[ARFC] Onboard stcUSD to Aave V3 MegaETH

[Asset Technical Assessment] stcUSD on Aave V3 MegaETH

Author: Aave Labs

Date: 2026-06-18

Summary

Technical assessment of stcUSD (Staked Cap USD) for onboarding to Aave V3 MegaETH, following the Technical Asset Listing Framework.

Overall result: MEDIUM

stcUSD on MegaETH is an operationally clean LayerZero OFT (Omnichain Fungible Token) that wraps the Ethereum ERC-4626 vault, with no externally owned account (EOA) in any gating role, a 3-of-3 independent verifier set on the bridge, an over-collateralised escrow, and an extensive recent third-party audit history that includes a dedicated review of the bridge layer.

Listing Recommendation

From a technical standpoint, stcUSD on Aave V3 MegaETH is eligible for listing. The LayerZero bridge currently has no rate limits configured. Aave Labs recommends that the issuer implement bridge rate limits as soon as practical. This is not a blocker for an initial listing, but it should be revisited as exposure to the asset grows.

Asset under review

stcUSD is the yield-bearing wrapper of Cap’s cUSD stablecoin: yield is generated on Ethereum by lending the underlying assets to a set of borrowers (operators), whose positions are backed by restaked collateral that absorbs any operator losses before they can reach stcUSD holders. On MegaETH, stcUSD is a LayerZero OFT that mirrors a fraction of the Ethereum supply: it holds no exchange-rate state of its own and can be minted only by a verified LayerZero message.

0. Pre-screening

On MegaETH, stcUSD is deployed as an upgradeable OFT contract. The asset is not in any non-approved or sanctioned category, and stcUSD is not currently listed on any other Aave deployment. Circulating supply on MegaETH is small, approximately 35,249 stcUSD (about $37.6k), because the large majority of stcUSD supply remains on the Ethereum issuance vault (approximately $71.6M).

Rating: MEDIUM → first such listing for Aave (a bridged OFT over an ERC-4626 vault), with supply on MegaETH tiny relative to the Ethereum vault.

1. ERC20 Compliance

The MegaETH token is a minimal LayerZero OFT with ERC20PermitUpgradeable and UUPSUpgradeable, 18 decimals, non existent fee on transfer, no rebasing, no ERC777 or ERC1363 hooks, no flash mint, and no transfer restrictions or whitelist.

Rating: GOOD

2. Oracle

Both Chainlink price feeds are live on MegaETH: a cUSD/USD feed at 8 decimals and a stcUSD/cUSD feed at 18 decimals, both standard Chainlink feed contracts with public read access. A composite stcUSD/USD price is derivable from the two feeds.

Rating: GOOD

3. Access Control

No EOA holds a gating role on the MegaETH listing path. The authority to upgrade the MegaETH OFT is held by the Cap MegaETH Timelock (an OpenZeppelin TimelockController with a 24h delay and a 3-of-5 Safe as proposer), while control of the LayerZero configuration (peers, verifiers, libraries) sits directly with the Cap Developer Safe (3-of-5, effective immediately, by design for incident response). The Ethereum-side adapter is owned by its own 24h Timelock.

On MegaETH, tokens can be minted only when a verified LayerZero message arrives, and burned only from the holder’s own balance when they bridge out (LayerZero burns directly from the sender’s wallet, with no prior transfer to a separate bridge contract); there is no pause, no blacklist, and no token-level mechanism for the issuer to block Aave liquidations. The only EOA with any privilege is a non-elevating executor on the Ethereum Timelock, which can trigger operations that are already queued and past their delay but cannot act on its own.

Rating: MEDIUM → upgrade path is multisig +24h Timelock (Level 3); lower duration that the preferred for Good (>=48h).

4. Exchange Rate and Yield

The exchange rate exists only on the Ethereum ERC-4626 vault and is exposed through standard ERC-4626 methods (for example convertToAssets, currently about 1.0664 cUSD per share). The rate is simply the ratio between the vault’s cUSD assets and its stcUSD shares, so it is share-based and cannot be manipulated by flash loans; any operator losses are first absorbed by Symbiotic and EigenLayer restaked collateral, with an unbonding period of 8 to 14 days before a loss could reach stcUSD holders. Redemption happens only on Ethereum, where the vault returns cUSD via redeem or withdraw, so a liquidator on MegaETH must either sell on a local DEX or bridge the tokens back to Ethereum.

Rating: GOOD

5. Token Architecture

Supply is controlled by the issuer at the Ethereum vault and reaches MegaETH only through a single bridge (LayerZero), via verified cross-chain messages. Every mint and burn is observable on-chain through standard token transfer events (to and from the zero address) alongside the matching LayerZero events. The token logic contains no raw delegatecall (only the standard ERC-1967 proxy delegation), no tx.origin patterns, no duplicate or legacy entry points to the same supply on MegaETH, and no transfer restrictions or hooks. The same vanity address 0x88887bE419578051FF9F4eb6C858A951921D8888 is used on both Ethereum and MegaETH, but it is a different contract on each chain: the ERC-4626 vault and escrow on Ethereum, and the OFT token on MegaETH. The two are linked only by the bridge accounting described in Section 6, where the supply locked on Ethereum backs the supply minted on MegaETH.

Rating: MEDIUM → stcUSD cannot be redeemed on MegaETH (redemption requires bridging back to the Ethereum vault first), so liquidators on MegaETH depend on local DEX liquidity, which is currently unverified, or on the slower path back to Ethereum.

6. Bridge and Cross-Chain Risk

stcUSD moves across chains on LayerZero V2 only. Ethereum holds the canonical supply: when tokens are bridged out they are locked in an escrow (lockbox) contract on Ethereum and minted on MegaETH, then burned on MegaETH and unlocked on Ethereum when bridged back. The network also includes Tempo, which runs a second lock-and-release adapter, with a direct route between MegaETH and Tempo and every route configured symmetrically in both directions. Every route is set to wait 15 block confirmations before a message is accepted (the number of blocks that must be mined to guard against chain reorganisations) and requires a 3-of-3 verifier set: three independent DVNs (Decentralized Verifier Networks, the parties that must all attest to a cross-chain message), operated by LayerZero Labs, Canary, and Nethermind, none of them run by Cap. The send and receive libraries are pinned to LayerZero’s canonical versions. The escrow locked on Ethereum (59,114.12 stcUSD) over-collateralises the total supply bridged out to the other chains (59,100.06 stcUSD).

Rating: MEDIUM → robust verifier set and over-collateralised escrow, but no rate limits are configured on the bridge contracts and the LayerZero configuration can be changed immediately, with no timelock, by the Cap owned 3-of-5 Safe.

7. Audit and Security History

The Cap protocol has an extensive audit history covering nine independent reviews (Zellic, Trail of Bits, Spearbit ×2, Recon, Sherlock audit contest with $126k pool, Certora on the restaker layer, Octane), plus a dedicated Electisec review of the LayerZero bridge layer (OFTLockbox and L2Token) directly relevant to Section 6. A $1M Sherlock bug bounty is in place and no past exploits are on record.

Rating: GOOD

8. Dependencies

Primary dependencies are LayerZero V2 (endpoints, libraries, 3-of-3 verifier set), the Ethereum stcUSD ERC-4626 vault, the underlying cUSD stablecoin, and Symbiotic and EigenLayer restaked collateral that absorbs operator losses first. All audited and in production; no dependency administered by an EOA sits in the listing path.

Rating: MEDIUM → the asset relies on several independent technologies (a cross-chain bridge plus two external protocols, Symbiotic and EigenLayer, underpinning backing and redemptions), which broadens the aggregate code attack surface and the number of systems that must hold for stcUSD to remain sound.

9. Summary

Findings table

Disclaimer

Aave Labs has no formal or informal affiliation with Cap or the stcUSD issuer beyond this technical assessment. Aave Labs has not been compensated by Cap or any related party in connection with this work.

Copyright

Copyright and related rights waived via CC0.