Summary
LlamaRisk supports this proposal. Our review of the proposed incentive structure reveals no additional risks beyond the standard smart contract, implementation, and opportunity cost concerns.
A notable point of concern is the PYUSD multisig configuration controlling upgradeability, which uses an unusually high number of signers (20) with a low threshold (3). This presents an elevated operational risk, as the attack surface for social engineering and other threats is considerably larger than typical implementations. We want to engage with Paxos to address this. Beyond this concern, PYUSD presents minimal risk as collateral, demonstrating reasonable regulatory/governance risk profiles and limited architectural and market risk exposure.
Our detailed collateral risk assessment follows for community review.
Click to unveil our detailed assessment
PYUSD Collateral Risk Assessment
1. Asset Fundamental Characteristics
PayPal USD is a US dollar-denominated stablecoin launched in August 2023 in partnership with Trident Digital. Paxos, who hold an NYDFS license to maintain stablecoins, issue this stablecoin. This makes it identical to its partner USDP. It is deployed to Ethereum Mainnet and Solana and has a public GitHub maintained by Paxos.
PYUSD reserves are almost entirely US debt with cash on hand. This stablecoin is overcollateralized.
1.1 Asset
PYUSD is a familiar asset to the Aave protocol as a stablecoin with reputable reserves. Its architecture results in the asset being bankruptcy remote. Reserves are deposited with multiple banks, including BMO Harris Bank, Customers Bank, and State Street Bank & Trust Company, diversifying default risk. Reserves are bankruptcy remote, meaning should Paxos Trust face insolvency, reserves will be distributed to owners based on company records (though this may not necessarily mean PYUSD holders).
It is ERC20 compliant with 352M tokens on the Ethereum mainnet. As such, incremental collateralization risk is low.
1.2 Architecture
Source: LlamaRisk
This is a simple ERC20 stablecoin asset managed by Paxos Trust. Users can mint or burn additional PYUSD through a PayPal account (which requires KYC and compliance with a wide range of terms and conditions). Once purchased inside PayPal’s web app, it may be bridged onto Mainnet or Solana. In the same way, it may be sent back to PayPal’s web app to be sold for fiat. The ERC20 implementation has a variety of permissions (more in Section 4.2).
It is designed for both on-chain activities as well as day-to-day commerce. Significant development efforts have been directed at making this asset suitable for micropayments.
There is no governance for this asset - Paxos Trust entirely handles it. Trident assists with liquidity initiatives , such as the one proposed in the body.
1.3 Tokenomics
As a stablecoin, PYUSD tokenomics is very simple. For each PYUSD minted, more than 1 USD exists in US Government Debt or cash. The last third party attestation noted a ratio of 0.97 PYUSD (704,883,091) for each 1 USD held in a US bank as either debt or fiat ($720,152,403).
2. Market Risk
2.1 Liquidity
Source: DeFiLlama, October 25th, 2024
Onchain liquidity for this asset is good, with a $10M trade facilitated before any price impact occurs. The relative ease of access further compounds this user can enjoy through the PayPal website for additional liquidity.
2.2 Volatility
Source: Coingecko, October 25th, 2024
PYUSD has maintained a tight peg (after a brief, unsustained depeg on launch) with $1.
2.3 Exchanges
Source: Coingecko, October 25th, 2024
PayPal USD is available on a wide variety of centralized and decentralized exchanges. Of note is a partnership between PayPal, Paxos, and Crypto.com to integrate the stablecoin into CEXs further.
2.4 Growth
Source: Coingecko, October 25th, 2024
This asset has enjoyed relatively stable growth with some variation. It is currently experiencing a downtrend from $1B to roughly $600M, though that is from an all-time high.
3. Technological Risk
3.1 Smart Contract Risk
Source: Trail of Bits
PYUSD has been audited by Trail of Bits, a top-tier auditor. No major vulnerabilities were discovered. This asset has already been onboarded to the protocol, so incremental smart contract risk is low.
3.2 Price Feed Risk
A Chainlink Price Feed on mainnet is integrated to provide accurate and secure market data. Price feed risk is low.
3.3 Dependency Risk
PYUSD is fully dependent on Paxos. As an NYDFS-regulated entity, this risk is somewhat mitigated. This will be fully examined in Section 4.1.
PYUSD is also significantly dependent on PayPal. While they are a reputable, regulated entity with a long history of compliant business activity, they have a documented tendency to freeze user funds arbitrarily. This has resulted in class action lawsuits against the business in which plaintiffs cite PayPal’s inability even to explain why the funds were frozen. This presents a significant risk if a user has to exit a PYUSD position through PayPal’s web app only to have their funds frozen.
Dependency risk is, therefore, considerable.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
Paxos Trust LTD entirely controls the governance of PYUSD.
This presents significant risk, especially given the regulatory regime for firms based in New York State. There are two main verticals for governance (management) and regulatory risk for PYUSD:
- Reserves Management: Reserves are clearly documented by first and third party attestations. The funds are held in FDIC-insured banks or value-guaranteed US government debt instruments. This is good reserve management and presents limited incremental risk.
- Regulation: As a Trust regulated by the New York State Department of Financial Services (NYDFS), the Issuer of PYUSD will have to comply with many regulations. These include but are not limited to KYC/AML checks, restrictions on illegal use, bankruptcy remoteness, and sanctions compliance. Given the United States’ unclear position on decentralized finance and additional uncertainty stemming from an upcoming election, regulatory risk is certainly present. Further regulatory clarity would reduce this particular angle of risk.
While governance risk for PYUSD may be managed by robust state-level regulation, unclear federal regulation results in regulatory risk. This is exacerbated by an upcoming election in which candidates have not stated clear regulatory priorities.
4.2 Access Control Risk
PYUSD has significant access control risk stemming from significant contract permissions:
- A freeze function on specific addresses
- A global pause function
- A function to modify which address may issue new PYUSD
- A function to increase spend approvals by any address
This contract is owned by a 3/20 multisig. This is a significant risk. While only limited in incremental risk (given the asset is already borrowable), making this asset collateral would further entrench significant access control risk.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
5. Aave V3 Specific Parameters
We are aligned with TokenLogic’s suggested parameters, given sufficient on-chain liquidity both now and after the eCLP pool is life.
6. Price feed
LLamaRisk recommends continuing to use the Chainlink Oracle for this asset.
Disclaimer
This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.