[ARFC] ustb/buidl gsm

[ARFC] USTB/BUIDL GSM

Author: ACI

Date: 2024-10-04


Simple Summary

This ARFC proposes expanding the BUIDL GHO Stability Module (GSM) to incorporate Superstate’s USTB. The proposal recommends a 50:50 split between BUIDL and USTB to help increase GHO’s stability with diverse reserves and maximized yield.

Motivation

The proposal aims to introduce an additional industry-leading tokenized U.S. Treasury Bill product to support the stability and efficiency of GHO while maximizing protocol revenue.

Superstate recommends expanding the proposed BUIDL GSM instance to include USTB to diversify GHO’s reserves, RWA yield sources, and foster a resilient and scalable GSM. Adding USTB to this instance will enhance the GSM’s capital efficiency, while also maximizing transparency, liquidity, and yield.

USTB offers competitive benefits for the Aave ecosystem, bolstering GHO’s stability and generating surplus revenue for Aave. Currently, management fees are waived (0.00%) while USTB is under $200M AUM. Once this is surpassed, the management fee is 0.15% for any client balance up to $25M. Aave will benefit from a 67% discount on management fees (0.05%) for any assets above $25M. Furthermore, USTB provides transparent daily Net Asset Value via a Chainlink oracle with a separate Proof of Reserves Chainlink oracle coming soon. USTB’s website publishes holdings weekly with daily NAV, AUM, and yield available for anyone to see. You can visit https://superstate.co/ustb.

USTB is deployed on the Ethereum network, providing onchain access to traditional financial assets sub-advised by Federated Hermes, with UMB Bank as custodian, and Ernst & Young LLP as the Fund auditor. USTB’s investment mandate ensures at least 95% of the portfolio is invested in short-duration U.S. Treasury Bills. Up to 5% of the portfolio at any time can be held in cash to facilitate liquidity.

Superstate Inc. has partnered with Circle, Fireblocks, and NAV Fund Services for USDC subscription/redemption, responsible key management, and third-party Net Asset Value (NAV) calculation. USTB is a Delaware Statutory Trust which means all assets are bankruptcy-remote from Superstate Inc. This means investors (e.g. GSM) are siloed from liabilities that may arise from Superstate Inc. and the other Funds part of Superstate Asset Trust.

Each USTB token (ERC-20) is one share in the Fund, with the number of shares issued/USTB tokens minted equal to the Purchase Amount ($) divided by the Net Asset Value per share (NAV/S) on a given Market Day. Market Days are when both the New York Stock Exchange and the Federal Reserve Bank of Philadelphia are open. NAV/S increases daily due to the Fund’s investments accruing interest.

USTB works in a similar way to Lido’s wstETH. You are minted a static amount of tokens and your token balance stays the same unless you mint, burn, or transfer. The NAV/S increases over time, allowing you to redeem a share of USTB for an increasing amount of U.S. Dollars or USDC.

The USTB fund currently holds over $125 million in AUM, with more than $150 million redeemed to clients in T+0 or T+1 time frames since inception. USTB is currently onboarded for Arbitrum’s Treasury and used in Mountain’s USDM Reserves. It is being considered for Ethena’s USDe Reserve Fund and Spark’s Tokenization Grand Prix.

This GSM expansion would further diversify GHO’s yield sources from real-world assets (RWAs) which should maximize after-fee yield and transparency for the protocol.

Superstate will help Aave Labs expand the proposed BUIDL GSM instance to include a 50:50 allocation towards USTB and BUIDL. This will enable 1:1 fixed-ratio swaps between USDC and GHO, utilizing the USDC surplus to mint both BUIDL and USTB tokens. Thanks to the instant redeemability between USDC and BUIDL and the yield profile of USTB, the GSM can mint and reedem USTB and BUIDL in exchange for USDC. The first tranche of redemption will come from BUIDL. During the payout, the GSM can redeem USTB, receive USD, and subscribe to BUIDL to rebalance. If desired, Superstate could configure USTB redemptions from the GSM to automatically direct USD proceeds to BUIDL, enabling quicker and more automated rebalancing.

This proposal ensures a more seamless experience similar to the existing GHO:USDC GSM, while maximizing capital efficiency, transparency, and yield. This structure (splitting between liquid and high-yield products) allows GHO extreme flexibility and USDC support.

Specification

Superstate will help Aave Labs expand the proposed BUIDL GSM instance to include a 50:50 allocation towards USTB and BUIDL. This will enable 1:1 fixed-ratio swaps between USDC and GHO, utilizing the USDC surplus to mint both BUIDL and USTB tokens. Thanks to the instant redeemability between USDC and BUIDL and the yield profile of USTB, the GSM can mint and reedem USTB and BUIDL in exchange for USDC. The first tranche of redemption will come from BUIDL. During the payout, the GSM can redeem USTB, receive USD, and subscribe to BUIDL to rebalance. If desired, Superstate could configure USTB redemptions from the GSM to automatically direct USD proceeds to BUIDL, enabling quicker and more automated rebalancing.

This proposal ensures a more seamless experience similar to the existing GHO:USDC GSM, while maximizing capital efficiency, transparency, and yield. This structure (splitting between liquid and high-yield products) allows GHO extreme flexibility and USDC support.

These graphics illustrate the Flow Of Funds for both minting and burning GHO with USDC.

Disclaimer:

This proposal is powered by Skywards. ACI is not directly affiliated with the Superstate team and did not receive compensation for creation this proposal.

Next Steps

  1. Publication of a standard ARFC, collect community & service providers feedback before escalating proposal to ARFC snapshot stage.
  2. If the ARFC snapshot outcome is YAE, publish an AIP vote for final confirmation and enforcement of the proposal.

Copyright

Copyright and related rights waived under CC0

1 Like

Let’s talk about step 3b. It appears to be slow, because it’s not an on-chain transaction. In the ‘Redeem GHO’ diagram, is this step meant to be an off-chain bank transaction between USTB and BUIDLl? Let’s address this. Our priority is delivering reliable and timely results for everyone involved

2 Likes

Summary

The onboarding of USTB and BUIDL into the GSM represents a step towards further RWA integration with Aave, offering exposure to stable, low-risk, short-duration U.S. Treasury securities. Given these products’ complexity and regulatory environments, we recommend seeking detailed information on the specific legal structures Aave would need to implement to properly interface with them before proceeding.

USTB

  • Tokenized investment product for qualified purchasers
  • Structured as a private fund under Section 3(c)(7) of the Investment Company Act
  • Permissioned, upgradable ERC-20 token on Ethereum
  • Pricing based on Net Asset Value per Share (NAV/S)
  • Daily liquidity on open market days (T+0 or T+1 settlement)
  • Series of Superstate Asset Trust and a Delaware Statutory Trust (United States)

BUIDL

  • Tokenized U.S. Treasury fund for institutional investors
  • Managed by BlackRock, powered by Securitize’s platform
  • BVI limited company, operating as a professional fund under SIBA
  • $1 per token value, yield accrues through daily dividends reinvested monthly
  • Instant on-chain liquidity via USDC integration
  • Established as a British Virgin Islands (BVI) limited company

We have prepared the below comprehensive reviews of USTB and BUIDL for the DAO’s consideration:

Detailed research and analysis:

USTB

Asset Risk Assessment

1. Asset Fundamental Characteristics

1.1 Asset

Superstate Short Duration U.S. Government Securities Fund (USTB) is a highly regulated, separate series of Superstate Asset Trust and a Delaware Statutory Trust. USTB is a private fund under Section 3(c)(7) of the Investment Company Act. USTB is only available to a limited subset of potential investors that meet the criteria outlined in the Private Placement Memorandum. Investors must undergo AML, KYC, and sanctions compliance checks.

USTB targets returns in line with the federal funds rate by investing in short-duration U.S. Treasury securities, securities issued by U.S. government agencies or instrumentalities, and other U.S. government securities. This is executed by USTB’s Sub-Advisor, Federated Hermes, and Sue Hill, a tenured portfolio manager. USTB’s underlying securities are held in custody in the name of the Trust at an Office of the Comptroller of the Currency (OCC) regulated bank, UMB Bank.

image
Source: USTB holdings via Superstate, October 7th, 2024

USTB is audited annually by EY. Daily NAV, transparent holdings, yield, and more are available via the Investor Portal or by visiting Superstate’s website.

1.2 Architecture

image
Source: Sky Tokenization Grand Prix USTB fund allocation flow (replace “Sky” with Aave), October 7, 2024

Once onboarding is complete and the investor is approved, their address is added to the AllowList smart contract. This allows them to mint, transfer, or receive USTB tokens. USTB tokens are minted for the investor upon successful purchase, representing their ownership stake. One share equals one USTB token, and the number of tokens minted is determined by dividing the purchase amount (in dollars) by the Net Asset Value per share (NAV/S) for that market day.

Investors initiate redemption by transferring USTB tokens to the contract address or calling burn(). The amount received is calculated as the number of shares/tokens being redeemed multiplied by the NAV/S on the relevant market day. Investors may choose to receive proceeds in USDC or USD.

A management fee of 0.15% is charged for investment management services provided by Superstate Inc. All management fees are waived until USTB’s Assets Under Management (AUM) exceed $200m

Fund operating expenses include administrative costs, audit expenses, custody fees, financial statement preparation, and USDC services provided by Circle Internet Financial. These expenses are reflected in the Fund’s daily NAV.

1.3 Tokenomics

There are no tokenomics, given that this highly permissioned asset reflects offchain account holdings. Each USTB token (ERC-20) is one share in the Fund, with the number of shares issued/USTB tokens minted equal to the Purchase Amount ($) divided by the Net Asset Value per share (NAV/S) on a given Market Day.

2. Market Risk

2.1 Liquidity

USTB offers T+0 liquidity if redemptions are requested before 9:00 AM EST on a “Market Day” (if the NYSE or Philadelphia Federal Reserve are open, meaning during weekends and U.S. holidays, USTB cannot be withdrawn). This usually results in a T+1 (or greater on holidays/weekends) settlement for the DAO.

2.2 Volatility


Source: Superstate, October 7th, 2024

USTB’s net asset value per share has increased slowly over the year. This is to be expected as a “non-rebasing” asset.

2.3 Exchanges

USTB is exclusively available through Superstate. It is not listed on exchanges.

2.4 Growth

AUM as of October: $114.68M

Nearly 90% of the Fund is tokenized and held on Ethereum.

After a sharp rise from April to mid-June, USTB’s AUM reached its peak (over $120M), and since then, fluctuations have occurred.

image

Source: DefiLlama, October 5th, 2024

3. Technological Risk

3.1 Smart Contract Risk

Built using OpenZeppelin’s PausableUpgradeable, the USTB token implements the ERC7246 standard. The contract features a separate “accounting pause” mechanism that pauses minting and burning operations, specifically, apart from general transfer pausing.

On top of mint and burn functionalities, encumbrance is a feature where tokens are temporarily locked or reserved for a specific address (taker), preventing the owner from transferring or using them until released. Encumbering is subject to checks: the owner must have enough unencumbered tokens, and the owner and taker must have permissions per the AllowList.

The Allowlist contract ensures that only authorized Ethereum addresses that pass KYC/AML checks can hold, transfer, or interact with the token. This is critical to comply with legal requirements. Only the permissionAdmin can update the Allowlist or change permissions, and the contract enforces this restriction with internal checks. At the time of writing, 36 entities are included in the Allowlist.

Smart Contract Audits by:

  1. ChainSecurity - two critical issues evaluated (transferability of encumbered balances, which was fixed by changing the order of operations and permission bypass in transferFrom(), which was fixed by ensuring proper checks on encumbrance and permissions)
  2. Macro - 8 code quality issues, with 4 addressed and 4 acknowledged. Divergences from the EIP-2612 standard could cause integration issues. Recommendations included changing parameter names and updating the expiry check.

There is no bug bounty program.

3.2 Price Feed Risk

USTB in the GSM presents low price feed risk as it is not being collateralized.

USTB Oracle does not directly hold price data; it points to Chainlink AggregatorV2V3Interface contract, which contains the actual price feeds. USTB Oracle interacts with the aggregator phase using methods latestAnswer() or latestRoundData() to provide NAV/S price on-chain.

There is ongoing work on implementing Chainlink’s Proof of Reserves for real-time monitoring of USTB underlying assets.

3.3 Dependency Risk

Reliance on Chainlink’s Oracle network is persistent.

In addition, Fireblocks’ secure key management is used to execute key on-chain administrative functions such as minting USTB tokens and managing the Allowlist. This setup ensures security and compliance by requiring multi-party approval for critical actions. Any failure in the Fireblocks system could delay operations or expose vulnerabilities.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

The Fund is established as a series within the Superstate Asset Trust, a Delaware statutory trust. A Delaware Series Statutory Trust (DST) is a legal framework enabling multiple distinct series formation under a single trust structure. Each series operates independently with its assets, liabilities, and governance, functioning essentially as separate legal entities while remaining under the broader trust umbrella. This organizational model is especially advantageous for investment vehicles as it offers enhanced flexibility in management and heightened liability protection for each series.

A key advantage of utilizing a Series DST is its superior asset protection. By isolating assets within separate series, investors can effectively insulate their investments from risks and liabilities associated with other series within the same Trust. For instance, should one series become subject to litigation or financial distress, the assets held by other series remain protected and inaccessible to creditors. This structure provides a robust safeguard for investors, minimizing cross-liability within the Trust.

The Fund benefits from an exemption from registration with the SEC under Section 3(c)(7) of the Investment Company Act of 1940. To maintain this exempt status, the Fund must comply with stringent criteria, including limiting its investors to “qualified purchasers.” A qualified purchaser typically refers to individuals or entities holding at least $5 million in investments, such as high-net-worth individuals, family offices, or select institutional investors ($25,000,000). Importantly, under Section 3(c)(7), a private fund can accept up to 2,000 beneficial owners while retaining its registration exemption, provided all investors meet the qualified purchaser threshold.

USTB is offered under Regulation D exemption under the Securities Act of 1933. Specifically, Rule 506(c), which is applicable in this case, permits issuers to engage in broad solicitation and general advertising of the offering, provided that all purchasers are accredited investors. The Issuer is also required to take reasonable measures to verify the accredited status of investors, alongside complying with other provisions under Regulation D.

In addition to the U.S. market, USTB is accessible to qualified purchasers in various offshore jurisdictions, including the Cayman Islands, the British Virgin Islands, and Bermuda, as well as any jurisdictions that permit reverse inquiry from qualifying investors.

Superstate Inc., a Delaware corporation, acts as the appointed investment manager for the Trust. While operationally independent, the investment manager’s role differs from that of the Trust. The investment manager assumes responsibility for the day-to-day management of the Trust’s assets and plays a pivotal role in maintaining the Trust’s overall performance in line with investor expectations. This separation allows for professional oversight of the Trust’s operations without requiring direct investor involvement. Despite its operational independence, the investment manager is bound by fiduciary duties, which require it to act in the best interests of the Trust and its beneficiaries.

Superstate Inc. operates as an Exempt Reporting Adviser under the regulatory purview of the SEC.

Source: Adviserinfo SEC, September 18th, 2024

The private fund adviser exemption, as outlined in the Investment Advisers Act of 1940, allows certain advisers to forgo SEC registration, provided they meet specific conditions. To qualify for this exemption, the adviser must exclusively manage private funds and not present itself as a general investment adviser to the public. Moreover, the adviser’s total assets under management for private funds must not exceed $150 million.

4.2 Access Control Risk

The admin has exclusive privileges over several important operations:

  • mint to increase the total supply by minting tokens to any address, as long as the contract is not in a paused state;
  • bulkMint to mint tokens to multiple addresses at once;
  • burn tokens with a specified source address and amount;
  • pause() and unpause() can be used to control general token transfers;
  • accountingPause() and accountingUnpause() control minting and burning operations, pausing them if necessary.

Interaction with AllowList suggests that the admin could influence which addresses can participate in token transfers or other operations.

Access to the key functions of the AllowList contract is strictly limited to the permissionAdmin. This ensures that only trusted users can update permissions or change the Allowlist. Any unauthorized access is blocked using the _requireAuthorized function, which reverts if the caller is not the admin.

AllowList permissionAdmin role is assigned to the same address in control of USTB: 0x8C7Db8A96d39F76D9f456db23d591C2FDd0e2F8a

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Recommendation

While the Fund’s legal structure is firmly rooted in U.S. laws and regulations, and its reliance on established SEC registration exemptions provides a degree of legal certainty, there remains an inherent regulatory risk. This risk is concentrated within the U.S. regulatory framework, particularly given the uncertainty of crypto assets. The inconsistent, at times aggressive, stance of the SEC and other competent authorities towards the crypto industry requires careful navigation regarding DAO engagements with the Fund.

To better navigate the jurisdictional risk exposure, we recommend that AAVE DAO establish a special purpose vehicle (SPV) specifically for allocating assets to Superstate. Such a structure would not only facilitate meeting the onboarding criteria of the Fund but, more importantly, provide the necessary legal isolation between AAVE DAO and the Fund. This approach would enable the SPV to act as a designated intermediary in the transaction(s), ensuring that the DAO’s broader operations remain insulated from the liabilities and regulatory implications of the specific investment.

BUIDL

Asset Risk Assessment

1. Asset Fundamental Characteristics

1.1 Asset

BlackRock’s BUIDL tokenized fund represents an innovation in the digital asset management landscape. Launched in early 2024, this investment vehicle has rapidly ascended to prominence, accumulating $500 million in assets under management (AUM) within a brief timeframe. Its growth trajectory has positioned BUIDL as one of the market’s most valuable tokenized treasury funds, underscoring the increasing appetite for sophisticated digital investment products among institutional and professional investors.

To facilitate the Fund’s complex operations, BlackRock has partnered with Securitize to fulfill the critical role of a transfer agent. Securitize brings its expertise in regulatory compliance and tokenization to ensure the seamless functioning of BUIDL. Securitize.io’s specialized platform for issuing and trading digital asset securities provides an infrastructure for the Fund’s operations, aligning with the evolving regulatory landscape for digital assets.

In parallel with the launch and growth of the BUIDL fund, BlackRock has continued solidifying its position as the world’s largest asset manager. The first quarter of 2024 saw BlackRock’s total AUM soar to $10.47 trillion, a substantial increase from previous reporting periods. This upward trajectory persisted, with AUM surpassing $10.5 trillion by July 2024. BlackRock’s remarkable growth can be attributed to a combination of factors, including inflows into their diverse investment products, with exchange-traded funds playing a particular role in driving this expansion.

Structure

The Fund is established as a British Virgin Islands (BVI) limited company duly registered with the Domestic Financial Services Commission (further details can be found in Section IV). The structure of the Fund includes several key entities, each playing a distinct role in its operation:

  • BlackRock Financial Management (BFM), a Delaware corporation and a wholly-owned subsidiary of BlackRock, Inc., oversees the Fund’s investment activities as an Investment Manager. BFM is a registered investment adviser with the U.S. Securities and Exchange Commission (SEC);
  • Securitize Markets, LLC serves as a non-exclusive placement agent for the private placement of the BUIDL tokens;
  • Securitize, LLC, an SEC-registered transfer agent, functions as the Fund’s transfer agent;
  • Bank of New York Mellon is the Administrator and Custodian of the Fund’s assets.

Upon investment in the Fund, investors receive non-voting, participating Class A Shares with no par value, issued as digital tokens. In the shareholder’s capacity, they are entitled to participate in the company’s assets upon redemption, distribution (if applicable), or liquidation. However, it is important to note that investors do not possess voting control or discretion over the investment decisions made by the fund Manager.

Investment Objective

The Fund’s investment mandate is unequivocally focused and committed to allocating 100% of its assets across a narrow spectrum of highly liquid, short-term instruments. These primarily include:

  • Cash holdings
  • U.S. Treasury bills
  • U.S. Treasury notes
  • Other U.S. government obligations

A characteristic unifying these investment vehicles is their short maturity profile: they mature within a maximum of three months from the date of purchase.

The Fund’s Investment Manager selects securities with minimal credit risk. The Fund reserves the option to invest in one or more government money market funds to enhance its investment flexibility and potentially improve returns. The primary Investment Manager (BlackRock Financial Management) or an affiliated entity must manage these underlying funds. Importantly, these secondary funds must adhere to the same investment principles as the BUIDL Fund, focusing on cash and short-term government securities.

A noteworthy provision in the Fund’s investment policy stipulates that investments in these underlying BlackRock Funds will be equivalent to direct investments in cash and the specified securities to meet the Fund’s 100% investment strategy.

1.2 Architecture

Issuance and Redemption

USD Subscription Process:
Investors looking to subscribe to the BUIDL Fund must first undergo a comprehensive onboarding process facilitated by Securitize, ensuring all KYC/AML requirements are satisfied. The investor signs the BUIDL subscription agreement upon approval and receives detailed funding instructions. The investment must be in USD and transferred to the Fund’s designated account. To be included in the same day’s processing, funds must be received before 2:30 PM ET on any business day. ERC-20 tokens are minted to the investor’s provided wallet address upon successfully receiving the funds. These tokens, however, will be subject to a 24-hour lock-up period before they can be transferred or sold.

USD Redemption Process:
Redemption in USD is a straightforward process for BUIDL investors. Redemptions are facilitated through the Securitize platform or by directly sending BUIDL tokens to the specified redemption wallet. To ensure same-day processing, the tokens must reach the Transfer Agent’s wallet by 3:00 PM ET. The transaction will be processed the following business day if received after this cutoff time. Upon successful transfer and confirmation on the blockchain, the Transfer Agent initiates a wire transfer of USD to the investor’s bank account on record. This process is contingent upon the receipt and proper recording of the BUIDL tokens on the blockchain before the cutoff time.

Sale for USDC via Secondary Market:
Through a secondary market mechanism, BUIDL shareholders can liquidate their holdings by directly selling their BUIDL tokens to Circle in exchange for USDC. The transaction is managed by a smart contract that performs a 1:1 atomic swap of BUIDL for USDC. This facility is available 24/7/365, although it is at Circle’s discretion and not guaranteed. Transactions can be conducted via the Securitize U.I. or directly with the relevant smart contract(s). The exchange is finalized upon confirmation of the transfer of BUIDL tokens and delivery of USDC to the sender’s wallet.

The BUIDL Fund mandates a minimum initial subscription of $5,000,000, with subsequent minimum additional investments set at $250,000. For redemptions, the minimum value must be at least $250,000 unless the investor is conducting a full redemption.

The Fund operates on strict daily cutoffs: 2:30 PM ET for subscriptions and 3:00 PM ET for redemptions. Transactions received after these times will be processed on the next business day.

All transactions, whether for issuance, redemption, or secondary market sales, are subject to stringent compliance checks, including automatic KYC verification and blockchain confirmation.

Fees

BUIDL holders are subject to a “Unitary Fee” covering a broad range of services for managing their investment. It is set at 0.50% per annum of the net asset value (NAV) of the shares held by each shareholder. Notably, suppose the Fund allocates any portion of its assets to BlackRock-managed money market funds. In that case, the Unitary Fee will be adjusted downward by the amount equivalent to the fees and expenses incurred by these underlying funds, ensuring no double-charging fees across the fund structures.

The fee is calculated daily. It is directly deducted from the Fund’s net investment income before this income is distributed to shareholders. In scenarios where the Fund’s net investment income on any given day is less than the accrued Unitary Fee, the fee is automatically reduced to match the available net income for that day.

Yield

BUIDL Fund’s yield is closely aligned with the prevailing overnight repo rate, adjusted for the Fund’s Unitary Fee of 0.50%. As of August 27, 2024, the net yield—after all fees—is approximately 4.85%.

It represents each shareholder’s proportional share of the Fund’s net investment income after fee deduction. The dividend calculation is executed daily for all shareholders who own shares as of 3:00 PM New York time on the day the dividends are declared.

The Fund declares dividends daily, contingent upon the day’s net earnings from investments exceeding the fees charged. The declared dividends are then distributed every month. Specifically, dividends are airdropped to the shareholder’s designated blockchain address on or about the first business day of the following month.

The Fund reinvests Accrued dividends, which issue additional shares and tokens equivalent to the dividend value to the shareholders on the first business day of the subsequent month. This reinvestment occurs unless a shareholder has sold or transferred all their shares before the last business day of the month. In such cases, instead of receiving additional BUIDL tokens, the shareholder will be paid out in U.S. dollars within three business days after the end of the month.

2. Market Risk

Key metrics as of October 5, 2024

Total Token Supply: 537,116,388.95 BUIDL
Holders: 23

2.1 Liquidity

Instant liquidity is available through BUIDL <> USDC redemption buffer. With 100M USDC at launch, the exchange venue has the current capacity to satisfy redemptions of over 84M USDC.

image

Source: BUIDL Dune Dashboard, October 5th, 2024

Secondary liquidity is accessible via market makers (e.g., TokenX) that agreed to trade BUIDL.

Daily mint/redeem data analyzed together with statistics of redemption venues (off-chain vs. on-chain) indicate that even sizeable redemption requests can be easily processed.

image

image

Source: BUIDL Dune Dashboard, October 5th, 2024

2.2 Volatility

n/a

2.3 Exchanges

n/a

2.4 Growth

Since its inception, the Fund has accumulated over 500M in AUM.

image

Source: BUIDL Dune Dashboard, October 5th, 2024

BUIDL is limited to institutional investors only. That explains the low number of token holders. Ondo has a notable share of around 30% of the total BUIDL supply.

image

Source: Etherscan, October 5th, 2024

3. Technological Risk

3.1 Smart Contract Risk

Securitize asserts that it has subjected its contracts to security audits conducted by CoinFabrik and Certik. However, the audit reports resulting from these examinations are not readily available in the public domain. Instead, Securitize has adopted a controlled disclosure policy whereby interested parties may request access to these reports as needed.

In a related matter of significant import, the smart contract facilitating the swap mechanism between USDC and BUIDL tokens has undergone a separate audit process by Halborn. Again, Halborn’s examination findings have not been publicly available.

3.2 Price Feed Risk

No price feed implementation is present in the BUIDL smart contract.

3.3 Dependency Risk

Dependencies revolve around off-chain components of BUIDL design. Yield calculations are performed externally, accounting for daily dividends and distributing them monthly. Instant redemptions depend on the USDC buffer, which is managed and controlled entirely by Circle.

Securitize handles key functions such as investor onboarding, record-keeping, and processing subscriptions and redemptions. Their proprietary protocol enables the on-chain implementation of these functions.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

BlackRock USD Institutional Digital Liquidity Fund Ltd is incorporated under the laws of BVI and registered with the BVI Financial Services Commission as a Professional Fund. To perform a regulated activity, the entity should meet a strict set of requirements imposed by the Securities and Investment Business Act (SIBA):

  • Investment Threshold: A minimum investment of US$100,000 or equivalent in another currency is mandated.
  • Investor Qualification: The Fund is exclusively available to “professional investors,” defined as:
    a) Individuals or entities whose ordinary business involves acquiring or disposing of similar property, whether for their account or others.
    b) Persons who have declared a net worth exceeding US$1,000,000 (or equivalent) and consented to professional investor classification.
  • Risk Disclosure: Regulations necessitate publishing an investment warning explicitly stating that protections applicable to public funds do not extend to professional funds.
  • Valuation Policy: The Fund must maintain a comprehensive and transparent policy for property valuation, with robust procedures ensuring its effective implementation.

In compliance with Mutual Funds Regulations, a professional fund is required to maintain a specific operational structure at all times, comprising:

  • Fund Manager
  • Fund Administrator
  • Auditor
  • Custodian

The Custodian must operate with functional independence from both the Manager and Administrator. The valuation process should be entrusted to the Administrator or another designated entity by the established valuation policy. Concurrently, the Manager or the party responsible for investment decisions must maintain independence from the Fund’s Administrator or the entity overseeing the valuation process.

For fund managers, advisers, administrators, or appointed persons established outside the BVI, registration or licensing within the BVI is not required, provided they maintain no physical presence in the jurisdiction beyond a registered office and agent.

In adherence to regulatory provisions, the Fund has implemented the following structure of third-party entities to fulfill the stipulated functions:

  • Manager: BlackRock Financial Management (BFM) - An SEC-registered investment adviser
  • Administrator: The Bank of New York Mellon
  • Custodian: The Bank of New York Mellon - Given that the same entity fulfills administrative and custodial roles, robust systems and controls are expected to ensure the independence of these functions. The Fund’s custodial relationship with BNY Mellon is protected under the U.S. Securities Investor Protection Act.
  • Auditor: PricewaterhouseCoopers LLP
  • Transfer Agent: Securitize, LLC - An SEC-registered transfer agent and technology service provider responsible for investor onboarding, record-keeping, and processing subscriptions and redemptions.

Securitize’s Terms and Conditions (T&C) constitute an agreement between individual users or company representatives for access to and utilization of the Securitize Website and Platform. Depending on the user’s or institution’s location, Securitize may agree with its E.U. entity (Securitize Europe Brokerage and Markets S.A., supervised by the Spanish Securities Market Commission) or its U.S. entities registered with the SEC (Securitize, LLC/ Securitize Markets, LLC).

Complementing the broad framework established by the T&C, recent BUIDL’s governance applications (Arbitrum STEP, Ethena RWA Allocation) provide additional insights into the Fund’s contractual specifics. Investors must execute two binding agreements: a Master Subscription Agreement (MSA) and a Fund Subscription Agreement (FSA). These documents must be signed by authorized representatives or signatories of the legal entity, Foundation, or DAO, each of whom must undergo mandatory Know Your Customer (KYC) verification. The MSA and FSA are governed by Delaware law, with dispute resolution proceedings to be conducted in New York courts.

Investors are integrated into the Fund’s architecture as BlackRock USD Institutional Digital Liquidity Fund Ltd shareholders. The BVI Business Companies Act, 2004 delineates the fundamental statutory rights associated with shares in BVI companies, which encompass:

  • The prerogative to cast a single vote during company member meetings or on any resolution put forth by the company’s membership;
  • An equitable claim to any dividends distributed by the Act’s provisions;
  • A proportionate entitlement to the company’s surplus assets in the event of distribution.

These statutory rights represent merely a baseline framework. They serve as default provisions without more comprehensive rights and safeguards outlined in the company’s memorandum and articles of association. In this context, BUIDL presents a distinctive offering to potential investors: non-voting, participating Class A Shares issued digital tokens.

Bankruptcy remoteness

The Fund’s architecture is designed to keep investors’ assets bankruptcy-remote from the Fund entity and its officers. A key element of the protective framework is the strategic separation between the Fund and its transfer agent, Securitize. The latter performs the function of issuing securities at the Fund’s direction. Importantly, Securitize neither owns nor custodies the underlying assets, clearly delineating roles and responsibilities.

In the unlikely event of Securitize’s insolvency, the Fund’s operations and investor assets would remain insulated. The role of the transfer agent could be seamlessly transitioned to an alternative provider, ensuring continuity in the ability to redeem shares with the Fund.

Furthermore, the Fund can initiate an orderly wind-down and return funds to shareholders if a suitable successor transfer agent cannot be engaged.

Enhancing the Fund’s protective measures is its custodial relationship with BNY Mellon, which falls under the aegis of the U.S. Securities Investor Protection Act, a federal statute designed to safeguard customer assets in the event of a broker-dealer’s failure.

U.S. Offerings

The Fund leverages the exemption delineated in Section 3(c)(7) of the Investment Company Act of 1940 regarding its registration as an investment company in the United States, particularly concerning offerings extended to U.S. persons.

Certain private investment funds may be exempt from being classified as investment companies, provided they meet specific criteria. This section is particularly relevant for funds that wish to offer securities to U.S. persons while avoiding the regulatory burdens typically associated with public offerings.

To qualify under Section 3(c)(7), a fund must limit its investors to “qualified purchasers,” which are defined as individuals or entities that own at least $5 million in investments. In this way, an assurance is made that only sophisticated investors, presumed to have a greater understanding of the risks involved, can participate in these offerings. Additionally, the Fund must not publicly offer its securities, meaning it cannot engage in general solicitation or advertising to attract investors.

When making offers to U.S. persons, the Fund must have a reasonable belief that all purchasers are qualified. This requirement necessitates thorough due diligence to verify the status of potential investors. The Fund must also comply with the anti-fraud provisions of the securities laws, ensuring that all information provided to investors is accurate and not misleading.

Governance

BUIDL is not subject to DAO governance.

4.2 Access Control Risk

As the transfer agent, securitize maintains a whitelist of eligible investors, ensuring that only individuals and entities who have successfully passed KYC/AML checks are granted access to the Fund. Beyond the baseline KYC/AML requirements, the onboarding process incorporates an additional layer of verification where prospective investors must demonstrate their status as either accredited/qualified or non-US persons.

The implementation of these conditions is facilitated through Securitize’s proprietary D.S. protocol. The D.S. protocol’s architecture incorporates a sophisticated system of roles and permissions. These roles are controlled via multi-permission wallets utilizing Fireblocks infrastructure.

  • MASTER: reserved for contract upgrades, ensuring that the Fund’s smart contract infrastructure can evolve to meet changing regulatory requirements or technological advancements.
  • ISSUER: responsible for the daily issuance of tokens corresponding to new subscriptions, allowing for seamless and efficient processing of investor contributions.
  • TRANSFER AGENT: encompasses critical transfer agent operations such as token burns or freezes, providing necessary controls over the token ecosystem.

Securitize’s Trust Service is integral to the secure and compliant issuance and transferability of BUIDL tokens. It controls the access to and execution of specific functions - for example, only addresses with the ISSUER role can mint tokens.

The Registry Service is the backbone of Securitize’s investor management system. It maintains an on-chain register of all investors eligible to hold BUIDL tokens, ensuring that all token holders meet regulatory and compliance requirements. The registration process involves assigning unique identifiers to investors and recording their relevant attributes, such as KYC status and accreditation level.

In the third place, the Compliance Service validates transactions such as token transfers, issuance, and burning. It checks whether these actions comply with the rules set by the Issuer and the relevant regulations. For example, it can prevent transferring tokens to investors who do not meet certain criteria.

BUIDL contract is a custom proxy implementation of DSToken. Contract Owner: 0xe01605f6b6dC593b7d2917F4a0940db2A625b09e can assign the above-described roles (MASTER, ISSUER, TRANSFER AGENT).

The Issuer has the authority to mint (issue) new tokens by calling issueTokens, issueTokensCustom, and issueTokensWithMultipleLocks. Transfer Agent is trusted to oversee transfer restrictions and handle specific administrative functions such as burning tokens (burn, omnibusBurn) and seizing tokens (seize, omnibusSeize)

Designated addresses for these roles cannot be queried over Etherscan.

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Recommendation

AAVE DAO must be diligent in satisfying the BUIDL onboarding criteria (as outlined by Securitize) incl., providing a clear attestation that no individual or entity has owned more than 10% of the DAO within the past two years, along with a recent smart contract audit dated within the last two years. If audited financial statements are unavailable, the applicant (i.e., the DAO) must provide a quarterly or annual report of its holdings and earnings.

A detailed explanation of DAO funds custody, management, and governance is due, including specifics on the parties responsible for oversight. Clarification on the governance framework for proxy voting (if applied) is also required. The onboarding process may involve additional questions, especially about mitigating AML risks.

Given the complexity of these expectations, AAVE DAO should ensure thorough internal preparation to provide all relevant data and governance structures to satisfy these onboarding conditions.

Should the AAVE community decide to incorporate a dedicated legal entity to act on behalf of the DAO and become an investor in the BUIDL fund, certain factors will be critical in choosing the jurisdiction for incorporation. These include:

  • A jurisdiction strongly committed to developing digital assets and a favorable regulatory environment.
  • Preferably, the entity should have a tax-free status.
  • A “memberless” structure, allowing the entity to operate without being owned by any individual, if possible.
  • Limited liability protection for the managers of the entity.
  • Flexibility in governance through smart contracts, allowing for automation and adaptability.

Aave V3 Specific Parameters

To be provided after discussion with @ChaosLabs

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded partly by the Aave DAO. LlamaRisk is not directly affiliated with the {name} protocol and received no compensation from {name} for this assessment.

The information should not be construed as legal, financial, tax, or professional advice.

1 Like

Thank you to the @ACI for moving this proposal forward. To better integrate Superstate products into the GSM, Aave, and DeFi, we’re implementing critical upgrades to USTB, which we plan to announce soon.

We’re excited to continue working closely with the Aave team and community. Since the successful TEMP CHECK, we’ve had productive discussions with Aave Labs that indicate an alternative design and simpler integration.

Special thanks to @0xSir and @LlamaRisk for their valuable feedback. A few quick responses:

  1. We initially designed this to integrate with BUIDL as it currently exists, which only accepts USD via wire transfer—the original architecture aimed to facilitate easier BUIDL subscriptions through the GSM . Since then, we’ve revised our approach.
  2. Thank you for your detailed analysis of USTB. Instead of utilizing an SPV, it’s possible that Avara or Aave Labs could onboard on behalf of the DAO.

With major upgrades and cross-team collaboration in mind, we’d like to “pump the brakes” on this proposal for now. We’ll be back with more updates soon.

5 Likes

We are actively monitoring the situation and will share our thoughts once this proposal moves forward in the governance process.

1 Like

We appreciate this initiative and are eager to engage in discussions that will help extend the RWA assets integration within the GHO ecosystem.

As highlighted in our recent discussion on Temp Check: BUIDL GSM, ensuring atomic execution of asset swaps for both buy and sell operations is vital. This approach guarantees that users receive the swapped asset instantly within the same transaction, preserving the seamless flow of user interactions. In the case of USTB, neither atomic subscriptions nor redemptions are available yet. Aave Labs is actively engaged in discussions with the Superstate team to address this feature.

On the other hand, our approach considers implementing several instances of GSM, each dedicated to a specific RWA asset. Although balancing of assets will not occur automatically, the Aave DAO can manage its risk exposure to each RWA asset and incentivize allocation and usage by adjusting the fee structure associated with each GSM. This approach will help the DAO accommodate changes from technical and risk perspectives as the RWA space evolves, while ensuring flexibility to adapt to new developments and opportunities.

We are committed to keeping the community informed and will provide updates on our progress in the coming weeks.

1 Like