While onboarding AUSD as a non-collateral asset to Avalanche presents manageable risks, the upside for Aave appears limited, with users’ main use case being LP farming (temporary incentives) on Trader Joe DEX. We resonate with @ACI’s stance on ensuring minimum risk/reward threshold and utilizing emergence instances for less mature assets.
AUSD is a custodial ERC-20 stablecoin backed 1:1 by USD, currently deployed on Ethereum, Avalanche, Sui, and Mantle networks. While token transfers are unrestricted, minting and redemption operations are limited to KYB’d institutional users, with no associated fees. The reserves primarily consist of short-term US T-bills managed by global investment manager VanEck, with State Street serving as custodian. The protocol employs native minting on each chain rather than cross-chain messaging protocols like Chainlink’s CCIP or LayerZero’s OFT. This architecture, combined with permissioned mint/burn mechanisms and whitelisted market makers, creates a native bridging solution, though it introduces additional challenges in terms of transparency and oversight.
Our initial review highlighted concerns regarding the limited public information about Agora’s legal structure, corporate governance, and inter-entity relationships. However, the team has been responsive in addressing these through ongoing dialogue. Agora operates through a multi-entity structure for minting, redemption, and reserve management, with operations partially based in the BVI and funds segregated via Delaware Statutory Trust. According to Agora’s legal analysis, its entities and activities fall outside the scope of BVI’s virtual assets legislation or any other regulatory framework. Monthly attestations are provided, with PWC audits reportedly planned for 2025. Implementing the foreseen Proof of Reserves, currently in the works by @ChaosLabs, would enhance protocol security, especially if enforced for minting.
Our review found that Agora’s documentation lacks sufficient information in several aspects. There is a notable absence of details regarding tokenomics, oracle/price feed sources, analytics, and token transferability restrictions. Most importantly, our audit of AUSD access controls revealed that all roles are assigned to EOAs, contradicting the system configuration documented on GitHub, which specified multisigs, guardians, and timelocks. Upon further inquiry, Agora confirmed these addresses are controlled by Multi-Party Computation (MPC), while the timelock functionality was not implemented, citing regulatory and institutional acceptance as their motivation. Agora considers further operational details highly sensitive. Similar to our StakeStone review (although more details were provided under NDA), the claimed MPC setup - including signers, thresholds, and operational procedures - cannot be independently verified. This creates significant trust assumptions that potential users should carefully consider.
Additionally, the protocol lacks a bug bounty program, though it is planned for the next quarter. While the contract parameterization is relatively straightforward, a bug bounty program is essential for incentivizing the Disclosure of potential issues beyond smart contract vulnerabilities, including parameterization and operational procedures. Should Aave DAO decide to onboard AUSD, Agora is to deploy a bug bounty program within one (1) month, after which we recommend offboarding the asset if this requirement is not met.
While liquidity on Avalanche is satisfactory, primarily in liquidity pools on LFJ (Trader Joe) DEX paired with USDT and USDC, current volumes may be inflated by temporary AVAX incentives from the ongoing BOOST program. This will require continued monitoring. AUSD is not suitable for use as collateral. The main foreseen use case is borrowing to farm LP incentives, and excessive leveraged looping for this purpose should be prevented.
Expand to see our Collateral Risk Assessment
Collateral Risk Assessment
1. Asset Fundamental Characteristics
1.1 Asset
Agora USD (AUSD) is a new stablecoin under the ERC20 standard that aims to provide a digital dollar alternative. It is designed to be a value storage mechanism tied to the US dollar (1:1 backed), facilitating cross-border transactions. After the mainnet debut July 8th, 2024, AUSD was released on Avalanche on August 6th, 2024 (Source: sqrr-research Dune)
Agora positions AUSD as a digital asset with stable value engineered for DeFi integration (e.g., AMMs, lending protocols, and perpetual futures markets) while simultaneously functioning as a value store and efficient exchange medium. A strategic backing from Dragonfly Capital can be considered as an attestation of the protocol’s institutional credibility, while VanEck, an ETF & Mutual Fund manager operative since 1955, has been appointed to oversee the management of Agora’s reserve fund.
AUSD is currently deployed on four networks: Ethereum, Avalanche, Sui, and Mantle.
1.2 Architecture
The minting process involves transferring user fiat currency (USD) to Agora’s designated bank accounts. Funds are verified using unique reference numbers linked to customer accounts, allowing immediate minting. Upon verification, equivalent AUSD tokens are minted and credited to the user’s address.
The user sends AUSD to a unique address associated with their bank account for redemptions. The tokens are burned upon receipt, and USD is transferred from Agora’s reserves to the customer’s registered bank account. Unique redemption addresses are generated for each destination bank account.
Agora’s reserves include traditional currency, cash equivalents, and short-term U.S. Treasury securities. The Agora Reserve Fund invests in overnight repurchase agreements, overnight reverse repurchase agreements, short-dated U.S. Treasury Bills, and cash. A key characteristic of overnight repos is that they are settled the next business day, meaning T+1 duration facilitates speedy redemptions.
The reserves are managed by VanEck, a global investment manager with $118.3 billion in assets under management.
Source: SEC Adviser Info, November 4th, 2024
State Street acts as the custodian and administrator for the Agora Reserve Fund. State Street is a prominent global custody services market player, managing ~$40 trillion in assets under custody and administration.
Agora has retained an independent accounting firm for ongoing oversight, currently utilizing attestation protocols as an interim measure pending the implementation of formal Proof of Reserves (PoR) mechanisms. These attestations are executed monthly by JFDI. Furthermore, PWC has been engaged to conduct comprehensive annual reserve fund audits, with the inaugural audit scheduled for completion within the first half of 2025.
Redemption Assets Reports dated July 2024 and August 2024 assert that the fair value of redemption assets is equal to or greater than AUSD in circulation. The attestations are unaudited and prepared by one of the Agora entities (Agora Blue Ltd).
Source: Agora Attestations, August 31st, 2024
1.3 Tokenomics
Primary access to AUSD is restricted to KYBed institutional participants. The current operational framework executes minting and redemption mechanisms without associated fees.
The economic architecture of Agora is designed with an emphasis on commercial entities as primary participants. The platform’s revenue model is structured around fees derived from AUSD holdings, accessible to stakeholders monthly, with settlement options in either USD or AUSD tokens. This fee distribution mechanism sustains operational infrastructure while facilitating revenue sharing with business partners, establishing a cohesive economic incentive structure.
Source: Agora Medium, November 4th, 2024
2. Market Risk
2.1 Liquidity
The total volume for AUSD over the 30 days is close to $68M. This cumulative value indicates the combined mainnet liquidity of AUSD across Curve, Uniswap V2, and Balancer.
The slippage on Avalanche is minimal (below 0.1%) after fees for a swap of 100,000 AUSD. The slippage for the trade of the same amount on Ethereum is slightly higher (approx. 0.21%), likely due to higher gas fees and potentially more dispersed liquidity across platforms.
Source: Swap DefiLlama, November 7th, 2024
Source: Swap DefiLlama, November 7th, 2024
2.2 Volatility
The AUSD/USDC pair on LFJ (where the most liquidity is concentrated on Avalanche) shows a generally stable trading range close to the $1 peg with minor deviations.
Source: DEX Screener, November 7th, 2024
AUSD/USDT volatility on Merchant Moe (Mantle) was more pronounced in the mid-October period, with multiple brief de-pegs, but has since decreased as liquidity and market depth likely improved.
Source: DEX Screener, November 7th, 2024
2.3 Exchanges
The primary liquidity venue is AUSD/FRAX on Curve with a total liquidity of $4M.
Source: AUSD/FRAX, November 7th, 2024
Other pools available on mainnet:
- AUSD/USDT (Uniswap V3)
- USDT/AUSD (Curve)
- AUSD/USDT (Balancer)
Besides the cited presence on Uniswap, Curve, and Balancer, AUSD is available on Trader Joe’s (LFJ) on Avalanche and Merchant Moe on Mantle.
Source: LFJ
AUSD/USDT pool holds over $1M in AUSD
AUSD/USDC pool maintains around 2M AUSD available for swaps
Source: Merchant Moe
Other DEX integrations: Cetus (Sui), PHARAOH (Avalanche)
2.4 Growth
Initially, AUSD saw significant growth on Ethereum, reaching a supply of around $40M by late July 2024. Afterward, the Ethereum supply stabilized, suggesting a plateau in demand or a strategic allocation cap. AUSD was later launched on Avalanche, with a gradual supply increase to approximately $20M by early August 2024.
Source: TokenTerminal
AUSD saw a rapid increase in cumulative trading volume throughout September, with peaks in daily volumes often above $2M. A strong growth in Trader Joe’s indicates a robust adoption within the Avalanche DeFi ecosystem.
Source: Dune - sqqr
3. Technological Risk
3.1 Smart Contract Risk
Cantina conducted a security review on Agora Dollar EVM. The review identified a couple of low-risk issues, such as:
- Tokens may get stuck if mistakenly sent to contract addresses without a rescuer mechanism.
- Token burning cannot be paused, potentially limiting emergency responses.
- ERC-2612 Permit calls can be front-run, causing a denial of service.
A security assessment of the Agora Dollar Core was conducted by Certora, incl. manual code reviews, and formal verification. The audit identified issues of informational severity but found no critical, high, medium, or low-severity issues.
Bug bounty
Without any public statements or official documentation, we cannot verify the existence of an active bug bounty program.
3.2 Price Feed Risk
Oracles providers rendering services to Agora:
3.3 Dependency Risk
Key architectural elements:
• AgoraDollarCore holds the base logic and functionalities.
• AgoraDollarAccessControl manages roles and permissions, offering fine-grained access control.
• AgoraDollarErc1967Proxy ensures upgradability, allowing the core contract logic to be modified without redeploying the entire contract.
Source: Agora Github
AgoraDollar inherits from AgoraDollarCore gaining access to all core token functionalities.
StorageLib stores for different standards (ERC20, ERC2612, and ERC3009) and manages role-based access. The standards observed are:
- ERC20: The standard token interface for balance, allowance, and transfer functions.
- EIP-2612: Allows users to set allowances through an off-chain signed message (by
permit()).
- ERC3009: Allows “transfer with authorization”.
- EIP-712: Security applicability related to data hashing and domain separation.
- EIP-1967 Proxy: A proxy standard for contract upgradability.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
According to the explanations given during the temp check regarding the Agora structure and Chaos Labs’s Risk Assessment of AUSD, we can do the following legal entity mapping.
- Agora Blue Ltd. functions as the primary interface entity, facilitating platform access and executing core operational services, including minting and redemption (pursuant to Terms of Use);
- Agora Forge Ltd. is in charge of minting AUSD;
- Agora Olive Ltd handles the redemption flow;
- Agora Reserve Trust, a Delaware Statutory Trust, holds reserve assets;
- Agora Reserve Trust, on its own, is a limited partner in the Agora Reserve Fund LP. VanEck actively manages the fund.
Agora team detailed for us that:
- A separation between minting and redemption entities is made to align with British Virgin Islands (BVI) regulatory requirements.
- Incorporating a Delaware Statutory Trust is a legal mechanism to establish and maintain bankruptcy remoteness for reserve assets.
- Agora Reserve Trust is the sole Limited Partner in the Agora Reserve Fund, with VanEck assuming investment management responsibilities.
From the BVI regulatory perspective, stablecoins currently fall outside the explicit definition of “investments” under the Securities and Investment Business Act (SIBA). This regulatory position has been further clarified through recent guidance from the BVI Financial Services Commission (FSC), which exempts payment-focused virtual assets and utility tokens from financial services legislation, provided they solely facilitate the purchase of goods and services.
BVI-incorporated entities engaged in stablecoin-related activities - including issuance, transfer, exchange, or custody services - may trigger registration requirements under the VASP Act, contingent upon the specific nature of their operations. Agora’s legal analysis determined that Agora’s entities and their respective activities do not fall within the scope of regulation under the BVI’s virtual assets legislation or any other regulatory framework.
The minting and redemption mechanisms for AUSD are only accessible to customers who have satisfied Agora’s verification requirements. According to the Terms of Use, mint and redeem rights constitute non-transferable personal contractual entitlements, establishing a direct relationship between the verified customer and the relevant Agora entity. Yet Agora maintains discretionary authority to implement redemption or withdrawal delays when circumstances affecting the underlying reserves warrant such action. Such circumstances may include but are not limited to, situations involving reserve illiquidity, inaccessibility, or impairment.
As detailed in the Risk Disclosure, Agora commits to maintaining a fixed redemption rate of 1 () USD per AUSD token, subject to any applicable fees that may be imposed. The Disclosure extends beyond conventional risk notifications to explicitly address the uninsured nature of the reserve assets. This absence of insurance coverage exposes holders to potential risks including, but not limited to, unexpected value deterioration and regulatory interventions such as governmental freezes or asset seizures.
AUSD maintains strict jurisdictional restrictions, excluding users from the United States and other designated jurisdictions from accessing its services. The platform’s geographical restrictions are primarily, though not exclusively, aligned with the Office of Foreign Assets Control (OFAC) sanctions.
According to Chaos Labs’ assessment, Agora demonstrates diligence in its compliance protocols. The platform has implemented a sophisticated multi-layered compliance infrastructure, leveraging Persona for comprehensive data collection and verification processes. Compliance capabilities are further strengthened by integrating Elliptic and Chainalysis to detect potential sanctions violations, fraudulent activities, and illicit behavior. Agora employs a risk-based approach to customer classification, categorizing business participants into three tiers: low, medium, and high-risk profiles and strictly following the risk tolerance parameters.
4.2 Access Control Risk
The contract uses a role-based access control (RBAC) system facilitated by the AgoraDollarAccessControl library and implemented via StorageLib.
Roles and their permissions:
- The admin can adjust the
proxyAdminAddress to handle contract upgrades and assign or change other roles within the contract.
- Minter manages the minting of new tokens and controls the circulating supply of AUSD.
- Burner can reduce the total token supply by burning tokens.
- Pauser can halt or resume activities like transferring, minting, or freezing accounts, often used as an emergency safeguard.
- Freezer can freeze or unfreeze specific accounts, temporarily restricting certain accounts from transferring tokens.
Each role also has “pending” counterparts, where the acceptTransferRole function needs to be called for the effective transfer.
Our review found significant discrepancies between Agora’s documented and implemented security architecture. While the system configuration on GitHub specifies Admin Gnosis Safe and Guardian timelock controls, our audit reveals all roles are assigned to EOAs (Externally Owned Accounts) without timelock implementation. Upon inquiry, Agora confirmed these EOAs are controlled by Multi-Party Computation (MPC), citing regulatory and institutional requirements. However, like our StakeStone review, the MPC setup details remain unverifiable, creating material trust assumptions. Below is our audit of AUSD’s on-chain access controls across its deployed chains.
Mainnet
Admin: 0x68898B77EbF7b55dCA8A2e62d6Fd74959a2930e2 (EOA)
Burner: 0x4375170c5Cfb5fa6a72Ce117194394a0E357dC1D (EOA)
Freezer: 0xcF7D2a525057555d7b4816941185b7ae10E94681 (EOA)
Minter: 0x65e28662b0DCD6D89d4652A61FB0896d4F58D7fF (EOA)
Pauser: 0x0b8Dd710f0260F16C0fA4F6a92D72d065E532A25 (EOA)
Avalanche
Admin: 0x68898B77EbF7b55dCA8A2e62d6Fd74959a2930e2 (EOA)
Burner: 0x4375170c5Cfb5fa6a72Ce117194394a0E357dC1D (EOA)
Freezer: not assigned, 0xcF7D2a525057555d7b4816941185b7ae10E94681 (EOA) is pending
Minter: 0x65e28662b0DCD6D89d4652A61FB0896d4F58D7fF (EOA)
Pauser: not assigned
Mantle
Admin: 0x68898B77EbF7b55dCA8A2e62d6Fd74959a2930e2 (EOA)
Burner: 0x4375170c5Cfb5fa6a72Ce117194394a0E357dC1D (EOA)
Freezer: 0xcF7D2a525057555d7b4816941185b7ae10E94681 (EOA)
Minter: 0x65e28662b0DCD6D89d4652A61FB0896d4F58D7fF (EOA)
Pauser: 0x0b8Dd710f0260F16C0fA4F6a92D72d065E532A25 (EOA)
SUI
unaudited
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
We are withholding parameter recommendations at this time.
We recommend using the Chainlink Oracle, which aggregates liquidity sources across multiple chains. While this could create a price dislocation between AUSD on the Avalanche chain and the reported oracle price, it would not create a potential for bad debt as the asset is proposed to be non-collateral.
This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.
