LlamaRisk supports onboarding USDtb to the Aave v3 Core instance. USDtb is a stablecoin issued by Pallas (BVI) Ltd., primarily backed by BlackRockâs BUIDL fund (tokenized U.S. Treasuries) and USDC reserves, operating within a bankruptcy-remote legal structure. Key considerations are summarized below, followed by an in-depth analysis.
Direct minting and redemption require KYC/AML verification, limiting access mainly to institutional users, although holding the token remains permissionless. Market liquidity is primarily present on Curve DEX but is relatively low compared to total supply, consistent with high holder concentration. Redemptions are operational, with settlements processed within a 24-hour, though they have been significantly less frequent than minting activities. USDtb has maintained price stability around its $1 peg, with a Chainlink USDtb/USD market price feed now available.
The smart contracts have undergone multiple audits, including assessing role-based access and upgradeability, and rely on LayerZero for cross-chain functionality. A standing bug bounty program further incentivizes discovering and disclosing potential vulnerabilities. Key counterparty risks include the issuerâs terms of service, KYC/AML requirements for redemption, and reliance on regulated custodians (Copper, Komainu, Coinbase, Fireblocks, and Zodia Custody) for the underlying reserves.
One concerning aspect is the high concentration of USDtb, with Ethena-linked wallets holding over 98% of all tokens. Ethena also provides the entirety of the liquidity (USDtb-USDC Curve pool) through the reserve fund. This centralized distribution pattern is especially relevant for Aaveâs risk management, as Ethena is projected to be the main depositor of USDtb into the protocol.
Collateral Risk Assessment (Click to expand)
1. Asset Fundamental Characteristics
1.1 Asset
USDtb is an ERC20-compatible stablecoin presented as a digital dollar, offering the same monetary capacity as fiat USD but with greater speed and reliability. Unlike many other fiat-backed stablecoins, it is primarily supported by BlackRockâs USD Institutional Digital Liquidity Fund, known as BUIDL, which invests in high-quality, short-duration U.S. Treasuries. As of the tokenâs initiation, 90% of USDtbâs backing comes from BUIDL, with the remaining 10% in liquid stablecoins (specifically USDC at the time of this review). By design, it relies on an institutional-grade tokenized U.S. Treasury fund product for reserve support. USDtb is a non-yield bearing stablecoin; earnings from the underlying BUIDL investments are retained within the reserve system by the issuer and not passed through to USDtb holders. USDtb is deployed on Ethereum, Solana, Arbitrum, and Base, with cross-chain connectivity provided by LayerZero.
1.2 Architecture
Several key entities ensure the bankruptcy remoteness of the USDtb framework:
- Pallas (BVI) Ltd., a British Virgin Islands business company limited by liability, issues USDtb and is wholly owned by the Pallas Foundation.
- Pallas Foundation, based in the Cayman Islands, is a company limited by guarantee with no members, beneficiaries, or shareholders and is managed by an independent professional director from Horizons Global.
- Pallas Fund (BVI) Ltd., wholly owned by Pallas (BVI) Ltd. and authorized by the BVI Financial Services Commission, holds the assets backing USDtb in institutional custodial accounts, primarily through tokenized U.S. Treasury fund products.
- The fund is managed by Athene Management Limited, an affiliate of Ethena Labs, and overseen by independent directors from Horizons Global and Harneys Fiduciary Services.
None of these entities share directors, maintaining operational and legal segregation.
Only authorized users may mint and redeem USDtb after meeting the eligibility standards outlined in the USDtb Terms and Mint User Agreement and successfully passing AML/KYC checks. Once whitelisted, they can mint or redeem 24/7 via the mint/redeem smart contract. This process relies on cryptographically signed orders and an off-chain RFQ (Request for Quote) system, where the server validates orders before finalizing them on-chain. Whitelisted users can expect minimal delays, including on weekends and public holidays, as long as digital assets are used for settlement. If Pallas does not have sufficient stablecoins, redemptions may be delayed until Pallas Fund liquidates a portion of its holdings. Whitelisted addresses able to accept BUIDL may opt for redemption in BUIDL instead of USDC, and secondary markets are also available for converting USDtb to other assets.
Source: Dune, Date: April 13th, 2025
A dedicated smart contract: 0xa3DDBf92077b850E29C4805Df0a2459Ae048416a, compatible with EIP-712 and EIP-1271 signing methods, manages the minting and redemption. Whitelisted addresses can delegate signing authority to another address through a simple proposal and acceptance routine, allowing externally owned accounts to authorize transactions on a contractâs behalf. Balances held in this contract, which at the time of writing amount to approximately 20k USDC, can be immediately redeemed, while an additional 1.3B BUIDL and 139M USDC can be accessed within 24 hours if needed. An RFQ determines minting and redemption prices off-chain, and once a quoted price is accepted, the order is finalized on-chain after server validation.
Source: USDtb Transparency Dashboard April 13th, 2025
The current custodian distribution shows that Copper and Komainu hold 45% of total custody, while Coinbase accounts for the remaining 10%. The Mint & Redeem Contract is reported separately, more as an operational reserve mechanism than a custodian per se.
Importantly, the holdings of each custodian address are verifiable on-chain at any time.
Source: USDtb Transparency Dashboard April 13th, 2025
Historically, the distribution between USDC and BUIDL backing the USDtb has fluctuated, with USDC share decreasing since March as the total supply of the asset grew above 1.4B.
Source: Dune Analytics, April 13th, 2025
1.3 Tokenomics
USDtb has no fixed supply cap; issuance expands or contracts in response to market-driven minting and redemption. There is no explicit mention of minting or redemption fees when using the official USDtb UI. However, BUIDL, which accounts for roughly 90% of USDtbâs reserves, carries an annual management fee of up to 0.50% charged by BlackRock. This fee is embedded in the BUIDL fund structure and indirectly affects USDtbâs reserves. Neither Pallas nor Athene Management discloses additional operational fees for managing USDtb, although the Terms of Service and Mint Agreement permit the issuer to introduce such fees if necessary.
USDtb holders do not receive direct profits or interest from the reserves. Any yield generated by BUIDLâs underlying Treasury investments remains in the reserve rather than being passed on to token holders. Likewise, USDtb holders have no governance, voting, or participatory rights over Pallas, the Pallas Foundation, or the Pallas Fund. They cannot claim any share of the assets or income generated by these entities.
1.3.1 Token Holder Concentration
The distribution of USDtb is extremely concentrated, with the top holder alone controlling approximately 87% of the total supply. The second-largest holder controls 10%, while Ethena Reserve Fund holds around 1.34%. The top three addresses own over 98% of the total token supply. Moreover:
The list of the top five USDtb holders is completed by:
This makes at least 98.3% of the total supply held within Ethena-controlled addresses, indicating complete asset holder centralization.
Source: Etherscan, March 30th, 2025
Ethena-controlled wallets have also primarily executed the minting, mainly for USDe collateral backing and the Reserve Fund. An unrelated Gnosis Safe minted a small part of ~5M USDtb, while all other whitelisted minters minted the rest of 5M.
It is notable that while 0xd54F23BE482D9A58676590fCa79c8E43087f92fB has not minted USDtb, it received the current holdings directly from Ethenaâs Coinbase Prime Custody wallet.
Source: USDtb Minting contract, April 3rd, 2025
2. Market Risk
2.1 Liquidity
2.1.1 Liquidity Venue Concentration
DEX Liquidity for USDtb is heavily concentrated on Curve, where two primary pools anchor its market presence:
2.1.2 DEX LP Concentration
Ethena is providing the entirety of the liquidity (USDtb-USDC Curve pool) through the reserve fund. This poses a high-concentration risk.
A $10M swap of USDC to USDtb incurs 3.86% slippage, indicating low liquidity about the overall token supply. This also reflects the holderâs concentration aspect discussed above.
Source: LlamaSwap, April 13th, 2025
Redemptions
As mentioned above, USDtb redemptions are serviced 24/7 using the USDtb Mint/Redeem contract. Nonetheless, while more than 200M USDtb daily minting instances have been observed, the redemptions volume has been minimal, with up to 350k USDtb redeemed in single request.
Source: USDtb Minting contract, April 3rd, 2025
All redemption requests are initiated via an off-chain RFQ server, which initiates refilling the USDtb Mint/Redeem contract buffer with USDC or BUIDL (depending on the redemption request) so that the redemption could be settled on-chain. A small buffer of 20k USDC is constantly held in the contract and can be used to redeem instantly. Otherwise, the redemptions are promised to be serviced in under 24 hours. This system is equivalent to the one used for USDe redemptions.
Source: USDtb Minting contract & BUIDL Redemption Fund, April 3rd, 2025
In a case where the underlying BUIDL needs to be redeemed for stablecoins, there exits an on-chain BUIDL Redemption Fund that constantly holds ~90M USDC that can be directly redeemed. Circle services this primary liquidity.
2.2 Volatility
Assetâs price is overall stable, with most daily closes hovering tightly around the $1.00 peg, deviating by only a few basis points. A single notable wick below $0.98 appears as an isolated incident.
Source: Geckoterminal, April 1st, 2025
More recently, Chainlinkâs USDtb/USD market price feed has been deployed. It indicates high peg stability and does not exhibit the same price outlier as reported by Geckoterminal.
Source: Chainlink USDtb/USD feed, April 3rd, 2025
2.3 Exchanges
USDtb is CEX-heavy, with early-stage DeFi adoption underway. Most trading volume occurs on the partner exchange - Bybit, showing the deepest liquidity.
On the DEX side, Curve supports two pools - USDe/USDtb and USDtb/USDC. However, both have relatively low depth.
Source: Coingecko, March 30th, 2025
2.4 Growth
USDtb has demonstrated a sharp growth trajectory since early March 2025. After a prolonged period (since Dec 2024) of TVL below 100M, the protocol experienced a sudden acceleration in TVL accumulation, climbing to over $1.4B within a few weeks. This parabolic rise suggests a coordinated onboarding of capital, driven primarily by Ethena minting and allocating USDtb to back USDe. The underlying catalyst combines persistently low funding rates and the strategic expansion of Ethenaâs stablecoin buffer to enhance peg stability and capital efficiency.
Source: DefiLlama, March 30th, 2025
3. Technological Risk
3.1 Smart Contract Risk
USDtb smart contracts have undergone three comprehensive private audits conducted by Pashov Audit Group, Quantstamp, and Cyfrin. In addition, a Code4rena contest was completed in November 2024. No high-level issues have been established.
- Pashov Audit Group: 7 low findings (all resolved/acknowledged)
- Quantstamp: 1 low severity, 1 undetermined severity and 3 informational findings (all acknowledged)
- Cyfrin: 3 low risk, 4 informational issues (2 low risk resolved, rest are open)
- Code4rena Public Contest: 2 medium, 12 low risk findings (1 medium and 4 low findings mitigated)
3.2 Bug Bounty Program
Ethena maintains an active bug bounty program on Immunefi, live since April 2024, with a maximum bounty of $3M. The program explicitly includes the USDtb smart contracts within its scope.
3.3 Price Feed Risk
An oracle does not determine the price in a mint or redeem order on-chain. Instead, it comes from an off-chain RFQ system. The asset-holding address (benefactor) obtains an RFQ price from an off-chain module. The benefactor signs an order with the agreed-upon price (embedded as the ratio between collateral amount and USDtb amount). The RFQ server, which has âlast-lookâ rights, performs further validations (e.g., checking for malicious orders) before it signs the transaction to allow settlement on-chain. Overall, the system is equivalent to the USDe redemption mechanism.
On-chain, the mint contract calls the isValidSignature method on the benefactor contract to validate the order. Ratio validation is made through the verifyStablesLimit function, ensuring that the provided amounts fall within acceptable bounds.
3.4 Dependency Risk
Dependencies for the USDtb and Mint contracts can be sourced to OpenZeppelin libraries, respectively Upgradeable for the USDtb contract and Non-upgradeable for the Mint contract.
- ERC20Permit implements the EIP-2612 standard used to approve transfers via signatures rather than an on-chain transaction;
- ReentrancyGuard protects sensitive functions (e.g., mint/redeem) from reentrancy attacks;
- ERC20Burnable adds functionality for the irreversible destruction of tokens;
- SafeERC20 for safe interactions with ERC20 tokens during collateral transfers, minting, and redemption;
- ECDSA is used for signature recovery;
- The IERC1271 interface is used for validating signatures following EIP-1271 standards;
- Mint contract constructs a domain separator and hashes an order struct (using the EIP-712 standard) to create a secure and tamper-proof order signature;
Cross-chain functioning of USDtb introduces a reliance on LayerZero bridging capacity.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
Governance
USDtb does not rely on a dedicated governance token. Instead, Ethena incorporates it into a wider ecosystem where the ENA token governs certain protocol-level decisions, such as adjustments to USDeâs reserve composition. Holders of USDtb do not participate in governance or earn staking rewards by holding the stablecoin.
Legal
Terms of Service distinguish between Mint Users who have successfully fulfilled Know-Your-Customer and Anti-Money Laundering requirements (along with other onboarding procedures) and have thus been whitelisted and Holding Users, who possess the token without having completed the aforementioned checks. Such Holding Users are not regarded as customers of Pallas. The Mint User Agreement further clarifies that USDtb is exclusively available to institutions established in supported jurisdictions, leading to the inference that individual persons are not eligible to register as Mint Users. We have received confirmation from the team that USDtb is currently available exclusively to institutional participants. Each institution undergoes KYB evaluation and wallet screening with TRM.
A Holding User is not entitled to redeem USDtb directly with Pallas unless and until that Holding User becomes a Mint User, having duly undergone KYC/AML screenings and obtained whitelisted status from the issuer.
The entitlement associated with USDtb passes with the token itself. Consequently, sending USDtb to another address automatically conveys and assigns to the owner of that address and any subsequent holders all corresponding rights and obligations of a Holding User about such USDtb.
Pallas (or a designated affiliate) undertakes to redeem one USDtb for one USD of notional value in supported digital assets on condition that USDtb is structured to maintain parity with USD. In support of this one-to-one value, Pallas holds a matching amount of USD-denominated assets for each USDtb issued as part of the USDtb Reserves.
Although Pallas may invest the USDtb Reserves in interest-bearing accounts or other instruments that generate returns, the User acknowledges no entitlement to any interest or other earnings derived from these reserves. USDtb does not yield interest or profits for holders but represents the right to redeem USDtb as a Mint User, provided the holder meets the applicable criteria for such status.
USDtb is not insured by any deposit protection schemes, including, without limitation, coverage from the Federal Deposit Insurance Corporation (FDIC), the Securities Investor Protection Corporation (SIPC), the United Kingdom Financial Services Compensation Scheme (FSCS), or equivalent programs in the Userâs jurisdiction of residence.
Pallas reserves the authority to block certain USDtb addresses and freeze associated USDtbâeither temporarily or permanentlyâif it determines, at its sole discretion, that the addresses in question may be involved in an unlawful activity or otherwise violate the Terms of Service. Pallas may also report such suspected illegal activity to the appropriate law enforcement bodies.
A blacklisting policy is in effect, under which Pallas retains the right to prevent the transfer of USDtb to or from an address on the chain by that policy.
Pallas bars transactions with any âRestricted Personsâ - individuals or entities named on sanctions lists administered by various branches of the United States government or on analogous lists promulgated by other relevant authorities. Pallas similarly restricts transactions involving individuals residing in or located within âRestricted Territories,â presently including Cuba, Iran, Syria, North Korea, and specified regions of Ukraine.
Under the Mint User Agreement, the Services are unavailable to any User who is a resident, national, or agent of a jurisdiction subject to the Office of Foreign Assets Controlâs comprehensive sanctions (referred to as âRestricted Territoriesâ). The same unavailability extends to anyone listed on the Table of Denial Orders, the Entity List, or the Specially Designated Nationals list (collectively, âRestricted Personsâ), as well as any User who intends to transact with Restricted Territories or Restricted Persons.
Users must represent that they are not citizens or residents of, and are not organized under the laws of, any of the âProhibited Jurisdictions,â which include Abkhazia, Afghanistan, Angola, Belarus, Burundi, the Central African Republic, Congo, Cuba, Crimea, Ethiopia, Guinea-Bissau, Iran, Ivory Coast, Lebanon, Liberia, Libya, Mali, Burma (Myanmar), Nicaragua, North Korea, Northern Cyprus, Russia, Somalia, Somaliland, South Ossetia, South Sudan, Sudan, Syria, Ukraine (specifically Donetsk and Luhansk regions), the United States, Venezuela, Yemen, and Zimbabwe.
Custodians
USDtb is safeguarded under the custody of any authorized institutions set forth below.
- Copper maintains Swiss regulatory approval and a TCSP license in Hong Kong.
- Fireblocks holds a Money Transmitter License (or an equivalent form of regulatory authorization) in multiple states across the United States.
- Zodia Custody is registered with the Financial Conduct Authority in the United Kingdom under the Money Laundering Regulations and operates under registrations from the Central Bank of Ireland, the Commission de Surveillance du Secteur Financier, and the Hong Kong Companies Registry.
- Komainu is regulated by the Jersey Financial Services Commission, the Dubai Virtual Assets Regulatory Authority, holds a Money Laundering Regulations registration with the UK Financial Conduct Authority, and an OAM registration in Italy.
- Coinbase operates under a comprehensive suite of international licenses and regulatory permissions, spanning Europe, the United States, and other jurisdictions.
Legal Structure
The backing assets for USDtb are held by Pallas Fund (BVI) Ltd., a private investment fund operating under the British Virgin Islands Financial Services Commission (BVI FSC) regulatory oversight.
Source: BVI FSC, April 1st, 2025
The private investment fund is a closed-ended vehicle that pools investor capital for collective investment and diversification, issuing interests linked to its net asset value. Regulated by the BVI FSC under the Securities and Investment Business Act (SIBA) and the Private Investment Funds Regulations, 2019, a fund can be structured as a company, limited partnership, or unit trust. It must adhere to specific operational requirements, including appointing at least two directors (one individual) if structured as a company, designating authorized representatives and appointed persons for management, valuation, and safekeeping of assets, and maintaining a clear valuation policy with annual valuations. Additionally, private investment funds must prepare and submit audited financial statements annually, comply with anti-money laundering regulations, and fulfill international tax reporting standards.
The issuer - Pallas (BVI) Ltd. - is the sole subscriber to the Pallas Fund.
Athene Management Ltd. is authorized to act as an investment manager to the Pallas Fund.
Source: BVI FSC, April 1st, 2025
An Approved Manager is a regulatory designation under the Investment Business (Approved Managers) Regulations, 2012, allowing entities to provide investment management or advisory services to specific clients, including BVI Private Investment Funds. This regime offers a streamlined regulatory framework tailored for managers overseeing smaller-scale funds. An Approved Manager can manage up to $400M for open-ended funds and up to $1B for closed-ended funds. Obligations include maintaining at least two directors (one being an individual), appointing a BVI-authorized representative, submitting annual unaudited financial statements, and complying with anti-money laundering regulations.
4.2 Access Control Risk
Key Ethereum addresses associated with USDtb are:
USDtbâs L2 address on Base and Arbitrum: 0xc708B6887DB46005dA033501f8aeBee72d191a5d
4.2.1 Contract Modification Options
USDtb contract is upgradeable via a proxy pattern and uses upgradeable OpenZeppelin components (ERC20PermitUpgradeable, ERC20BurnableUpgradeable, ReentrancyGuardUpgradeable, and a custom SingleAdminAccessControlUpgradeable). It implements minting (only by authorized minter contracts), burning, and transfer functionalities.
Role-Based Access Control includes:
DEFAULT_ADMIN_ROLE has the authority to initialize the contract and set the admin, update the transfer state via updateTransferState, add or remove minter addresses using addMinter and removeMinter, rescue tokens mistakenly sent to the contract using rescueTokens, and execute the redistribution of locked tokens from blacklisted addresses via redistributeLockedAmount.MINTER_CONTRACT calls the mint function to create new USDtb tokens; this role is intended to be assigned exclusively to the minting contract.BLACKLIST_MANAGER_ROLE adds/removes addresses to the blacklist using addBlacklistAddress/ removeBlacklistAddress.WHITELIST_MANAGER_ROLE adds/removes addresses to the whitelist with addWhitelistAddress/ removeWhitelistAddress.BLACKLISTED_ROLE - addresses with such an assignment are prevented from moving funds (subject to the transfer state logic).WHITELISTED_ROLE - in transfer state 1 (whitelist-enabled), only whitelisted addresses (assigned the WHITELISTED_ROLE) can execute transfers.
While the USDtb contract itself grants the DEFAULT_ADMIN_ROLE (set during initialization) for wide administrative tasks, this role is not automatically the upgrade authority. The owner and admin of the proxy is an Ethena-related Safe multisig. The proxy upgrade log shows no data on recorded events.
Source: Etherscan, March 31st, 2025
Mint/Redeem contract is deployed as a regular contract and cannot be upgraded through the proxy mechanism. It is responsible for the issuance (minting) and redemption (burning) of USDtb tokens in exchange for collateral assets. In the minting phase the order authenticity is verified using EIP-712/EIP-1271 signatures.
Role-Based Access Control includes:
MINTER_ROLE executes the mint function to mint new USDtb tokens based on approved orders.REDEEMER_ROLE calls the redeem function to redeem USDtb tokens for collateral.COLLATERAL_MANAGER_ROLE transfers collateral assets to designated custody wallets using transferToCustody.GATEKEEPER_ROLE disables minting and redemption by setting the global mint/redeem limits to zero; it also can remove roles (such as MINTER_ROLE, REDEEMER_ROLE, and COLLATERAL_MANAGER_ROLE) in emergencies.
The minting contract also includes functions to add or remove supported assets, update per-block limits, and manage delegated signersâall actions gated by appropriate access control (the admin or a role with DEFAULT_ADMIN_ROLE).
4.2.2 Timelock Duration and Function
No timelock function is implemented in the reviewed contracts; therefore, contract modifications have no delay period.
4.2.3 Multisig Threshold / Signer identity
USDtb owner & _currentDefaultAdmin is a SafeProxy with 5/10 signing threshold.
Signatories:
- 0xFBaDb2d5C10AAad995DfA2534950F6e86C1a5437
- 0x47B243875BC1c166D208Fa901c79fB19d9EC294A
- 0x2D7eB1217A7c95846aCE0FC02810516012FC5e5b
- 0x4493f5BC27FD2d112c281762cD5Ebd3Be3fe25eD
- 0x4D3Bf81Bdb420E65634d905aEcE807e8c54C0ab4
- 0xb339AdFBdD00a47eeC4EACB902827Cf0b3778437
- 0xc03C485B2a9585A60883b6d5B36d2f2639F7d5C8
- 0xe055a5b4e82Ee8832dEc11537Afb7c2e4fb2365a
- 0xb37b5B70dFfC907Ea6ea35A322889d9072b414F5
- 0x832A45a1d0367971AC5e47708efA7B98C7e4d4CB
Custody wallets below are EOAs:
Ethena Labs indicates that under these EOAs MPC wallet solutions of Copper, Komainu, and Coinbaseâs Web3 Wallet are used. Also, Zodia is used as a Hardware Security Module (HSM) solution.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
As indicated initially by ACI and supported by the assetâs liquidity levels, this asset should be deployed as borrowable only. It is also expected that Ethena will become the dominating supplier of USDtb in this market, prompting attention to the potential supply concentration. In particular, large USDtb supply withdrawals could cause borrow rate shocks.
This review was independently prepared by LlamaRisk, a community-led decentralized organization funded in part by the Aave DAO. LlamaRisk serves as a member of Ethenaâs risk committee. LlamaRisk did not receive compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.
