token minters, which enhances the overall security of the assets and provides extra time to validate any changes made to the current configuration.

Conclusion

We believe this set of initial assets has no problems with integration into Aave, and there are no technical blockers for listing.

xBTC & xETH & xSOL technical analysis

Summary

This is a technical analysis of all smart contracts for the x Tokens (BTC, ETH, SOL) assets, along with their main dependencies.

Disclosure: This is not an exhaustive security review of the asset like the ones done by the OKX Team, but an analysis from an Aave technical service provider on different aspects we consider critical to review before a new type of listing. Consequently, like with any security review, this is not an absolute statement that the asset is flawless, only that, in our opinion, we don’t see significant problems with its integration with Aave, apart from different trust points.

Analysis

xTokens are wrapped versions of xBTC, ETH, and SOL on the X Layer chain. Users can deposit ETH or SOL into the OKX Exchange and withdraw 1:1 to the X Layer. When these assets are returned to an OKX Exchange account, the equivalent amount of the asset will be credited to the account.

For the context of this analysis, our focus has been on the following aspects, critical for the correct and secure integration with Aave:

• A recommendation of pricing strategy to be used in the integration asset <> Aave.
• Any miscellaneous aspect of the code that can be considered important.
• Analysis of the access control (ownerships, admin roles) and the nature of the entities involved in the system. Regarding the table permissions’ holders and their criticality/risk, it is done following these guidelines:

General points

• The assets share the same contract’s infrastructure (xToken), relying on a single contract with most dependencies from OZ for access control, deny list checks, and upgradability.

• xBTC differs slightly from xETH and xSOL in its decimal precision and naming conventions.

• It uses a role-based access control for mint and burn with a max supply set at initialization.

• For proxies, it uses the OZ Transparent Proxy pattern.

• The system-upgradable admin and the default admin for both assets are set to a 3-day timelock.

Contracts

The following is a non-exhaustive overview of the main smart contracts involved with xBTC, xETH, and xSOL.

xToken (xBTC, xETH, xSOL)

The main contract for OKX-wrapped tokens. xBTC, xETH, and xSOL are upgradable and inherit xToken functionality, including permit approvals, pausability, deny-list enforcement, and role-based access control for mint/burn and compliance operations. Users can acquire xETH and xSOL by withdrawing these assets from the OKX exchange to the X-Layer chain.

*The EOAs refer to MPC wallets using internal infrastructure to secure private keys.

• Access Control

  • DEFAULT_ADMIN:

    • Can assign roles via the grantRole(role, address) function.

  • MINTER_ROLE:

    • Can mint xToken tokens by calling the mint(to, amount) function. It checks that the amount plus the total supply does not exceed MAX_SUPPLY. The newly minted tokens can only be sent to the receiver’s address.

  • DENY_LISTER_ROLE

    • can pause/unpause transfers through pause() and unpause() functions, manage the deny list (single or batch) via addToDenyList(address) and removeFromDenyList(address) functions, set the authorized receiver by calling setReceiver(address) , and transfer the deny lister role through the transferDenyLister(address) method.

Pricing strategy

Our pricing recommendation for xTokens is as follows:

Since the assets are redeemed at a 1:1 ratio via OKX, the ETH price stays the same across all Aave instances, whereas xSOL and xBTC can be exchanged for their respective versions on their native Blockchains. This approach ensures that prices remain consistent with other wrapped tokens across different Aave instances.

Miscellaneous

• The system has undergone security reviews by the OKX audit team and Zellic. The reports can be found in the xAsset repository here.

• The OKX team clarified that all EOA holding roles within the system are managed via an internal MPC signature system.

• The OKX team creates an MPC message signed off-chain (without internet access) and then combines them to sign the on-chain transaction.

• OKX provides a xBTC PoR page for transparency purposes. It can be found here.

Conclusion

We believe xBTC, xETH, and xSOL have no issues with Aave integration and no major blockers for listing.

xBETH and XOKSOL technical analysis

Summary

This is a technical analysis of all smart contracts for the xBETH and xOKSOL assets, along with their main dependencies.

Disclosure: This is not an exhaustive security review of the asset like the ones done by the OKX Team, but an analysis from an Aave technical service provider on different aspects we consider critical to review before a new type of listing. Consequently, like with any security review, this is not an absolute statement that the asset is flawless, only that, in our opinion, we don’t see significant problems with its integration with Aave, apart from different trust points.

Analysis

xBETH and xOKSOL are yield-bearing tokens representing xETH and xSOL staked through the OKX Exchange. These recipient tokens increase their value based on the exchange rate. Users can deposit ETH or SOL into the OKX Exchange, stake them, and withdraw to the X Layer. When these assets are returned to an OKX Exchange account, the amount + yield generated will be credited to the account.

For the context of this analysis, our focus has been on the following aspects, critical for the correct and secure integration with Aave:

• Mechanism to update the exchange rate of the asset for the underlying ETH.
• A recommendation of pricing strategy to be used in the integration of the asset <> Aave.
• Any miscellaneous aspect of the code we can consider important.
• Analysis of the access control (ownerships, admin roles) and the nature of the entities involved in the system. Regarding the table permissions’ holders and their criticality/risk, it is done following these guidelines:

General points

• Both assets share the same contract’s infrastructure (StakedTokenV1 and xToken), relying on two contracts with most dependencies from OZ for access control, deny list checks, and upgradability.

• The Assets’ exchange rate depends on the ExchangeRateUpdater operating within configured rate limits.

• It uses a role-based access control for mint and burn with a max supply set at initialization.

• For proxies, it uses the OZ Transparent Proxy pattern.

• The system-upgradable admin and the default admin for both assets are set to a 3-day timelock.

Contracts

The following is a non-exhaustive overview of the main smart contracts involved with xBETH and xOKSOL.

xBETH and xOKSOL

The main contract for OKX-wrapped tokens. xBETH and xOKSOL are upgradable and inherit StakedTokenV1 and xToken functionalities, including exchange rate tracking, permit approvals, pausability, deny-list enforcement, and role-based access control for mint/burn and compliance operations. Users can acquire xBETH and xOKSOL by staking ETH and SOL on the OKX exchange and withdrawing them to the X-Layer chain.

*The EOAs refer to MPC wallets using internal infrastructure to secure private keys.

• Access Control

  • DEFAULT_ADMIN:

    • Can assign roles via the grantRole(role, address) function.

  • MINTER_ROLE:

    • Can mint xToken tokens by calling the mint(to, amount) function. It checks that the amount plus the total supply does not exceed MAX_SUPPLY. The newly minted tokens can only be sent to the receiver’s address.

  • DENY_LISTER_ROLE

    • can pause/unpause transfers through pause() and unpause() functions, manage the deny list (single or batch) via addToDenyList(address) and removeFromDenyList(address) functions, set the authorized receiver by calling setReceiver(address) , and transfer the deny lister role through the transferDenyLister(address) method.

  • Oracle

    • The oracle contract (ExchangeRateUpdater) can update the exchange rate with off-chain data via the updateExchangeRate(uint256) method.

ExchangeRateUpdater

The ExchangeRateUpdater is responsible for updating the exchange rate for its respective staked asset, subject to rate limits. It’s a non-upgradable contract that inherits the RateLimit contract with dependencies from OZ for access control.

*The EOAs refer to MPC wallets using internal infrastructure to secure private keys.

• Access Control

  • The owner add or removes callers via the configureCaller(address, amount, interval) and removeCaller(address) methods.

  • The whitelisted caller on xBETH can update the exchange rate within an allowance of 280000000000000 per day or 0.028% / day. While the caller on xOKSOL can update within an allowance of 760000000000000 every 2 days or 0.038% / day.

• Exchange Rate

  • The whitelisted caller can update the exchange rate with off-chain data via the updateExchangeRate(newRate) function. Internally, it validates that the newRate is greater than zero and that the difference between the current and new rates is within the caller’s allowance to update the exchange rate. The difference value is consumed from the caller’s allowance, and it finally updates the exchange rate by calling the xToken.updateExchangeRate(newRate) function.

  • OKX calculates the new off-chain exchange rate using the formula: current_rate × (1 + rewards_allocated_to_xToken / total_xToken_value).

  • The off-chain approach with rate-limit allowances doesn’t expose the contract to vulnerabilities like donation attacks.

Pricing strategy

We recommend pricing xBETH and xOKSOL assets using CAPO adapters that consume the exchange rates provided in the xBETH and xOKSOL contracts, along with their respective Chainlink ETH/USD and SOL/USD Price feeds.

Miscellaneous

• The system has undergone security reviews by the OKX audit team and Zellic. The reports can be found in the xAsset repository here.

• The OKX team clarified that all EOA holding roles within the system are managed via an internal MPC signature system.

• The OKX team creates an MPC message signed off-chain (without internet access) and then combines them to sign the on-chain transaction.

• Regarding validator slashing, OKX absorbs principal loss during validator slashing, so slashing might slow down the growth rate, but doesn’t lower the xBETH or xOKSOL exchange rate.

Conclusion

We believe xBETH and xOKSOL have no issues with Aave integration and no major blockers for listing.

xETH Asset Review

Summary

LlamaRisk supports onboarding xETH to the Aave V3 X Layer instance. xETH is a centrally managed ETH wrapper operated by OKX, with underlying ETH held in a locked reserve address and xETH minted 1:1 against verified inbound ETH. Key administrative and mint/burn permissions are controlled via MPC-managed roles under the X Layer team’s operational domain, with upgrades gated by an on-chain timelock. Redemptions are facilitated through OKX, which introduces a permissioned dependency for withdrawals versus a fully permissionless unwrap path.

Current on-chain supply is approximately 3.4k xETH (about $6.9m), and holder distribution is highly concentrated in OKX-linked addresses. Secondary on-chain liquidity is currently concentrated in Uniswap pools only, with the primary USDT0/xETH pool at roughly $830k TVL.

Given the asset’s recent deployment, the observable trading history is limited, but available market pricing remains closely aligned with ETH, consistent with the reserve-backed peg design. xETH can be valued using the existing Chainlink ETH/USD feed on X Layer. We therefore support onboarding with conservative initial risk limits and supply caps, with any cap increases contingent on demonstrated growth in non-OKX holder dispersion and deeper, more diversified DEX liquidity.

Full Asset Evaluation

1. Asset Fundamental Characteristics

1.1 Asset

xETH is an ERC-20 wrapped representation of native ETH on X Layer that targets a deterministic 1:1 conversion model, where issuance and redemption are operationally tied to OKX custodial infrastructure.

The backing ETH is held in a designated locked reserve address controlled by Aux Cayes, a Seychelles-registered OKX affiliate that serves as the contracting/service-providing entity for certain users on the OKX platform.

1.2 Architecture

xETH architecture is a 1:1 wrapped-ETH system where every xETH in circulation is issued only after native ETH is received into a segregated locked reserve address, and every ETH release is permitted only after a verified on-chain xETH burn of the same amount.

image1615×257 61 KB

Source: OKX, February 17, 2026

Operationally, this is enforced through separated MPC roles (mint, burn, and admin), an internal verification engine that validates inbound/outbound flows against strict mint/burn invariants.

The OKX team claims that they reserve 3–5% of user-deposited ETH as liquidity to support the exchange’s fast redemption feature, which allows users to redeem their underlying tokens instantly without waiting for the unbonding period.

The core components of xETH include:

• xETH: an ERC-20 contract for X Layer wrapped SOL. Inherits from the xToken contract.
• Reserve Address: EVM-based address that stores underlying ETH.
• Mint & Burn Controller: MPC that controls xETH minting and burning operations.
• TimelockController: Manages sensitive admin functions.
• Authorized Receiver: Dedicated address that receives newly minted xETH.
• Admin: MPC that manages updates and controls transfer restrictions/blacklisting.
• ProxyAdmin: Can modify contract parameters or implement xETH upgrade.

An internal verification engine monitors and enforces the minting and burning of 1:1 ETH from OKX exchange addresses.

Reserves

image1593×667 35.4 KB

Source: OKX, February 17, 2026

xETH reserves are fully backed by an ETH reserve held in a single on-chain address. As of the latest update, the reserve balance is ~3,435 ETH, while the total xETH supply is 3,434 xETH, all issued on X Layer. The X Layer team has also indicated that a formal Proof of Reserves implementation is planned to strengthen ongoing verification of backing.

1.3 Tokenomics

The current xETH token supply on X Layer is approximately 3,434 xETH, corresponding to roughly 3,435 ETH available on the Ethereum network as reserve backing.

1.3.1 Token Holder Concentration

image1174×781 58.3 KB

Source: xETH token holders, February 17, 2026

xETH holdings are currently highly concentrated, with the top 5 addresses controlling almost 98% of the supply:

• OKX (Hot Wallet): 2,208.0924 xETH (64.29%)
• OKX (Deposit): 577.0437 xETH (16.80%)
• Uniswap V3 LP (USDT0/xETH): 228.0712 xETH (6.64%)
• OKX (Hot Wallet): 177.6520 xETH (5.17%)
• Uniswap V3: 168.6269 xETH (4.91%)

2. Market Risk

2.1 Liquidity

image621×684 31.9 KB

Source: Uniswap, February 17, 2026

A swap transaction of 25 xETH into USDT0 returns about 46.0k USDT0, with the interface flagging a high price impact of -7.58%. Additional liquidity has been committed to support onboarding, with $2M for xETH/USDT0 pools, respectively.

2.1.1 Liquidity Venue Concentration

All observable on-chain secondary liquidity for xETH is currently concentrated in Uniswap pools. In the primary venue (USDT0/xETH), the pool size is approximately $830k, with an additional correlated venue in the xBETH/xETH pool at approximately $659k TVL.

2.1.2 DEX LP Concentration

The USDT0/xETH Uniswap pool appears to be liquidity-seeded primarily from OKX-controlled wallets. Debank LP analytics also indicates that an independent LP set has not yet formed, consistent with early-stage, centrally seeded liquidity.

2.2 Volatility

image1193×640 50.8 KB

Source: Geckoterminal, February 17, 2026

image1138×631 46.8 KB

Source: Chainlink ETH/USD feed, February 17, 2026

xETH on X Layer has a limited observable trading history, so there is not yet a long time series to evaluate behavior across multiple market regimes. Within the available window, pricing remains tightly aligned to ETH, consistent with the intended 1:1 peg mechanism and the current reserve-backed design.

2.3 Exchanges

X Layer xETH currently has no CEX listing.

image1861×381 49.5 KB

Source: OKX, February 17, 2026

xETH is not currently listed on any centralized exchange. By contrast, ETH itself is one of the most liquid assets on OKX, supported by deep spot turnover in its core quote pairs. In the last 24 hours, the ETH/USDT market processed approximately 133.9k ETH of volume, indicating substantial two-way liquidity and a high-capacity venue for large ETH conversions.

image1882×323 41.1 KB

Source: ETH perp markets, OKX, February 18, 2026

image1056×495 28.4 KB

Source: ETHUSDT perp market, OKX, February 18, 2026

The perpetual market for ETH is active on OKX, with trading spread across three primary contracts: ETHUSDT, ETHUSD CM, and ETHUSD UM. At the time of observation, ETHUSDT perps recorded approximately €6.63B in 24-hour turnover, while ETHUSD CM perps recorded approximately €266.6M, indicating material derivatives activity and a high-capacity venue for hedging and rapid risk transfer beyond spot markets.

2.4 Growth

image1055×727 41.6 KB

Source: CoinGecko, February 17, 2026

xETH remains in an early-stage growth profile. Based on the current market tracker snapshot, its market cap is approximately $6.87m, with reported daily volume around $250k. The market cap series shows a step-change shortly after initial availability, followed by a sustained drift lower from the initial peak and a recent stabilization in the mid-single-digit millions, consistent with an initial seeding phase and then limited incremental inflows.

3. Technological Risk

3.1 Smart Contract Risk

xETH is covered within the broader xAsset audit scope: OKX’s security team audited the xAsset codebase internally, and Zellic and MixBytes audited it externally, so xETH is covered to the extent it uses that audited xAsset implementation.

• OKX internal audit (10 Dec 2025): 2 findings, including a low issue where the exchange-rate update rate limit could be bypassed, allowing two updates in the same block after inactivity.
• Zellic external audit (23 Dec 2025): 4 findings, no critical/high; one medium issue was a denylisted address still being able to use transferFrom via existing allowances (fixed). Two low issues: setReceiver could set a denylisted receiver (minting can be blocked), and exchangeRate() could return 0 before the first oracle update (fixed).
• MixBytes’ external audit (22 Jan 2026): reported no critical/high/medium issues and identified 8 low-severity findings (7 acknowledged, 1 fixed). Key low items include: (i) configureCaller() may reset a caller’s allowance without replenishment; (ii) role/ownership hardening gaps (unrestricted renounceRole/renounceOwnership).

3.2 Bug Bounty Program

xETH smart contracts are covered under a live OKG bug bounty program hosted on HackerOne with a max bounty of $1M.

3.3 Price Feed Risk

A Chainlink ETH/USD price feed is available on X Layer. The price feed has a 0.5% deviation and a 24-hour heartbeat.

3.4 Dependency Risk

xETH relies on OKX to effectively maintain a 1:1 custody of the underlying ETH custodied on OKX and on Ethereum. The ETH reserve creates an additional foreign network dependency, one that Aave has yet to deploy on. xETH does not call external unverified functions, calling only internal system functions.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

This analysis is confined to the overview document provided and on subsequent clarifications from OKX, including OKX’s confirmation that xETH is governed by a dedicated wrapped-token user agreement applicable across all wrapped 1:1 assets.

Legal Construct

On the basis of the overview alone, xETH is most appropriately framed as a custodial, centrally administered “wrapped ETH” representation on X Layer, intended to be redeemable on a 1:1 basis against ETH purportedly held in a segregated “locked reserve address” under OKX-linked custody arrangements. As a matter of legal substance, this configuration aligns more naturally with a “tokenized claim” or “tokenized receipt” construct than with a bearer asset that embodies self-contained rights independent of an operator. The operational design described in the document—minting conditioned on ETH being received into the reserve address, burning constrained to MPC-authorised flows, and release of reserve ETH restricted to OKX-controlled withdrawal addresses—suggests that the underlying economic reality is a structured relationship in which (a) OKX (or the identified controller, Aux Cayes) retains control over the backing ETH, while (b) users hold an ERC-20 token that is intended to evidence an entitlement to redemption through OKX-managed processes, rather than a permissionless redemption right enforceable exclusively through smart-contract interaction.

OKX team confirms that “Tokenized Claim” is the appropriate characterisation of xETH. OKX further clarifies that acquiring xETH is treated as a “subscription” for a token that grants a legal, contractual right to claim ETH on a 1:1 basis with OKX under the wrapped token user agreement. Redemption is described as automated and triggered when a user deposits xETH into their OKX wallet, but OKX reserves rights to reject or delay redemptions under its terms of service (stated to be intended for flexibility in exceptional technical/liquidity scenarios).

OKX elaborates on the withdrawal scenario, i.e., when users “withdraw xETH,” the ETH they deposit is sent to an Aux Cayes–controlled segregated wallet to serve as the reserve pool for future ETH redemptions arising from xETH deposits.

Bankruptcy remoteness and segregation

The overview does not provide any express assurance of bankruptcy remoteness or insolvency-ringfencing. In particular, it does not state that the reserve ETH is held on trust for the benefit of xETH holders, that such reserve assets are legally insulated from the insolvency estate of Aux Cayes/OKX, or that a formal legal opinion, structured custody arrangement, or other insolvency-resilient framework has been implemented to preserve holder entitlements in the event of a bankruptcy or similar proceeding.

According to the OKX team, the reserve ETH is only technologically/physically separated via a dedicated wallet address exclusively used for the x-asset reserve pool and is not mingled with general operational wallets; however, legally, reserve and general assets are not distinguished.

Notwithstanding the absence of any trust arrangement or trust-language in the governing terms, OKX represents that it maintains the reserve ETH under an operational segregation model and further states that, in the event of insolvency, the reserve ETH would not be treated as forming part of the insolvency estate.

Eligible Users

At present, the overview does not clearly establish which user categories are eligible to subscribe for, or redeem, xETH. If any jurisdictional limitations apply or if access is segmented between retail and institutional participants, those constraints should be articulated explicitly by the OKX team.

According to the explanatory notes, the eligibility restrictions exist and differ by jurisdiction. For the currently targeted jurisdictions (Bahamas and Seychelles), OKX states there is no restriction based on user type (retail vs institutional). Eligibility conditions are not specifically documented in customer-facing terms; instead, the product is not offered to users who are not entitled to access it. Internally, eligibility is turned on/off by jurisdiction depending on legal review. OKX also states it is not its practice to disclose eligibility limitations in product documentation because such limitations may change over time based on strategic or legal decisions, with technology-based restrictions implemented as needed.

Regulatory Status

As to whether Aux Cayes is permitted to provide the services described in the overview, Aux Cayes Fintech Co. Ltd. is a Seychelles-incorporated entity regulated as a Virtual Asset Service Provider (“VASP”) under the Virtual Asset Service Providers Act, 2024 (the “VASP Act”), administered by the Financial Services Authority (the “FSA”).

Aux Cayes has submitted its license application under the transitional regime available to pre-existing VASPs that were operational prior to the commencement of the VASP Act, having filed by the statutory deadline of 31 December 2024. On that basis, Aux Cayes continues operating pursuant to the transitional provisions pending the outcome of its full license application.

Under the VASP Act and its accompanying Regulations, a VASP may carry on one or more regulated activities, including: virtual asset exchange services (exchange between virtual assets, or between virtual assets and fiat currency); transfer services (conducting or arranging transfers of virtual assets between wallets or accounts); safekeeping or administration of virtual assets or instruments enabling control over virtual assets (including wallet provider services); and participation in, or the provision of, financial services relating to an issuer’s offer or sale of a virtual asset.

Aux Cayes’ VASP registration status is further corroborated through a review of the FSA’s online registry.

OKX indicates that, while no standalone Seychelles perimeter memo was prepared specifically for xETH, a prior legal assessment was undertaken for xBTC and is intended to extend to xETH on a like-for-like basis under the Seychelles VASP Act, on the rationale that both BTC and ETH are treated as “virtual assets” without asset-specific differentiation or a higher regulatory classification for ETH under that Act. On this basis, OKX’s position is that xETH should not require incremental regulatory permissions beyond those applicable to Aux Cayes under its VASP licensing posture, provided the xETH programme mirrors the xBTC mechanics and disclosures, including that xETH remains a 1:1 fully backed wrapped representation, minting occurs only upon receipt of ETH, burning occurs upon redemption, and the underlying ETH is not staked, lent, rehypothecated, or otherwise deployed.

OKX notes that the same disclosure posture used for xBTC should be maintained for xETH, emphasising that redemption at 1:1 is available only through the OKX platform to eligible users, secondary on-chain transfers may occur without OKX control, xETH is non-yielding and conveys no governance rights, reserves are fully maintained and not deployed, and availability of minting/redemption remains jurisdiction-dependent and subject to regulatory constraints.

4.2 Access Control Risk

4.2.1 Contract Modification Options

A Role-Based Access Control system is utilized. The roles and their associated capabilities are outlined below:

MINTER_ROLE: Can mint and burn tokens, assigned to MPC 1.

DENY_LISTER_ROLE: Can pause/unpause transfers and manage the deny list, assigned to MPC 2.

DEFAULT_ADMIN_ROLE: Has admin privileges over Timelock, ProxyAdmin, and xETH, assigned to MPC 2.

TimelockController Roles manage sensitive admin functions through a timelock delay mechanism. assigned to MPC 2:

• PROPOSER_ROLE: initiates transactions to the queue.
• EXECUTOR_ROLE: executes transactions after a delay.
• CANCELLER_ROLE: can cancel pending operations.

Sensitive functions exposed by each role include

MINTER_ROLE:

• mint & burn xETH
• transferMinter relinquishes the role to a new account

DENY_LISTER_ROLE:

• pause and unpause all token transfers
• setReceiver determines where newly minted are sent
• addToDenyList & removeFromDenyList controls a permissioned Deny list that blocks addresses from sending/receiving tokens
• transferDenyLister relinquishes the role to a new account

DEFAULT_ADMIN_ROLE:

• All Deny List Role functions
• grantRole assigns roles to addresses
• revokeRole removes roles assigned to addresses

PROPOSER_ROLE:

• schedule schedules a single transaction (target address, value, and data).
• scheduleBatch schedules multiple transactions to be executed in sequence.

EXECUTOR_ROLE:

• execute triggers the actual call to the target contract once the delay has ended.
• executeBatch triggers a group of function calls.

CANCELLER_ROLE:

• cancel deletes a pending operation before it is executed.

These roles highlight the highly centralized controls that roles have key contract functions, i.e., minting, transferring, pausing, and determining where newly minted xETH are sent (and indirectly, access to the underlying ETH redemption right).

4.2.2 Timelock Duration and Function

TimelockController enforces a 3-day delay for upgrades and role changes.

4.2.2 Timelock Duration and Function

xETH uses an on-chain timelock for every smart contract upgrade. The token is behind a proxy, and the timelock owns the ProxyAdmin and holds DEFAULT_ADMIN_ROLE, so upgrades/admin changes must be queued, wait at least 72 hours, and then executed with on-chain logs.

image1358×284 48.2 KB

Source: OKX, February 17, 2026

4.2.3 Multisig Threshold / Signer identity

MPCs are controlled internally by OKX; no external parties are involved in the management of control systems. Admin actions require internal review and senior management approval.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

xBETH Asset Review

Summary

LlamaRisk supports onboarding xBETH to the Aave V3 X Layer instance. xBETH is a centrally administered, yield-bearing wrapper of OKX’s internal BETH, with rewards accruing via a monotonic exchangeRate (non-rebasing) updated on a 24-hour cadence. Minting and burning are permissioned and mediated by OKX backend accounting and MPC-controlled roles, so redemption is operationally routed through OKX rather than permissionless on-chain unwrapping.

As of 17 Feb 2026, xBETH supply is ~3,165 xBETH (about $6.33m), fully issued on X Layer, and highly concentrated, with a single OKX deposit address holding ~94.9%. On-chain secondary liquidity is single-venue and shallow: Uniswap is the only meaningful DEX source, with the xETH/xBETH pool at roughly $659k TVL and LP ownership dominated by one provider; a 25 xBETH → USDT0 swap shows -7.7% price impact.

The underlying BETH is listed on OKX via BETH/ETH and BETH/USDT. BETH/USDT has higher 24h turnover but limited ±2% depth, while BETH/ETH has materially deeper visible depth. For pricing the asset on Aave, xBETH can be valued as exchangeRate × Chainlink ETH/USD. Residual risks are primarily operational: validator performance depends on OKX’s stack (Prysm), slashing coverage is an off-chain OKX commitment, and redemption timelines are OKX-controlled and may extend from ~13 days to several weeks.

Full Asset Evaluation

1. Asset Fundamental Characteristics

1.1 Asset

xBETH is an on-chain ERC-20 representation of OKX’s internal BETH (staked ETH within OKX validator infrastructure) designed to carry staking yield without rebasing: user balances remain constant while an exchange rate increases over time.

1.2 Architecture

BETH is the sole underlying asset for xBETH, which is managed internally by OKX. The proportional share of xBETH is determined by the exchange rate.

Key components that enable xBETH include:

• BETH: an internal CEX LST that represents delegated ETH to OKX validators.
• Mint & Burn Controller: MPC that controls xBETH minting and burning operations.
• ExchangeRateUpdater: contract validates and constrains exchange rate updates
• Admin: MPC that manages updates and controls transfer restrictions/blacklisting.
• TimelockController: Manages sensitive admin functions
• Authorized Receiver: Dedicated address that receives newly minted xBETH.
• ProxyAdmin: Can modify contract parameters or implement xBETH upgrade.

Mint & Burn Process

xBETH is minted when a user deposits their BETH to the X Layer. Underlying BETH is minted when users stake ETH via OKX validators, receiving the same amount of BETH at the current exchange rate.

image958×123 27.2 KB

Source: OKX, February 17, 2026

xBETH is burned when a user deposits xBETH back to OKX for redemption: the xBETH is transferred to OKX’s designated receiver on X Layer and burned by the Burner role, and the user is credited with the corresponding amount of BETH on OKX’s internal ledger.

image948×137 30.3 KB

Source: OKX, February 17, 2026

Validators

Validator operations for xBETH are run by OKX-managed validators under a three-pool segregation model (Global, EEA, US): users in the US and EEA participate only in their respective regional pools, while the Global pool serves users from the Bahamas, Seychelles, Singapore, Australia, Turkey, Brazil, and the UAE. The OKX Ethereum validator stack currently uses the Prysm client.

OKX is currently developing a user interface to allow users to track their validator sets and staking/unstaking events. It is expected to be made available in February.

Rewards

Underlying BETH rewards come from standard Ethereum validator income: consensus rewards for proposing/attesting, plus execution-layer income from transaction tips and MEV when a validator proposes a block. OKX reports an estimated BETH yield of ~2.6% APY, and xBETH reflects this yield via exchange-rate updates once per day.

Slashing

Token holders remain indirectly exposed to slashing risk. If OKX validators are penalized or slashed, the underlying staked ETH backing BETH can decrease.

The OKX operator has not been slashed to date. The current validator set is rated moderate based on RAVER scoring, indicating generally solid performance with some variability. RAVER reports approximately 643k ETH of active stake across ~20k active validators. This differs from OKX’s self-reported figure of ~446k ETH on its dashboard; the variance is most likely driven by differences in scope and attribution methodology. Further clarification has been requested from the X Layer team.

image1472×681 78.2 KB

Source: Rated.network, February 17, 2026

OKX claims it will absorb any slashing-related losses instead of passing them on to xBETH holders; this is an off-chain assurance, and its effectiveness ultimately depends on OKX’s operational execution and creditworthiness.

Consensus Client

OKX runs Prysm for its consensus stack, which aligns its validator performance and operational risk profile with the Prysm client line. The practical implication is that any client-specific defect or incident affecting Prysm would have both network-level relevance (given its share) and direct exposure for OKX; conversely, the fragmented long tail of other clients supports broader diversity but does not remove the concentration pocket around the top implementations.

image562×497 6.16 KB

Source: clientdiversity.org, February 17, 2026

Unstaking

Unstaking is handled through OKX’s redemption process and may involve a waiting period. OKX documentation indicates that BETH→ETH redemption can take approximately 13 days to several weeks, depending on processing conditions, and the minimum redemption amount is 0.001 BETH.

Fees

Based on the OKX team response, there are no additional fees other than the validator fee and the service fee, both of which are deducted before calculating the conversion rate. For xBETH, the OKX validator charges a 0% commission, and the exchange charges a 5% service fee.

Withdrawals

The X Layer team indicated that xBETH deposits and withdrawals are now live, following the planned activation.

Reserves

image1568×377 27 KB

Source: OKX, February 17, 2026

xBETH backing is sourced from OKX’s broader ETH staking reserve. Based on the provided staking-address inventory, the reserve is distributed across 11,022 validator deposit addresses totaling 446,277.296 ETH staked, while xBETH supply on X Layer is only ~3,165 xBETH as of 17 Feb 2026, implying the X Layer representation is a small slice of the overall staked base.

The X Layer team also indicated that a Chainlink Proof of Reserves integration is planned after Aave goes live. The following withdrawal addresses are intended to serve as the PoR reference set:

ETH Staking (Global)
• 0xa27cef8af2b6575903b676e5644657fae96f491f
• 0xe839a3e9efb32c6a56ab7128e51056585275506c
• 0xd5f8c864f21824daf3a4b22d9c33693642ed7634

ETH Staking (EEA)
• 0x560cfcb78aecac04104dc5097f7530832cc3e7e2
• 0x05e851e9196fa1fc55f92ddd07ee83a978db35d0
• 0x9b4495fcc3c99b3cb73a3722320ff1858c81c2f0

ETH Staking (US)
• 0x366a88f8de3b8036aeb24e4f6512aeff2c5cc76a
• 0x4ccda666c69cd35be70aabd8931d824b2cfa3d2d
• 0x4cbc9e809b3b9182efd319793fd2f9e29ce35975

1.3 Tokenomics

As of 17 Feb 2026, total xBETH supply is approximately 3,165 xBETH (about $6.33m), with the full amount issued on X Layer. This reflects an early-stage footprint on the network, with circulating supply still small relative to the broader OKX staking base.

1.3.1 Token Holder Concentration

image1246×798 52.2 KB

Source: xBETH token holders, February 17, 2026

xBETH holdings are currently extremely concentrated, with one single address holding ~95% of the supply:

• OKX (Deposit): 3,003.1064 xBETH (94.89%)
• Uniswap V3: 161.2279 xBETH (5.09%)
• EOA: 0.3292 xBETH (0.01%)

2. Market Risk

2.1 Liquidity

image656×713 31.7 KB

Source: Uniswap, February 17, 2026

A swap transaction of 25 xBETH into USDT0 returns about 46.0k USDT0, with the interface flagging a high price impact of -7.73%. Additional liquidity has been committed to support onboarding, with $1M for the xBETH / xETH pool.

2.1.1 Liquidity Venue Concentration

As shown in section 1.3.1, Uniswap represents the sole venue for xBETH liquidity. As of February 17th, the xETH/xBETH pool TVL is $659K.

2.1.2 DEX LP Concentration

image1552×434 20.2 KB

Source: Debank, February 17, 2026

Given the asset’s recent deployment, liquidity is primarily supplied by the X Layer team, resulting in a single LP source for both pools.

2.2 Volatility

None at this stage, given the token’s recent deployment.

2.3 Exchanges

image1621×317 40.7 KB

Source: CoinGecko, February 17, 2026

The underlying BETH is currently listed on multiple exchanges. Among reputable CEXs, BETH is listed on OKX, and the spot market is primarily concentrated in two pairs: BETH/ETH and BETH/USDT.

At the time of observation, BETH/USDT is the higher-turnover venue, with $879k in 24h volume and a shallow top-of-book depth of roughly $32k within +2% and $59k within -2%.

BETH/ETH shows $648k in 24h volume and materially deeper visible liquidity: approximately $9.59m within +2% and $27.29m within -2%.

2.4 Growth

None at this stage, given the token’s recent deployment. As shown in section 2.3, the OKX exchange represents a large base for potential growth for xBETH on X Layer.

3. Technological Risk

3.1 Smart Contract Risk

xBETH is covered within the broader xAsset audit scope: OKX’s security team audited the xAsset codebase internally, Zellic and MixBytes audited it externally, so xBETH is covered to the extent it uses that audited xAsset implementation.

• OKX internal audit (10 Dec 2025): 2 findings, including a low issue where the exchange-rate update rate limit could be bypassed, allowing two updates in the same block after inactivity.
• Zellic external audit (23 Dec 2025): 4 findings, no critical/high; one medium issue was a denylisted address still being able to use transferFrom via existing allowances (fixed). Two low issues: setReceiver could set a denylisted receiver (minting can be blocked), and exchangeRate() could return 0 before the first oracle update (fixed).
• MixBytes’ external audit (22 Jan 2026): reported no critical/high/medium issues and identified 8 low-severity findings (7 acknowledged, 1 fixed). Key low items include: (i) configureCaller() may reset a caller’s allowance without replenishment; (ii) role/ownership hardening gaps (unrestricted renounceRole/renounceOwnership).

3.2 Bug Bounty Program

xBETH smart contracts are covered under a live OKG bug bounty program hosted on HackerOne with a max bounty of $1M.

3.3 Price Feed Risk

The xBETH price is calculated as 1 xBETH = exchangeRate * 1 ETH. A Chainlink ETH/USD price feed used with the internal exchange rate, along with a CAPO adapter, could be used to price xBETH.

3.4 Dependency Risk

Staking is executed by OKX-managed validators, so reward realization and principal safety depend on OKX’s validator performance and its ability to manage tail events such as slashing. In addition, the exchange-rate mechanism introduces an operational dependency: while the rate is designed to update on a regular cadence, there is a manual component to exchange-rate updates, creating governance/operations risk around timing, accuracy, and incident handling.

Redemption introduces liquidity and processing dependency. Converting exposure back to ETH is mediated by OKX’s redemption workflow, so redemption timeliness depends on OKX’s liquidity buffers and its ability to process withdrawals under Ethereum’s protocol-level exit/withdrawal throughput constraints.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

To the extent other X Layer assets are governed by the same dedicated wrapped-token user agreement that applies across all wrapped 1:1 assets, they should be treated as operating within the same core legal architecture as xETH. On that premise, the legal analysis prepared for xETH is directionally applicable to such X Layer assets, particularly the findings regarding (i) the assets’ legal construct, (ii) the eligibility and access model, and (iii) the authorisation and regulatory perimeter status of the operating entity.

4.2 Access Control Risk

4.2.1 Contract Modification Options

A Role-Based Access Control system is utilized. The roles and their associated capabilities are outlined below:

MINTER_ROLE: Can mint and burn tokens, assigned to MPC 1.

DENY_LISTER_ROLE: Can pause/unpause transfers and manage the deny list, assigned to MPC 2.

DEFAULT_ADMIN_ROLE: Has admin privileges over Timelock, ProxyAdmin, and xBETH, assigned to MPC 2.

ExchangeRateUpdater Owner: manages callers, determines the parameters (rate changes and intervals of change), and can transfer ownership. Assigned to MPC 2:

ExchangeRateUpdater Caller: can make allowance-based updates, limited by contract parameters assigned to MPC 1

TimelockController Roles manage sensitive admin functions through a timelock delay mechanism. assigned to MPC 2:

• PROPOSER_ROLE: initiates transactions to the queue.
• EXECUTOR_ROLE: executes transactions after a delay.
• CANCELLER_ROLE: can cancel pending operations.

Sensitive functions exposed by each role include

MINTER_ROLE:

• mint and burn xBETH
• transferMinter relinquishes the role to a new account

DENY_LISTER_ROLE:

• pause and unpause all token transfers
• setReceiver determines where the newly minted tokens are sent
• addToDenyList and removeFromDenyList control a permissioned Deny list that blocks addresses from sending/receiving tokens
• transferDenyLister relinquishes the role to a new account

DEFAULT_ADMIN_ROLE:

• All Deny List Role functions
• grantRole assigns roles to addresses
• revokeRole removes roles assigned to addresses

PROPOSER_ROLE:

• schedule schedules a single transaction (target address, value, and data).
• scheduleBatch schedules multiple transactions to be executed in sequence.

EXECUTOR_ROLE:

• execute triggers the actual call to the target contract once the delay has ended.
• executeBatch triggers a group of function calls.

CANCELLER_ROLE:

• cancel deletes a pending operation before it is executed.

ExchangeRateUpdater Caller:

• updateExchangeRate changes the value of the exchange rate and, in turn, the token’s value. Changes are limited by the allowance rate limit.

ExchangeRateUpdater Owner

• transferOwnership allows the owner to add a new caller or increase the rate limit allowance

These roles highlight the highly centralized controls that roles have over key contracts, i.e, minting, transferring, pausing, and determining where newly minted xBETH are sent.

4.2.2 Timelock Duration and Function

TimelockController enforces a 3-day delay for upgrades and role changes.

4.2.3 Multisig Threshold / Signer identity

MPCs are controlled internally by OKX; no external parties are involved in the management of control systems. Admin actions require internal review and senior management approval.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Price feed Recommendation

The xBETH price is calculated as 1 xBETH = exchangeRate * 1 ETH. A Chainlink ETH/USD price feed together with the internal exchange rate, alongside a CAPO adapter would be used to price xBETH.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Summary

This analysis provides an initial risk assessment and recommendation for deploying Aave v3 on the X Layer network. It presents an updated list of initial assets, which has been discussed and finalized in coordination with both the X Layer and TokenLogic teams. The proposed asset set includes: xBTC, xETH, xSOL, xBETH, xOKSOL, WOKB, USDT0, USDG, and GHO. Please note that this analysis does not explicitly cover xBETH and xOKSOL. These assets are currently being deployed and have limited operational history on X Layer. Chaos Labs intends to follow up with dedicated risk assessments for these assets once sufficient on-chain activity, liquidity formation, and operational data are available to support a comprehensive evaluation.

Additionally, we want to address the delayed timelines for deployment and risk analysis, driven primarily by updates to the asset list, completion of on-chain deployments, and the need to align configuration decisions with finalized token implementations and liquidity venues.

As several of the proposed assets, such as USDT0, USDG, and GHO, are already listed across major Aave v3 instances, this analysis does not revisit their fundamental design or long-term risk characteristics. Instead, the assessment focuses on specific implications related to X Layer’s architecture, liquidity conditions, and integration with OKX infrastructure. Overall, this document outlines the technical characteristics of X Layer relevant to Aave’s security, efficiency, and risk management, and provides recommendations for the initial asset configuration, including supply caps, collateral parameters, and E-Mode usage, designed to support a safe and controlled launch of Aave v3 on the network.

In addition, we remain supportive of improving capital efficiency over time through calibrated parameter upgrades, particularly via dedicated stablecoin-borrowing E-Modes and by restricting volatile-to-volatile borrow pathways. Enabling enhanced E-Mode configurations while preventing direct borrowing of volatile assets against other volatile collateral would materially reduce liquidation risk and cross-asset contagion during stress events, while allowing efficient stablecoin borrowing. The conservative base parameters proposed for the xAsset suite primarily reflect the current operational structure, under which issuance, redemption, and reserve management remain fully dependent on OKX-controlled infrastructure. In the absence of an on-chain Proof of Reserve feed and diversified custody arrangements, this introduces substantial issuer and operational concentration risk, which we account for in the assets’ risk parameters. The introduction of robust on-chain PoR feeds, together with a joint custody framework for the underlying reserves, would materially reduce these counterparty and operational risks. Under such conditions, we would be supportive of reassessing collateral parameters and E-Mode configurations through a subsequent governance update, contingent on demonstrated liquidity depth and stable market performance.

X Layer Overview

Technical Architecture

X Layer is an Ethereum Layer 2 network developed by OKX that recently transitioned from Polygon CDK to the OP Stack framework. It provides full EVM equivalence, enabling developers to deploy existing software without substantial modifications. The network follows the Optimistic Rollup architecture, in which transactions are executed and sequenced on Layer 2 and then batched for submission to Ethereum. Transactions are assumed valid by default, with a seven-day fraud-proof window that enables validation through challenge mechanisms.

Bridging

X Layer supports a number of bridging protocols, most notably LayerZero’s widely used OFT standard. One of the assets already bridged to X Layer is USDT0, an OFT representation of USDT that is already live on Arbitrum, Plasma, Ink, and many other chains.

OKX Integration

Given the close connection between the X Layer and OKX, OKX currently serves as the primary on- and off-ramp to the network, enabling substantial flows of both liquidity and users. Additionally, the chain is natively integrated with OKX Wallet, which has substantial potential to onboard retail users.

Tooling

X Layer inherits the Ethereum development environment by virtue of EVM equivalence, providing compatibility with widely used developer frameworks and analytics tools, including:

1. Hardhat and Foundry for contract development and testing
2. ABI and library compatibility across the existing Ethereum ecosystem
3. Public RPC endpoints and block explorer via OKLink
4. LayerZero infrastructure for cross-chain interoperability
5. Dune integration (in progress)
6. Upcoming oracle feeds for on-chain price data

Ecosystem

The X Layer ecosystem is in an early phase of development, with activity currently concentrated in a limited set of dApps. At the time of writing, the TVL of the chain is roughly 20 million, according to DefiLlama. The largest project by volume is a pump.fun-like decentralized exchange/launchpad with approximately 10.5 million USD in total value locked. The second largest app is Curve, which currently has a TVL of $5 million split between USDT0 and USDT/USDC/USDG pools. Other protocols in categories such as lending, liquid staking, and DEX aggregation are listed on DefiLlama, but they hardly reach a meaningful TVL.

Initial Asset Listings

USDT0

Technical Overview

USDT is the largest stablecoin by market capitalization, issued by Tether on the Ethereum network. In an effort to expand its services to additional users and networks, Tether adopted LayerZero’s Omnichain Fungible Token (OFT) standard. The OFT model introduces USD₮ (USDT0), a cross-chain representation that uses a 1:1 lock-and-mint process where USDT is locked on Ethereum via an adapter, and an equal amount of USDT0 is minted on the target chain. The asset is already listed on Arbitrum and Plasma instances of Aave, with a supply of over 124 million and 2.16 billion tokens, respectively. An in-depth review of the asset is available here.

A typical deployment of USDT0 implies the availability of the following smart contracts:

• TetherTokenOFTExtension which exposes mint and burn functions on the destination chain
• OUpgradeable - LayerZero’s upgradable OFT module that handles cross-chain messaging, verification, and accounting
• Source-side Adapter, which escrows the USDT on the source chain and initiates a cross-chain transfer

When a user bridges tokens, the adapter locks USDT and sends a LayerZero message to the destination chain. OUpgradeable validates the payload; upon success, it calls TetherTokenOFTExtension to mint the exact amount of USDT0. By locking an equivalent amount of USDT on Ethereum for every USDT0 issued on the destination chain, the system ensures that the total circulating value remains fully collateralized, allowing for the native use of that capital within the chains X Layer, Arbitrum, Plasma, and many more. Given the broad adoption of both the OFT standard and USDT0, the listing of the asset does not imply any additional risk for the instance.

Risk Parameters

We recommend configuring USDT0 with conservative base parameters in order to facilitate potential short strategies where users would be able to recursively borrow volatile assets to achieve a desired level of leverage.

Supply and Borrow Caps

We recommend setting the initial supply and borrow caps at 50 million and 48 million tokens, respectively. Such levels will allow for substantial demand absorption from the other assets included in the initial listing as xBTC, xETH, WOKB, and xSOL.

IR Curve

We recommend aligning USDT0’s interest rate curve with that of the Plasma market. Specifically, we recommend a Slope 1 of 5%, UOptimal at 90%, and Slope 2 at 40%.

Oracle/Pricing

We recommend pricing USDT0 using the USDT/USD price feed. Additionally, we recommend wrapping the Oracle feed with a Capped Oracle, limiting the price of USDT to $1.04 to minimize market deviations from USDT0’s underlying value.

USDG

Technical Overview

USDG is a fiat-backed, Monetary Authority of Singapore-regulated single-currency stablecoin issued by Paxos Digital Singapore (PDS), designed to hold a 1:1 peg to the U.S. dollar via segregated reserves in cash and cash-equivalent assets, with redemption via Paxos. Paxos operates a multi-jurisdictional model: PDS issues USDG under Singapore’s framework, while Paxos Trust Company (NYDFS-regulated) issues USDP, PYUSD, and PAXG, and Paxos Issuance MENA (ADGM-regulated) issues USDL—covering a broad, regulated infrastructure for tokenized dollars and assets. Transparency is supported by monthly reserve reports and independent third-party attestations from Enrome LLP, confirming that reserves meet or exceed the circulating supply.

As of December 12, 2025, the circulating supply was 1,399,832,357 USDG against $1,408,317,257 in liquid reserves, representing a surplus of ~0.61%, which is held in short-term, highly liquid instruments with maturities from January 6 to January 29. Ongoing disclosures are available via the Paxos USDG Transparency Portal and are expected to have a similar low-duration composition.

USDG’s smart contract uses role-based permissions secured by a multisig. PAUSE_ROLE can halt transfers and approvals in emergency situations, while ASSET_PROTECTION_ROLE can freeze and unfreeze addresses and confiscate frozen balances. SUPPLY_CONTROLLER_MANAGER_ROLE assigns SUPPLY_CONTROLLER_ROLE in an external SupplyControl contract that gates supply-related actions. Minting is limited to institutional clients directly onboarded with Paxos, who can choose their funding rails (e.g., SWIFT), network, and destination via the dashboard or API. Upon the arrival of fiat, Paxos mints and transfers tokens on-chain; only wallets holding SUPPLY_CONTROLLER_ROLE can execute mints, and the contract enforces recipient whitelisting/availability, caller authorization, and rate limits before updating balances and total supply. Redemptions mirror the minting process: verified users link an approved bank account, a Paxos-controlled wallet collects tokens, and Paxos burns via burn() or decreaseSupplyFromAddress() calls, emitting Transfer and SupplyDecreased events; fiat payment is then sent to the user’s bank. Additionally, an in-depth analysis of USDG for its listing on the Ethereum Core instance is available here

Price and Volatility

USDG is traded primarily within the tight bands, ranging from 0.9995 to 1.0005, which is typical for a fiat-backed stablecoin. Like USDT, USDG has briefly depegged on October 10 amid extreme volatility, significant liquidations, and market-wide stress, compounded by a number of CEX availability issues. During this period, while USDT traded near 1.003, USDG fell below $0.97 on several CEXs, highlighting substantial secondary market pricing risk under stress.

USDG’s 7-Day annualized volatility is comparable to that of leading stablecoins, such as USDT and USDC, currently at 0.20–0.25% annualized.

Risk Parameters

Given the asset’s limited collateral value, we recommend listing USDG as a borrow-only asset on the X Layer instance.

IR Curve

We recommend aligning USDG’s interest rate curve with that of USDT0 and GHO in order to ensure competitive pricing of stablecoins on the instance. Specifically, we recommend a Slope 1 of 5%, UOptimal at 80%, and Slope 2 at 45%.

Supply and Borrow Caps

Given USDG’s proposed configuration as a borrow-only asset, which implies a lack of collateral utility, liquidation risk is minimized; hence, the asset’s supply and borrow caps should be set to align with expected borrowing demand. Specifically, we recommend supply and borrow caps of 5,000,000 and 4,250,000 tokens, respectively.

Oracle/Pricing

We recommend pricing USDG at $1 to minimize potential temporary fluctuations in the market price of the asset. Additionally, the recommended configuration of the asset does not enable it as collateral, thereby substantially limiting the risk to Aave in case of negative dislocations.

GHO

Motivation

X Layer is positioning itself as a hub of DeFi activity, with strong liquidity and on- and off-ramp venues through OKX. Given the expected configuration of the Aave V3 instance on the network, including GHO in the initial asset list would provide substantial benefits for user adoption and growth in protocol revenue.

GHO Performance

GHO has experienced substantial growth across various markets, increasing its market capitalization by over $120 million in the past month. The main drivers of the observed growth were Ethereum and Plasma, where GHO has been added to a set of E-Modes.

GSM Implementation

We recommend a stataUSDT0-backed GSM on X Layer and expect sufficient USDT0 liquidity at launch. With ample supply and deep markets, stataUSDT0 should serve as an effective stabilization asset, absorbing short-term deviations around GHO’s peg. A larger, more liquid USDT0 market also helps to keep stable lending rates and reduce the probability of abrupt spikes.

Steward Authority Framework

Through the governance framework, GHO Stewards retain the authority to adjust parameters within predefined bounds, allowing for responsiveness in risk controls. Within set limits, stewards can update borrow caps, perform interest rate adjustments, change supply caps, and GSM parameters, enabling timely reactions to market conditions while preserving governance oversight. Prior deployments suggest this approach supports early-phase stability and orderly scaling of GHO.

Risk Parameters

We recommend making GHO effectively a borrow-only asset, similar to other stablecoins planned for listing on the instance.

Supply and Borrow Caps

Considering the expected demand for GHO borrowing, we recommend setting the supply and borrow caps at 5,000,000 and 4,800,000 tokens.

IR

We additionally recommend the initial interest rate configuration, which is aligned with the broader stablecoin market, maintaining competitive pricing at Uoptimal, while being more sensitive to utilization changes before the kink than USDT0. Specifically, we recommend a Slope 1 at 5%, Slope 2 at 45%, and UOptimal at 90%.

Recommendation

Given X Layer’s positioning and the drivers of GHO borrowing, we support listing GHO at launch. The proposed IR curve is aligned with broader stablecoin conditions, while initial caps aim to balance risk controls and growth, enabling meaningful early adoption with substantial room to scale.

WOKB

Technical Overview

OKB is X Layer’s native utility token, primarily used for transaction fees. Unlike bridged assets, OKB is issued natively. WOKB is a wrapped ERC-20 representation of OKB. As X Layer grows, we expect the native gas token to play a progressively more significant role in further ecosystem development; hence, listing the asset is expected to provide additional utility within the deployed instance of Aave v3.

Price and Volatility

Given that OKB is not currently deployed on any EVM chains apart from the X layer, we are using 7-day rolling volatility derived from CEX prices to assess its stability. As can be seen in the chart below, OKB’s volatility profile is mostly similar to those of BTC and ETH over the past six months; however, the substantial spike in late August has resulted in an annualized volatility of over 100%. The key driver behind this spike was the announcement of OKX’s team to burn a substantial share of token reserves, naturally pushing the price up.

Risk Parameters

Given the asset’s slightly elevated volatility profile and its current relatively limited utility, we recommend setting conservative risk parameters within a dedicated stablecoin-borrowing E-Mode in line with those of WXPL on the Plasma instance: LTV at 50%, LT at 55%, and LB at 10%.

Supply Cap

The primary on-chain pricing venue for WOKB on X Layer is currently the USDT0/WOKB Uniswap V3 pool, which, at the time of writing, has a TVL of approximately $1 million. Hence, in order to constrain the protocol’s exposure to the elevated volatility associated with the asset, we recommend a supply cap of 125,000 tokens.

Oracle/Pricing

Given the high efficiency of OKB pricing and minimal dislocations, we recommend pricing OKB with a reliable OKB / USD price feed.

xBTC

Technical Overview

xBTC represents a BTC-backed synthetic asset issued by OKX, functioning as a wrapped representation of native Bitcoin within the Solana, Aptos, Sui, and a number of EVM ecosystems. Each unit of xBTC is fully backed by BTC held in custody on the Bitcoin network, with a proof-of-reserves dashboard publicly available on OKX. The minting and redemption processes are facilitated directly through OKX’s exchange infrastructure, enabling 1:1 conversions between BTC and xBTC. The asset’s peg stability is primarily maintained through continuous arbitrage between OKX and external markets, ensuring pricing efficiency under various market conditions.

Price and Volatility

While xBTC is not currently actively traded on EVM-supported chains, its structural composition and mode of operation are similar to other exchange-issued BTC wrappers like kBTC (Kraken) and cbBTC (Coinbase). As with the aforementioned assets, the primary price discovery venue for each asset is the redemption gate, i.e., the token-issuing exchange; hence, to assess the underlying volatility, we examine the pricing dynamics of the BTC /USD markets on the respective venues.

Presented below are daily closing prices across the venues. As can be observed, the price trajectories align, which reflects uniform mid-term venue-associated pricing of risks along with substantial market efficiency facilitated by cross-exchange arbitrageurs and market makers.

The alignment of 7-Day rolling volatility profiles for the BTC/USD markets on respective exchanges further emphasizes mid and long-term synchronization between the venues.

Convergence of daily closing prices confirms the high market efficiency claim across longer observation periods. To further examine the dynamics, we analyzed 1-second closing prices across the same set of exchanges during the market crash on the 10th of October 2025.

We observe that prices across the venues have been moving synchronously until approximately 21:12 UTC, when signs of divergence initially appeared and have expanded substantially over the next 20 minutes. Prices on OKX have been lower than those on Coinbase and Kraken, resulting in dislocations of 25 to 150 basis points. While dislocation from Coinbase has been substantial, OKX’s market price of BTC was on par with Binance and Kraken, which most likely illuminates the signs of a premium on Coinbase rather than a structural discount on other venues.

Furthermore, the distribution of returns during the high-stress market event provides additional backing for similarities in pricing efficiencies across OKX and alternative venues. Using the distribution densities of 1-second returns, we can assess market efficiency at a smaller scale. As shown, OKX, along with Coinbase, exhibits thinner tails and a denser mid-section of the distribution.

In summary, while the main redemption venues are aligned in pricing and synchronized due to consistent arbitrage, periods of extreme volatility can cause dislocations, leading to divergence in instantaneous pricing and potential inefficiencies. As mentioned, the wrappers are likely to inherit the momentary desynchronization in pricing due to the reliance on centralized venues. While this might pose a challenge in pricing the asset during extreme volatility events, the results observed during the October 10th crash suggest that xBTC’s redemption venue performs on par with other exchanges included in the analysis.

Mint & Redeem

xBTC uses a role-based minting model. Only addresses with MINTER_ROLE can call mint() while the contract is unpaused, and the call succeeds only if receiver matches the stored authorizedReceiver address. This design forces new supply to land in a controlled treasury/bridge wallet rather than arbitrary users, simplifying custody and accounting. Additionally, mints revert when totalSupply() + amount would exceed the hard cap of 21,000,000 xBTC, or if the receiver isn’t the authorized. Operations can be halted with pause() by an address holding DENY_LISTER_ROLE, and the sink itself can be rotated via setReceiver() to support operational changes without redeployment.

Supply contraction is performed by the operator rather than end users: a MINTER_ROLE holder calls burn() to burn the tokens from its own balance, emitting an event and lowering totalSupply. In practice, users deposit xBTC to OKX, which initiates the redemption process; the operator aggregates these funds and executes periodic burns that correspond 1:1 to BTC releases handled off-chain by the custody. As with minting, burns are blocked while paused and inherit deny-list protections through the transfer path. These controls, namely role-gated mint/burn, a single authorized mint sink, pause/deny-list enforcement, and a hard supply cap, ensure that supply changes occur only through explicit operational actions and keep on-chain accounting aligned with the BTC reserves that back xBTC.

Risk Parameters

We recommend configuring xBTC with conservative base parameters in order to account for the low maturity of the asset, along with its high reliance on the OKX infrastructure. This prevents xBTC from being used as high-capital efficient collateral while still allowing its additional usage within dedicated E-Modes. Under the E-Mode configuration, xBTC exposure is constrained to stablecoin borrowing, with parameters calibrated close to the base configuration of cbBTC on Ethereum Core, but discounted to account for issuer and custody risk. As market conditions mature and sufficient on-chain activity, liquidity depth, and liquidation performance are observed, a future revision of these parameters can be considered.

Supply and Borrow Caps

Given the high concentration of xBTC liquidity in the Uniswap v3 USDT0/xBTC pool on X Layer and the lack of long-term historical data, we recommend setting the initial supply cap for xBTC at 150 xBTC to align with current liquidity conditions. Additionally, we recommend a borrow cap of 20 xBTC to accommodate occasional borrowing demand as part of the short leg of potential long-short strategies.

Interest Rate

Considering the low expected demand to borrow xBTC within the instance, we recommend aligning the interest rate model to those of comparable assets. As xBTC borrowing is not expected to reach the optimal utilization ratio, we recommend configuring the asset with a Slope 1 of 2.75%, Slope 2 of 40% and UOptimal of 80%.

Oracle/Pricing

xBTC can be priced using two complementary approaches: a canonical BTC/USD price feed or a pricing framework augmented by Proof of Reserves (PoR) information. A standard BTC/USD oracle reflects the market value of Bitcoin across markets and aligns xBTC pricing with its intended 1:1 economic exposure to BTC. Given the high efficiency of BTC markets and the role of OKX as the primary redemption venue of xBTC, BTC/USD pricing provides a robust and well-established reference for risk management within Aave’s existing oracle framework.

An alternative approach would involve integrating Proof of Reserves into dynamic risk controls, enabling the protocol to explicitly account for the relationship between outstanding xBTC supply and reserve backing. In theory, PoR-based mechanisms can improve transparency, provide early warning signals in the event of reserve shortfalls, and introduce observability and quantification of counterparty risk. However, xBTC does not currently expose an on-chain Proof of Reserves feed. While OKX publishes a public transparency dashboard disclosing xBTC reserves on the Bitcoin networks along with xBTC supply across a set of networks, this information is off-chain and not directly consumable by Aave’s infrastructure without additional enhancements and trust assumptions.

Under current conditions, we therefore recommend pricing xBTC using a BTC/USD oracle. However, the listing of the asset is conditional on the establishment of a Proof of Reserve. As discussed in the Aave governance proposal on Proof of Reserve feeds as foundational risk infrastructure, future integration of which into Aave’s infrastructure will enhance risk monitoring and resilience for custodial assets such as xBTC; nevertheless, such integration is not currently available but is due before the asset’s listing on Aave.

xETH

Technical Overview

xETH is part of OKX’s xAsset suite, which issues centralized ERC-20 tokens backed by OKX reserves. Akin to xBTC, xETH is a 1:1 wrapped token intended to represent ETH on-chain with reserve backing and permissioned issuance and redemption. The core distinction versus canonical WETH is that xETH introduces issuer, custody, operational, and redemption dependencies

Price and Volatility

xETH is expected to inherit ETH/USD volatility. The relevant incremental risk is not directional volatility relative to ETH, but basis risk under stress if the market prices in redemption or issuer risk, or if liquidity fragments across venues. Specifically, venue-focused pricing is analyzed further. As with xBTC, we have utilized 1-second pricing data from a set of comparable exchanges that offer assets structurally similar to xETH.

As can be observed, the less liquid ETH markets have exhibited higher-frequency, more pronounced cross-exchange price dislocations. Specifically, the most significant observed dislocation between ETH/USDT on OKX and Coinbase was 500 basis points. Additionally, we observe a slight divergence in the price trajectories after 21:20 UTC, with OKX trading at a significant discount relative to Coinbase, Binance, and Kraken; specifically, the dislocations began at 21:37, reaching 70 basis points, and then at 21:47, 250 basis points.

The return distribution of ETH/USDT markets exhibits a broadly similar structure across venues, with notable differences in tail behavior. Specifically, OKX shows a higher frequency of large tail price moves than Coinbase, but materially fewer extreme observations than Kraken. This places OKX in an intermediate position in terms of tail pricing risk, suggesting elevated short-term volatility relative to peer venues.

Mint & Redeem

Minting is strictly permissioned and constrained at the contract level. New xETH supply can only be created by addresses holding the MINTER_ROLE, and minting is only permitted when the contract is not paused. Critically, all mint operations are restricted to a single, predefined authorizedReceiver address, ensuring that newly issued xETH is delivered exclusively to a controlled operational account rather than arbitrary recipients.

Additional safeguards ensure that mint amounts must be non-zero and that the post-mint total supply cannot exceed the MAX_SUPPLY, which is configured to the maximum supply of native ETH, preventing accidental or malicious over-issuance. These conditions, taken together, ensure that xETH supply expansion reflects the growth of the reserve balance held on the Ethereum mainnet.

Burn operations follow a similarly constrained model. Only addresses with the MINTER_ROLE are permitted to burn xETH, and burns can only be executed when the contract is not paused. Burning is limited to the caller’s own balance, requires a non-zero amount, and reverts if the caller does not hold sufficient tokens. In practice, this design reflects the operational redemption flow: users return xETH to OKX-controlled wallets, after which OKX executes on-chain burns corresponding to ETH withdrawals processed through its exchange infrastructure. Operationally, this implies redeemed xETH must be consolidated to the Mint & Burn MPC address prior to calling burn(), since burns are executed from the caller’s balance, while new issuance is minted to the separate authorized receiver used for controlled distribution.

Taken together, the mint and burn mechanics enforce a closed lifecycle in which all supply changes are explicitly authorized, bounded, and observable on-chain.

Risk Parameters

Like xBTC, we recommend configuring xETH with conservative baseline parameters. This limits the protocol’s exposure to future non-stablecoin, non-correlated borrowing while preserving baseline collateralization utility, which is further enhanced in the stablecoin-borrowing dedicated E-Mode. This approach aligns with the treatment of WETH across a wide variety of Aave deployments, while explicitly accounting for the additional issuer and counterparty risks associated with xETH through slightly more conservative parameterization.

Supply and Borrow Caps

The majority of xETH is currently concentrated in an Uniswap V3 USDT0/xETH pool with a TVL of approximately $1 million. Given the expected expansion of the pool, we recommend setting the asset’s initial supply cap at 5,000 tokens. Accordingly, we recommend setting the borrow cap of xETH at 1,300, allowing minimal utilization over kink.

Interest Rate

As xETH represents a custodian-wrapped WETH, we recommend aligning the borrow rate models of the asset with the general WETH configurations. Specifically, we propose Slope 1 of 2.5%, Slope 2 of 20%, and UOptimal of 90%. The interest rate model is motivated primarily by the presence of LRTs in comparable markets, which typically account for the absolute majority of WETH borrowing demand; as the X Layer market is expected to have its own LST (xBETH), the alignment of configurations is well rationalized. The less conservative configuration of Slope 2, compared to xBTC, is prompted by the high leverage expected in xETH borrowing; in such markets, even moderate upward utilization deviations can trigger substantial unwinds, as borrowers are highly sensitive to borrowing costs due to leverage.

Oracle/Pricing

During the October 10th market event, ETH pricing on OKX exhibited significant short-term dislocations. While these deviations were transient, they highlight the risks of relying on venue-specific redemption paths, which can exhibit relatively higher stress than the broader market during high volatility events. Nevertheless, as no viable alternative is currently available, we recommend pricing xETH using an ETH/USD oracle. Unlike xBTC, xETH does not currently have a publicly available transparency dashboard exposing reserve balances; however, xETH is deployed exclusively on X Layer, which materially simplifies reserve accounting relative to multi-chain assets and reduces the complexity of potential Proof of Reserves integration in the future. Given the asset’s reliance on OKX’s infrastructure and lack of a third-party Proof of Reserve, its listing is conditional on the provision of an on-chain feed, which would strengthen observability and risk monitoring.

xSOL

Technical Overview

xSOL is part of OKX’s xAsset suite and is a centralized, 1:1 reserve-backed wrapped representation of native SOL. The asset is backed by SOL held in segregated custody under OKX control, with reserves maintained at the Solana address. Structurally, xSOL is implemented analogously to xETH: it is an ERC-20 token with permissioned issuance and redemption, governed through role-based access control behind an upgradeable proxy and timelock. As with xETH, the core distinction versus canonical on-chain SOL representations is the introduction of issuer, custody, operational, and redemption dependencies, which replace protocol-native guarantees with reliance on OKX’s off-chain infrastructure.

Price and Volatility

While the asset is fully 1:1 backed and therefore reflects that of native SOL, periods of market stress may still introduce temporary pricing inefficiencies due to operational frictions, delayed redemptions, or liquidity constraints. As such, xSOL should be treated as economically equivalent to SOL in stable market conditions, but with pricing and redemption risk during extreme market events.

As the asset’s primary redemption venue is OKX, we have analyzed its pricing across a set of comparable venues to assess the incremental counterparty risk associated with OKX. As shown in the chart below, the price of SOL deviated substantially during the market stress event on October 10th. Specifically, the asset has exhibited a substantial discount during the 10 minutes between 21:15 and 21:25, with dislocations reaching approximately 20%, indicating substantial counterparty risk.

Mint & Redeem

xSOL follows the same permissioned mint and burn lifecycle described in the xETH section above. Minting is initiated by OKX following off-chain verification of SOL deposits and executed on-chain by addresses holding the MINTER_ROLE. New supply can only be minted to a predefined authorizedReceiver, ensuring issuance is restricted to controlled operational wallets. Minting is disabled while the contract is paused, requires non-zero amounts, and is capped by a predefined MAX_SUPPLY , which is aligned with the maximum supply of native SOL.

Redemptions follow the inverse operational flow: users return xSOL to OKX-controlled wallets, after which OKX executes on-chain burns via permissioned roles. Burns are restricted to the caller’s balance, require non-zero amounts, and are disabled while paused. As with xETH, redeemed xSOL must be consolidated to the Mint & Burn MPC address prior to burning, since burns execute from the caller’s balance.

Overall, xSOL enforces a closed, operator-mediated supply lifecycle that is aligned with xETH, with all supply changes explicitly authorized, bounded, and observable on-chain, while redemption and backing remain dependent on OKX’s off-chain custody processes.

Risk Parameters

Like xBTC and xETH, we recommend configuring xSOL with conservative baseline parameters. This ensures that xSOL retains its utility as a general-purpose collateral, while limiting the protocol’s exposure to future risky debt accumulation. This structure materially constrains liquidation pathways and mitigates exposure to issuer, custody, and pricing risks, which is particularly important given observed SOL market dislocations during stress events. Additionally, the asset will be included in a dedicated stablecoin borrowing E-Mode, which allows for enhanced capital efficiency in the collateralization of stablecoin debt.

Supply and Borrow Cap

Akin to xBTC and xETH, xSOL’s on-chain liquidity is currently primarily allocated in a Uniswap V3 USDT0/xSOL pool with a TVL of ~$1 million. While the pool is expected to expand to $2 million in TVL, we recommend setting the initial supply and borrow caps at 110,000 and 14,000 tokens, respectively, to constrain potential risks related to the asset’s novelty and reflect expected liquidity conditions.

Interest Rate

Akin to xETH, xSOL is expected to be borrowed primarily in LST looping strategies, prompting an interest rate model configuration aligned with the broader market. Specifically, we recommend a Slope 1 of 5%, Slope 2 of 20% and UOptimal of 80%.

Oracle/Pricing

We recommend pricing xSOL using a SOL/USD oracle consistent with Aave’s standard pricing framework for wrapped assets. Given observed stress dislocations and the issuer- and custody-dependent nature of the xAsset suite, we recommend maintaining a conservative launch configuration and monitoring liquidity formation and price performance post-launch. Given the counterparty risk associated with custodial operations, we recommend listing xSOL, subject to the availability of an on-chain Proof of Reserve feed.

Specifications

E-Mode #1

E-Mode #2

E-Mode #3

E-Mode #4

Disclaimer

Chaos Labs has not been compensated by any third party for publishing this recommendation.

Copyright

Copyright and related rights waived via CC0

Overview

Following up on our previous assessment of the initial asset list, we provide an analysis of xBETH and xOKSOL, which were not explicitly covered previously due to their recent deployment and limited on-chain operating history.

Smart Contract Infrastructure

Both xBETH and xOKSOL are implemented as non-rebasing ERC-20 liquid staking derivatives where yield accrues via an increasing exchange rate rather than by rebasing user balances. On the X Layer, each asset is deployed behind a TransparentUpgradeableProxy. Upgradeability is mediated through ProxyAdmin contracts (1, 2) owned by a shared TimelockController, enforcing a 72-hour delay on critical administrative operations. This provides an observable on-chain “exit window” for monitoring and risk response, but it does not remove the underlying governance and operational concentration, since proposer/executor powers and key ownership roles remain centralized behind OKX-controlled infrastructure. Since both assets are designed as non-rebasing staking derivatives, the smart contracts also imply the availability of the exchange rate, which is provided by the respective ExchangeRateUpdater contracts (1, 2). Operationally, these exchange rate oracles are updated by an off-chain entity as the staking operations are conducted within the OKX exchange; both contracts have a designated updater role assigned to this address.

Underlying Staking

As mentioned previously, staking operations are conducted off-chain. xBETH and xOKSOL represent only a minor share of the broader OKX staking products, rebasing BETH and OKSOL, and distribution of accrued staking rewards is also facilitated by OKX. Validator distribution is fairly concentrated: both assets use specific validator clients: Prysm for Ethereum and JITO for Solana. According to the OKX transparency page, BETH’s staked underlying is allocated roughly equally across over 11,000 addresses, while SOL is staked across three addresses. It is important to emphasize that the staking lifecycle, reserve verification, and the off-chain backend systems that govern the assets are fully off-chain and remain an explicit operational dependency on OKX infrastructure.

Liquidity Buffer

Each product maintains a liquidity buffer sourced from user subscriptions. Approximately 5% of subscribed ETH or SOL is retained rather than deployed to validators, with the remainder staked. This buffer is used to service fast redemptions, allowing users to bypass the validator exit queue and receive underlying assets more quickly. When a redemption is processed, the system draws first from the available buffer, with any remainder processed through the standard validator unstaking flow. The buffer is not segregated on-chain via a dedicated contract but managed entirely through OKX’s internal accounting. The retained ETH and SOL remain part of the broader reserve pool and are not attributed towards backing. The practical consequence is a modest reduction in APR relative to a fully deployed staking product, as a portion of assets remains liquid rather than earning staking yield.

Reserve Accounting and Verification

The reserve backing of xBETH and xOKSOL is not independently verifiable. This stems from the fact that BETH and OKSOL represent the broader OKX staking products from which xBETH and xOKSOL are derived. The assets are internal ledger constructs with no on-chain contract or publicly queryable total supply. Even if OKX were to publish supply figures, there is no canonical on-chain source against which to reconcile them. As a result, external parties cannot independently validate the collateralization ratio and must rely on OKX’s internal reporting. What can be inferred from the transparency page is only the aggregate staked reserves: the total ETH and SOL held across validator and staking addresses. Without BETH and OKSOL supply figures this provides no basis for deriving the backing ratio for xBETH or xOKSOL specifically.

On the BETH reserve composition OKX’s stated reserve figure of 452,000 ETH includes validators across all lifecycle states like active, pending activation, exiting. Approximately 40,000 ETH (~10%) is currently in the activation queue. This is a function of Ethereum’s validator churn limit and is temporary in nature. For SOL, we have identified that unstaking operations involving a SPLIT STAKE instruction that routs funds to intermediate accounts that were not included in OKX’s transparency dashboard, meaning SOL undergoing redemption processing was not reflected in reported reserves. OKX has confirmed this and updated their API to include split stake accounts. It is also worth noting that the SOL figures reported on the transparency dashboard reflect principal only and do not include accrued staking rewards, which remain unclaimed on-chain until operationally required.

Mint and Redeem

Minting and redemption for xBETH and xOKSOL are fully mediated by OKX and are not user-permissionless on-chain actions. Users cannot directly call mint() or burn(). Instead, issuance and redemption are restricted to OKX-controlled roles, which have been mentioned in the previous sections.

For minting, a user first obtains the underlying staking exposure within OKX and initiates a withdrawal to X Layer. OKX updates its internal ledger and then triggers an on-chain mint via an address holding MINTER_ROLE. The contract enforces that minting can only occur to a predefined Authorized Receiver, after which tokens are transferred to the end user X Layer address. For redemptions, the user must deposit the asset back to OKX. Upon deposit and verification, an on-chain burn is executed and credited to the user with the corresponding backing asset. As a result, gross redemption liquidity is effectively dependent on OKX’s platform infrastructure rather than on-chain markets, introducing material counterparty and execution dependencies for third-party liquidators when on-chain liquidity on X Layer is insufficient to unwind seized collateral efficiently.

Asset Performance

Both assets were deployed on X Layer in late January 2026, with the first material mint events occurring on January 27th, followed by additional mints on February 3rd and February 4th. As can be observed below, issuance has been stepwise rather than continuous, and no meaningful burn activity has been observed to date. Consequently, total supply has increased monotonically, reaching approximately 3,000 xBETH and 14,000 xOKSOL, respectively.

The holder distribution remains highly concentrated. The top addresses account for approximately 94.9% of xBETH supply and 75.5% of xOKSOL supply, with the second-largest holder for each asset being the respective Uniswap v3 pool. This concentration indicates that early activity is primarily driven by operational accounts rather than an organic user base.

Following the initial mint phase, both contracts began emitting updateExchangeRate events at regular intervals. At the time of writing, xBETH has recorded 23 updates with roughly 24-hour spacing, while xOKSOL has recorded 12 updates with approximately 48-hour spacing. The updates appear mechanically consistent and within expected bounds, with minimal deviation between intervals.

Liquidity

Liquidity for xBETH and xOKSOL on X Layer remains early-stage and is currently concentrated in a single primary venue per asset. This implies that liquidation quality is highly sensitive to single-pool depth and that large liquidations may experience significant slippage, particularly under market stress or periods of imbalanced pool reserves. Additionally, if these assets are enabled as collateral outside of a dedicated E-Mode, liquidation routing for stablecoin debt positions collateralized by xBETH or xOKSOL would involve multiple hops across pools, increasing path dependency and amplifying price impact. At the time of writing, the liquidity is concentrated in the Uniswap v3 xOKSOL/xSOL pool with roughly $500k TVL and a xBETH/xETH pool with approximately $650k TVL.

Pricing

We recommend pricing the assets using xBETH/WETH and xOKSOL/SOL exchange rate feeds in combination with ETH/USD and SOL/USD price feeds. Given that xBETH and xOKSOL are not traded on any centralized exchanges, the approach is optimal for accurate value-based pricing of the assets’ fundamental backing. Additionally, the setup will be safeguarded by CAPO, which maintains price integrity through bounded updates. Given the limited on-chain history of both assets, we have estimated CAPO parameters using wstETH as a proxy for xBETH and jitoSOL as a proxy for xOKSOL.

Specifications

xBETH/xETH E-Mode

xOKSOL/xSOL E-Mode

Disclaimer

Chaos Labs has not been compensated by any third party for publishing this recommendation.

Copyright

Copyright and related rights waived via CC0

Summary

Following our previous recommendation, we have completed additional due diligence incorporating the operational and liquidity developments communicated by the X Layer team. Based on these improvements, we are now in a position to recommend enabling both assets as general collateral on the X Layer instance, alongside their respective E-Mode configurations.

Motivation

Since the publication of our initial analysis, the OKX team has implemented two material improvements to the risk profile of xBETH and xOKSOL that inform the updated configuration below.

The team has substantially expanded exit liquidity for both assets by restructuring the composition of the primary pools. The xBETH/xETH and xETH/USDT0 pools, and their SOL-denominated equivalents, have been rebalanced to a 30/70 weighting in favor of the exit liquidity side. This structural adjustment meaningfully reduces slippage, directly addressing the central concern raised in our initial assessment regarding the limited on-chain liquidity available.

Additionally, the X Layer team has committed to a formal liquidation backstop commitment, providing liquidation support capacity of up to $2 million per minute, $10 million per five minutes, and $120 million per hour in circumstances where liquidations are required, and on-chain liquidity is insufficient to fully absorb them. The effectiveness of this arrangement is contingent on the liquidation bot’s ability to offload xAssets directly through OKX, which remains the most likely offboarding venue. Without direct integration with OKX’s infrastructure, the backstop capacity would not translate into operationally reliable liquidation throughput, and the instance would remain exposed to the shallow liquidity and potentially failed liquidations.

Taken together, these developments provide a materially improved liquidation framework and support the enablement of xBETH and xOKSOL as general collateral, removing the prior constraint to E-Mode-only collateral utility.

Risk Parameters

xBETH and xOKSOL carry incremental risk relative to their non-staking counterparts, xETH and xSOL; we therefore reflect this through a discount to the collateral parameters of each respective base asset.

Specifications