LlamaRisk supports the onboarding of syrupUSDC to Aave V3. We recommend its addition as a collateral-only asset, with the primary use case foreseen being leveraged yield strategies through stablecoin looping. syrupUSDC is an ERC-4626 token representing a share in a revolving portfolio of over-collateralized loans to institutional borrowers. Its yield is generated from a dedicated loan book collateralized primarily by Bitcoin (~75%), Solana, and Ether.
Lenders have two primary exit mechanisms: instant on-chain redemption from a liquid stablecoin buffer of over $ 250M at writing, or a first-in-first-out (FIFO) queue serviced as underlying loans mature. This secondary market liquidity is the most critical factor for Aave’s risk management. The on-chain redemption buffer, while substantial, could be rapidly depleted during a broad market downturn or in the event of expected losses within the loan portfolio. In such a stressed scenario, redemptions would be queued, making secondary markets on DEXs the only viable path for immediate liquidation. Therefore, we strongly recommend that supply caps for syrupUSDC on Aave be sized conservatively, based on the available depth of this secondary market liquidity (combined ~$20M on Uniswap V4 and Balancer).
From a risk perspective, credit underwriting is now centralized under Maple’s in-house “Maple Direct” team. While this concentrates credit selection risk, no defaults have occurred under this new framework, which replaced the previous third-party delegate model. Lender protection is reinforced by a legal structure where assets are held in a Cayman Islands Segregated Portfolio Company (SPC), legally ring-fencing the syrupUSDC pool.
Key technological and governance risks remain. The protocol utilizes a fixed 1 USD price feed for USDC for its internal liquidations, which could lead to mispricings if USDC were to depeg. Furthermore, a powerful 4-of-7 multisig “Governor” holds broad administrative authority, including upgrading contracts without a mandatory timelock delay, representing a significant centralization risk.
See full analysis below
1. Asset Fundamental Characteristics
1.1 Asset
syrupUSDC functions economically as a tokenised note backed by a revolving, fully collateralised loan book. Holders have a pro-rata claim on a segregated pool of USDC receivables plus the excess digital-asset collateral that Maple underwriters require from borrowers, giving the instrument the character of a secured, pass-through credit product rather than a pure stable-coin wrapper. Yield is fixed-rate for each underlying loan but variable for the pool and is paid respectively in USDC or USDT; it accrues to the token’s share price, so lenders retain liquidity and can exit either by on-chain redemption (subject to a two-business-day processing window) or by swapping into spot USDC on supported AMMs. There is approximately $263M in recallable stablecoin liquidity. These balances constitute the liquid buffer. They are the first funds Maple draws on when lenders request on-chain redemptions, so “instant liquidity” is strictly capped by the buffer’s size. Once the buffer is exhausted, further withdrawal requests queue and are serviced gradually, in line with the cash-flow of the underlying loan portfolio (average tenor 30–90 days).
Source: Maple Finance, July 3rd, 2025
syrupUSDC sources its yield from a dedicated loan book with independent borrowers, entirely separate from Maple’s Blue-Chip Secured and High-Yield Secured pools. Over the past six months, this segregated exposure has generated a net annualised return in the 6–9% range, rather than the previously targeted 15%. Borrowers are subject to a stringent underwriting process that includes cash-flow analysis, collateral testing, and market-depth assessments. Borrowers pass a stringent underwriting process that screens cash-flow quality, tests collateral for market depth, price stability, and smart-contract soundness, and then sets terms calibrated to the borrower’s risk profile. About three-quarters of the collateral now posted is Bitcoin—split between native BTC and Liquid-wrapped BTC—while Solana contributes another 10 %. The balance comprises smaller allocations to Ether, liquid-staking tETH, LP_USR liquidity tokens, and USR stablecoins, giving the pool measured diversification without
sacrificing liquidity for potential liquidations.
Source: Maple Finance, June 20th, 2025
None of Aave’s existing listings exposes lenders to a ring-fenced, over-collateralised institutional loan book. syrupUSDC would therefore be the protocol’s first credit-backed asset whose collateral is segregated and custodied by regulated third parties. Its admission would set the technical and procedural benchmark for subsequent products such as syrupUSDT and the broader class of tokenised loan-portfolio tokens.
1.2 Architecture
When a lender deposits USDC through the front end, they call deposit() on the syrupUSDC Pool, which inherits ERC-4626 and therefore mints vault shares at the current price per share. The pool transfers fresh cash to its PoolManager, the cross-contract hub that sets liquidity caps, funds or refinances loans, and, where enabled, allocates idle balances to approved DeFi strategies. Each funded loan spins up a dedicated MapleLoan contract; accounting flows through a LoanManager that aggregates interest, service fees, and collateral ratios across the book.
Collateral that backs syrupUSDC is monitored 24 / 7 by an internal alert engine that pulls three independent price feeds. A fall to the pre-agreed Margin-Call Level triggers an automated top-up request; the borrower has 24 hours to restore the Initial Collateral Level. Any intraday slide to the Liquidation Level allows Maple to seize and liquidate immediately, preferentially through OTC desks to avoid slippage.
Exit involves a two-step queue. A lender submits a request that lands in the WithdrawalManager, which services requests strictly FIFO as cash returns to the pool; interest continues to accrue until settlement, and Maple reports that most queues clear in under 24 hours, although the docs warn it can take up to 30 days in a stressed scenario.
The collateral is kept in segregated wallets at regulated, institution-grade custodians such as Anchorage Digital, BitGo, and Zodia Custody; lenders can verify every wallet address on-chain.
Maple may employ the collateral to earn additional yield—staking liquid staking tokens that can be sold instantly, or native staking through specialized providers where unbonding periods apply—yet concentration limits and real-time dashboards show exactly how much of each asset is staked and under which provider, so lenders always know how quickly the position can be unwound if a margin event occurs.
Source: Maple Finance, July 2nd, 2025
The Maple’s app details tab offers a real-time, loan-level view of every syrupUSDC exposure—principal outstanding, fixed interest rate, collateral type, and current collateral ratio. Borrower admissibility follows the credit playbook outlined in Maple’s July 2024 paper “Yield Generation, Underwriting & Risk Management.” Each applicant undergoes KYB/AML screening, balance-sheet and cash-flow analysis, management interviews, and asset-specific collateral tests that assess market depth, historical volatility, and smart-contract risk. Maple’s risk team retains the resulting diligence files internally, and they are not published; only the headline loan terms and live collateral metrics are surfaced in the UI.
Loss Reflection in syrupUSDC
Losses in syrupUSDC are reflected directly in the token’s price via the internal exchange rate. If a borrower defaults and the loan cannot be fully recovered, the totalAssets decline, causing the syrupUSDC exchange rate to drop, effectively socializing the loss across all holders. No tranching or insurance fund exists, so all lenders bear equal exposure.
The protocol uses an unrealizedLosses accounting variable to prevent abuse during known loss events and maintains dual exchange rates when unrealized losses exist.
This prevents new depositors from exploiting “paper losses” by minting excess shares and profiting once the impairment is reversed. However, this also prevents LPs from withdrawing during default events due to a lowered exchange rate being used, effectively forcing the LP to wait until the defaults are covered and the original exchange rate is restored.
Risk mitigation includes overcollateralized loans, with immediate liquidation rights to lenders in default events. Additional recovery can be pursued via legal arbitration in the Cayman Islands, with the Maple Foundation acting as the enforcement agent. Also, Maple employs real-time price monitoring and automated margin calls. Collateral can be liquidated across DEXs, CEXs, or via market makers. The staked/locked assets have pre-arranged forward contracts for liquidity during forced sales.
1.3 Tokenomics
syrupUSDC has no fixed cap; the supply expands when USDC/USDT is deposited and contracts when redeemed and burned. Therefore, Economic value accrues through the vault’s share-price appreciation rather than scarcity. Because interest is paid in the base asset, syrupUSDC should converge toward a redemption value of one USDC/USDT plus accrued interest, subject to loan performance.
ERC-4626 vault funnels deposits into one or more “DeFi Strategies”. Each strategy pays a performance fee to the Maple Treasury every time its assets grow. strategyFeeRate is not hard-coded to a particular figure; Maple governance can change it through an admin call.
Since Origination, Service, and Management fees are skimmed before cash is recognised as “total assets” in the vault, syrupUSDC holders never sign or pay a separate fee transaction. Depositors face only normal network gas costs on deposit or withdrawal. The published net APY is therefore after:
• the strategy-layer performance fee,
• the pool-level management fee,
• all borrower-side origination and service fees, and
• Maple’s automatic provisioning of delegate cover and reserve buffers.
Maple charges no deposit, withdrawal, or spread fee; if a lender opts to exit by swapping syrupUSDC for USDC on a DEX, any price impact is purely market-driven, not a protocol fee.
On a separate note, the Drips programme distributes SYRUP tokens pro rata to syrupUSDC depositors (at a base rate of 1 Drip per 1 USDC per day). Rewards accrue continuously but unlock quarterly; unclaimed tokens revert to the treasury. Locking a deposit for up to six months grants a reward multiplier.
1.3.1 Token Holder Concentration
Source: syrupUSDC Top 100 Holders, Etherscan, June 30, 2025
The top 5 holders of syrupUSDC are:
Most syrupUSDC on Ethereum is actively utilized across various DeFi applications, indicating healthy protocol integration. Beyond these DeFi use cases, the top 10 holders collectively account for just 6% of the total supply, suggesting low concentration and reduced centralization risk.
2. Market Risk
2.1 Liquidity
Source: syrupUSDC/USDC Swap Liquidity, DeFiLlama, June 30, 2025
Users can swap 10.28M syrupUSDC worth up to $11.41M for USDC within a price impact of 7.5%.
2.1.1 Liquidity Venue Concentration
All syrupUSDC liquidity on Ethereum is concentrated on Uniswap V4 (via Arrakis vault) and Balancer.
Source: Uniswap, July 3rd, 2025
Source: Balancer, July 3rd, 2025
2.1.2 DEX LP Concentration
The primary Ethereum liquidity pool resides in a single Uniswap V4 pair seeded chiefly by a Maple-controlled wallet, creating venue and LP-concentration risk. Additional liquidity of $5M has been deployed in a Balancer V3 pool, but concentration risks remain significant.
2.2 Volatility
Source: syrupUSDC Market Price vs. Internal Exchange Rate, LlamaRisk, June 30, 2025
The internal exchange rate of syrupUSDC for withdrawals can be calculated as follows by the functions exposed by the contract.
The secondary market rate, i.e., the syrupUSDC-to-USDC conversion rate on the Uniswap V4 pool, closely tracks this internal rate under normal conditions. The largest deviation, approximately 0.61%, occurred on June 19, 2025. It is worth noting that the liquidity pool is only one month old, limiting the ability to perform a long-term trend analysis.
2.3 Exchanges
syrupUSDC is exclusively traded on DEXs and is not currently listed on any centralized exchange.
2.4 Growth
Source: syrupUSDC Ethereum Supply, Dune, June 30, 2025
syrupUSDC’s supply on Ethereum has increased by 1,300% YTD, rising from roughly 54M to 760M. Of this, 589M syrupUSDC is actively used in DeFi applications, reflecting a high utility rate of 78.74%.
3. Technological Risk
3.1 Smart Contract Risk
Twelve independent audit reports spanning five release cycles, carried out by four firms (Trail of Bits, Spearbit/Cantina, Three Sigma, and 0xMacro). Every critical or high-severity finding recorded in those reports was resolved before the relevant code went live, per Maple’s security page.
The most recent ones are:
3.2 Bug Bounty Program
There is a live bug bounty programme hosted on Immunefi with rewards up to USD 500,000 (10 % of affected funds) for critical smart-contract bugs.
All Maple V2 contracts—including Syrup-specific modules like SyrupRouter, SyrupRateProvider, pool proxies, and oracle wrappers are in scope.
3.3 Price Feed Risk
In the Maple protocol, most asset prices are sourced via oracle wrappers that relay getLatestPrice() from underlying Chainlink AggregatorV3 feeds. These wrappers also expose a gated setManualPrice() function, which the Security Admin multisig can invoke in case of a Chainlink outage.
Price oracle sets have been configured for three assets, with manual override functionality enabled only for USDC. However, for USDC, Maple uses a fixed price oracle hardcoded to 1 USD for on-chain collateral liquidations, rather than referencing a live market feed. This static pricing assumption introduces significant risk, particularly during depegging events.
While the team clarified that the fixed 1 USD price is used solely for liquidation, the risk remains material, particularly in recursive borrowing scenarios. In the event of a USDC depeg, relying on a static price during liquidation could result in mispriced auctions and potential bad debt. A live market feed like Chainlink’s USDC/USD oracle would offer a more robust and accurate mechanism.
These oracle feeds are used in functions like getExpectedAmount() within the LoanManager, where accurate pricing is critical for determining auction parameters during collateral liquidations.
To price syrupUSDC for the Aave Ethereum market, Chainlink’s USDC/USD price feed can serve as the base, while the syrupUSDC internal exchange rate calculated as (totalAssets - unrealizedLosses)/totalSupply can be sourced directly from the token’s ERC20 contract.
3.4 Dependency Risk
Yield Sources
Maple Direct, the lending arm of Maple Finance, is responsible for underwriting, structuring, and managing loans originated through Maple pools accessed by Syrup. All loans generating yield for syrupUSDC and syrupUSDT are extended to creditworthy, crypto-native institutions that post liquid digital assets as collateral. Protocols such as Aave, Uniswap, Kamino, and SKY are also utilized as yield sources, making the security and reliability of these systems critical dependencies.
Loan Collateral
Beyond blue-chip assets like BTC and ETH, Maple has approved a broader range of assets as loan collateral. This selection undergoes a rigorous approval based on liquidity, historical volatility, and technical risk assessments. Maple’s team conducts thorough due diligence during this evaluation. However, the legitimacy and stability of the underlying project behind each asset remain key dependencies. While loans are overcollateralized and can be liquidated to protect lenders’ principal, collateral asset quality still plays a vital role in mitigating default risk.
Underwriting
Since 2024, Maple has retired the third-party “Pool Delegate” model and consolidated all origination under Maple Direct, an internal credit desk that conducts KYB, due diligence, collateral analysis, and loan negotiation in-house. Centralising underwriting removes the variability that previously existed between external delegates and has, to date, produced a clean track record—no credit losses or defaults have occurred on the over-collateralised loans originated by the Maple team. The earlier defaults at Orthogonal Trading ($36M) and Auros ($18M) were booked under legacy delegate pools and are not indicative of the current risk-management framework. While this shift improves underwriting consistency, it also concentrates credit-selection risk in a single organisational unit, making ongoing transparency into Maple’s internal credit process essential.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
The Maple Finance ecosystem involves several entities:
- Maple Labs Pty Ltd operates the main platform interface and publishes the primary ToS for basic usage, wallets, and interface interactions.
- Syrup Ltd, a separate offshore affiliate, issues and administers syrupUSDC and syrupUSDT products and their specific ToS.
- Maple International Operations SPC (Cayman Islands Segregated Portfolio Company) is the legal counterparty for loan arrangements, pool administration, and prize draw campaigns.
Maple’s entities primarily provide software interfaces that facilitate decentralized, peer-to-pool lending by parties over the Maple Protocol. They act as the administrators of the web interface, not as direct custodians or intermediaries of funds.
All users (lenders and borrowers) must pass rigorous KYC checks. Lenders must be accredited investors under applicable rules. Borrowers must sign a Master Lending Agreement (MLA) before disbursing funds. The counterpart to the MLA from the Maple side is typically Maple International Operations SPC or another specified affiliated entity responsible for loan origination.
A Cayman Islands SPC allows a single legal entity to create multiple segregated portfolios (“SPs”), sometimes called “cells”. Each SP is legally distinct for purposes of assets and liabilities, but does not create separately registered companies. At Maple, each product or pool exists as a separate portfolio within Maple International Operations SPC. The assets, liabilities, and obligations of each portfolio are legally ring-fenced. Creditors of one portfolio (e.g., syrupUSDC) have no claim on the assets of another (e.g., syrupUSDT), nor do they have recourse against the general assets of the SPC beyond the relevant portfolio. This satisfies legal/regulatory requirements for isolating risks and assets between products and participant groups.
The Maple team has provided detailed responses to our due diligence questions, summarized as follows.
- MLA Key Legal Terms: MLA is designed to offer robust credit protection to lenders. It grants immediate collateral liquidation rights, full recourse to the borrower’s general assets for deficiencies, and streamlined enforcement through a dedicated Security Agent (Maple Foundation). Default triggers include payment failures, breaches of collateral requirements, failure to cure margin calls, covenant breaches, insolvency, and prohibited activities. Enforcement rights allow immediate loan acceleration, collateral liquidation without notice, and pursuit of deficiency claims via arbitration or litigation. The MLA is governed by Cayman Islands law and features comprehensive covenants and cross-default provisions.
Using collateral to generate yield involves additional rehypothecation and counterparty risks, as protocol staking mechanisms or institutional staking providers temporarily control the collateral. In this regard, we gathered extra information on:
- Legal Title to Staked Collateral: Under the MLA, lenders receive legal title and a first-priority security interest in all collateral, including assets deployed for yield generation. Borrowers retain equitable title and are entitled to the return of the original collateral (in identical form) upon loan repayment. This structure enables lenders to utilize collateral in staking or yield strategies while safeguarding the borrower’s right to reclaim their assets at maturity.
- Rights and Recovery in Counterparty Failure: In the event of default, lenders have immediate rights to accelerate the loan, seize and liquidate collateral, and apply default interest. Lenders maintain a first-priority security interest, and each portfolio is ring-fenced from others. Recovery mechanisms include immediate collateral liquidation and full recourse to the borrower’s general assets, with enforcement managed by a Security Agent.
- Margin Calls & Liquidations: Maple employs a proprietary monitoring system for real-time price feeds and automated margin calls. Multiple liquidation channels are available, including market makers, centralized, and decentralized exchanges. Collateral is assessed for liquidity prior to acceptance, and for staked or locked assets, forward arrangements with trading desks are used to provide immediate liquidity and protect lender capital.
4.2 Access Control Risk
The Maple protocol is governed by a 4/7 multisig Governor contract controlled by the Maple team, its affiliates, and advisors, which holds broad administrative authority via the Governor role. This includes upgrading core contracts (e.g., Globals, Liquidator, Withdrawal Manager), managing global parameters, overseeing the MapleTreasury, and executing administrative functions on Pools and Loans. A secondary Operational Admin (a 3/5 Safe multisig) handles routine protocol actions with limited scope. Additionally, an Emergency Pause function called by the Governor or Security Admin (a 3/6 Safe multisig) allows the protocol to halt operations during critical incidents. These permissioned controls introduce centralized governance risk, as improper use or compromise of the multisig could impact protocol integrity, asset safety, or user access.
4.2.1 Contract Modification Options
syrupUSDC inherits Maple’s V2 architecture: every on-chain object (the token itself, its pool, the loan, withdrawal-manager, etc.) is a proxy that points to an implementation registered in a single MapleProxyFactory.
The Governor can:
- upgrade any registered implementation (Globals, WithdrawalManager, Liquidator, etc.);
- set or revoke global fee rates (
platformManagementFeeRate, platformOriginationFeeRate, platformServiceFeeRate) —changes flow straight through to syrupUSDC pools;
- list or delist valid collateral assets, pool assets, and price oracles;
- alter the default timelock parameters (duration and “execution window”) that apply to every scheduled call;
- pause or unpause individual contracts or functions, or trigger the protocol-wide emergency pause;
Because syrupUSDC is a proxy deployed by MapleProxyFactory, its implementation can also be swapped out by the Governor, subject to timelock restrictions.
Pool Delegates may:
- schedule an upgrade() on their PoolManager, LoanManager, or WithdrawalManager;
- schedule parameter changes (e.g., interest-rate slippage or min-ratio) that affect only their pool;
None of those calls can be executed until the timelock has fully elapsed.
All syrupUSDC instances are NonTransparentProxy contracts created by MapleProxyFactory. Thus benefiting from cheaper deploys, centrally version-controlled implementations and upgrades emitting an Upgrade event from the same factory address.
A new syrupUSDC version becomes usable only after Governor registers the implementation and sets it as the factory’s “default version”. Delegates may upgrade an individual pool’s syrupUSDC proxy only along an approved upgrade path whitelisted by the Governor.
4.2.2 Timelock Duration and Function
globalsV301 introduces no delay at defaultTimelockParameters.
4.2.3 Multisig Threshold / Signer Identity
Governor (0xd6d4Bcde6c816F17889f1Dd3000aF0261B03a196) is managed by a 4/7 multisig with the following signers:
- 0x690A5aCa4E6c2f0c9880e582c2AA9913586e12BF;
- 0x0f4430f1cEc6b976a9358EFfa95399EE8fc8BD40;
- 0xF4b33586ee31DC6db89DA7Fb64b853E99F984B7F;
- 0xd9c66fc2b01Bb6d72e8884d2AA1e2DDA2995ecD6;
- 0x96481CB0fCd7673254eBccC42DcE9B92da10ea04;
- 0x04eBB8201BC767BD96932D33b12BD2EaA661E918;
- 0x588C6eb6E68F3Cb03243835c1c67864C84dF85bD]]
Maple indicates that a minority of the signers are employees/Maple team affiliates; the majority are long-standing external advisors and investors who have held their seats for over two years.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
This review was independently prepared by LlamaRisk, a community-led decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.
