[ARFC] Onboard cbBTC to Aave v3 on Base and Mainnet

Summary

LlamaRisk supports onboarding cbBTC and welcomes the added diversity of offerings in the wrapped bitcoin ecosystem, especially from a reputable actor. Day one liquidity on the mainnet supports conservative parameters. As cbBTC matures and liquidity deepens, these parameters may be relaxed.

Our key considerations are as follows:

  • cbBTC is a wrapped Bitcoin asset launched by Coinbase, backed 1:1 with native BTC custodied by Coinbase without rehypothecation. It uses a simple, audited smart contract system.
  • Liquidity is currently limited but less critical due to redemption via Coinbase. The asset has maintained price parity with WBTC since its launch.
  • High dependency risk exists on Coinbase as the custodian and on KYC/AML requirements for minting and redemption.
  • Governance and access control are centralized with Coinbase, which mitigates regulatory risk through licensing and compliance but introduces significant counterparty risk.
  • cbBTC offers a compliant wrapped BTC from a trusted entity but comes with the inherent risks of a centralized model. Continued growth and stability need to be monitored.

In summary, cbBTC is a robustly designed asset with good safeguards ensuring all tokens are fully backed and deployed by arguably one of the most reputable entities in crypto. Risks (especially access control stemming from dependability) are introduced, but these “keys” are held by an accountable entity with great collaborative incentives.

LlamaRisk would like a Proof of Reserve implemented as soon as possible. This would remove a significant element of trust from the system and reduce risk for the Aave DAO.

We’ve discussed and aligned parameter recommendations with @ChaosLabs.

Click to read full assessment

Collateral Risk Assessment

1. Asset Fundamental Characteristics

1.1 Asset

cbBTC is a wrapped Bitcoin asset launched by a leading American centralized exchange Coinbase. It is backed 1:1 with native bitcoin custodied in Coinbase’s self-managed solution. Users can wrap native Bitcoin into cbBTC or unwrap the asset into native Bitcoin through their Coinbase account.

The asset is live on Base and Mainnet. It is an ERC20 designed by Coinbase and uses the Wrapped Token OS standard. cbETH uses this contract standard, which PrismaRisk has previously reported on. It was launched on September 12th, 2024, with the contract being deployed on August 20th on both networks.

cbBTC was built to be compatible with DeFi applications, boosting capital efficiency for the ecosystem. Aave hosts various wrapped assets, including WETH, weETH, and wstETH. It is an established asset class in the DAO that has seen significant demand across many chains with billions of dollars of TVL supplied.

1.2 Architecture


Source: LlamaRisk

cbBTC is an asset that has moving parts in three separate areas: the Bitcoin Network, Ethereum (including its rollups), and Coinbase’s web2 exchange interface.

BTC is moved from user addresses to Coinbase exchange addresses on the Bitcoin network. Coinbase exchange UI will register the new deposited amount as Bitcoin. The user may request to withdraw this BTC to Ethereum or mainnet, after which this native Bitcoin is moved into Coinbase’s self-custodied cold storage solution.

After the request to withdraw it, cbBTC is minted on the desired network (currently Ethereum or Base) and sent to the user’s specified address.

This design intends to ensure each Ethereum / Base cbBTC is always backed 1:1 with native Bitcoin held in cold storage. It also makes Coinbase a bridge for Bitcoin between networks without requiring any swap (something currently not possible; the exchange does not support WBTC).

image

Source: Wrapped Tokens OS Documentation

The cbBTC contract is the same as the one used for cbETH. This simple contract has three main components: ExchangeRateUpdater, MintForwarder , and FiatTokenProxy.

  1. The proxy contract, which is an exact duplicate of the proxy contract used by centre-tokens, developed by Circle.
  2. An exchange rate updater contract (ExchangeRateUpdater.sol) is used for wrapped staked assets and contains rate-limited exchange rate updating functionality.
  3. A mint forwarder contract (MinterForwarder.sol) containing rate-limited minting functionality for the wrapped tokens.

1.3 Tokenomics

cbBTC’s tokenomic structure is straightforward, with 1 Bitcoin chain and Bitcoin always backing one cbBTC. No governance token has been issued, and no plans for this have been documented. Some ecosystem participants have pointed out that Coinbase is a publicly traded entity with a fiduciary duty to its shareholders, with ticker COIN. The utility of such a comparison is highly limited.

2. Market Risk

2.1 Liquidity

Mainnet

image
Source: 1inch, September 13th, 2024

Base

image
Source: 1inch, September 13th, 2024

While liquidity is critical for on-chain assets, liquidators can process cbBTC withdrawals for native bitcoin should they need it. This adds significant friction, though it still provides a backstop that reduces the importance of on-chain liquidity.

2.2 Volatility

image

Source: GeckoTerminal, September 13th, 2024

cbBTC has, over its short history, kept an on-chain peg with WBTC. The asset’s volatility is to be expected for a wrapped asset. Nonetheless, it is an extremely young asset, and we will monitor for price deviations on the DAO’s behalf.

2.3 Exchanges

This centralized asset is available exclusively on Coinbase for now. Given that it is a simple wrapper, there is effectively as much liquidity in the global Bitcoin market. As this asset matures, other CEXs may list the asset. This wrapping process depends on owning a Coinbase account, but that is a small obstacle that can easily be overcome.

cbBTC is already live on Curve with $5M liquidity to WBTC. Llama Risk strongly recommends other liquid pools be established on the mainnet, given WBTC’s upcoming structural update. Limited stablecoin liquidity that is not dependent on WBTC adds risk to the protocol as it is a point of failure for liquidators.

Aerodrome pools are live, and pools are sufficiently deep to propose onboarding.

2.4 Growth

As of 6 hours since launch, some 1800 cbBTC are already live across both Ethereum and Base. This puts the market capitalization at $104M, a large size for a short time.

3. Technological Risk

3.1 Smart Contract Risk

cbBTC uses the same contract as cbETH. This has been audited and currently holds $486M TVL. This is evidence of low smart contract risk. Thanks to a close collaboration between teams, cbBTC has been clarified as in scope for Coinbase’s HackerOne bug bounty.

Smart contract risk is low.

3.2 Price Feed Risk

We recommend using BTC/USD market oracle for the time being.

3.3 Dependency Risk

This asset is dependent primarily on the robustness and strength of Coinbase as a custodian of the native Bitcoin as well as a reliable source of truth to ensure that each cbBTC is backed 1:1. Without a Proof of Reserves readily available 24/7, significant trust is placed in the hands of Coinbase.

The asset also depends on users minting/redeeming cbBTC and providing Know Your Customer and Anti-Money Laundering information. This is a potential area that may be censored. Further censorship potential is discussed in Section 4.2.

Dependency risk, in its current form, is therefore high.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

cbBTC is not governed by a DAO. There is no decentralized decision-making entity guiding the development of the asset. Coinbase controls all maintenance and development decisions, placing a significant regulatory spotlight on the asset.

Coinbase, Inc. is the issuer of cbBTC. The token’s minting and redemption process requires users to be recognized as Coinbase customers in good standing. The rights to mint or redeem cbBTC are governed by the terms outlined in the Coinbase User Agreement, ensuring that only verified customers can engage in these activities.

Holders of cbBTC maintain a legal claim to the underlying BTC, which Coinbase holds. The transfer or sale of cbBTC tokens automatically transfers ownership of the tokens and the corresponding rights to the underlying BTC, including the right to redeem the BTC later.

According to cbBTC whitepaper, custodianship of the underlying BTC involves a combination of hot and cold wallets. The cold wallet infrastructure is particularly emphasized for security, with private key materials stored in secure facilities across the United States and Europe. Importantly, no plaintext storage is used for these private keys, and no single individual controls the private keys, mitigating risks related to unauthorized access. Moreover, Coinbase does not employ sub-custodians to safeguard the custody, ensuring full control over the custody operations remains with Coinbase itself. Coinbase Custody has completed both SOC 1 Type II and SOC 2 Type II examinations and rigorous audit processes that confirm the existence of strong internal controls to safeguard client assets. These are industry best practices and should be commended.

As per Coinbase’s User Agreement Section 9.1.3 and 9.1.5, “ownership of and title to these assets [cbBTC] shall remain with such holders and not transfer to Coinbase.” This means the asset cannot be rehypothecated, which is a critical provision for its security.

Peripheral to this, as some users have identified, is an ongoing lawsuit. This lawsuit between Coinbase and the U.S. Securities and Exchange Commission (SEC), in which the SEC alleges that the exchange operated as an unregistered securities exchange by facilitating the trading of various crypto tokens that should have been registered as securities, could potentially impact Coinbase’s custodial operations. If the court ultimately rules that certain cryptocurrencies are securities, Coinbase may be required to adjust its custody practices.

Coinbase, Inc. and Coinbase Global, Inc. are defendants in this legal action. However, it is important to note that Coinbase Custody Trust Company, LLC, the U.S.-based entity responsible for custodial services, is not a defendant in the lawsuit.

Currently, no publicly available information indicates that any enforcement actions have been taken against Coinbase Custody Trust Company, LLC, or other Coinbase entities authorized to provide custodial services. Similarly, no public records confirm the issuance of freezing orders against these entities.

Nonetheless, digital assets held by Coinbase may still be subject to freezing or blocking under certain circumstances. In line with its internal compliance program, Coinbase can freeze assets by various legal and regulatory requirements, including but not limited to export restrictions, end-user restrictions, antiterrorism laws, and economic sanctions.

Given these careful legal structures and the fact that operators of wrapped assets have yet to receive public inquiry from regulators, it is reasonable to say that regulatory risk is taken as seriously as can be.

4.2 Access Control Risk

Significant access control risk is introduced with cbBTC.

On both networks, the contract is owned by a simple address. This should be some form of multi-signature wallet for greater operational security. Coinbase reports using MPC wallets, but this is not possible to verify through block explorers.

cbBTC has the following token contract permissions:

  1. Blacklist - a function enabling cbBTC to be confiscated from an address or not receive it
  2. Pause - a function globally pausing cbBTC transfer (an Unpause function is also present)
  3. TransferOwnership - a function enabling the transfer of contract ownership to other parties
  4. Update functions for blacklisters, minters, pausers, and rescuers addresses are also documented

Coinbase is a highly regulated entity with a strong track record of honest and competent operation. While these are significant permissions that would be best avoided, few better entities could hold these roles.

5. Aave V3 Specific Parameters

Jointly presented with @ChaosLabs.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with Coinbase and did not receive any compensation from Coinbase for this assessment.

The information provided should not be construed as legal, financial, tax, or professional advice.

8 Likes