[Direct to AIP] Onboard BTC.b to Aave V3 Core Instance

Author: ACI

Date: 2025-11-04

–

Risk Parameters updated by Risk Service Providers 2026-03-20

Summary

This proposal seeks to onboard BTC.b to the Aave V3 deployment on the Core Instance.

As the onboarding of BTC.b has already been approved and executed on the Avalanche Aave V3 instance, this proposal follows the Direct-to-AIP path to extend BTC.b support to the Core instance.

Motivation

BTC.b is a liquid bridged Bitcoin token originally established by Ava Labs and recently transitioned to Lombard’s technical infrastructure, offering users access to native BTC liquidity while maintaining DeFi composability. The migration to Lombard’s architecture preserves token addresses, ensures full continuity for existing integrations and users, and enhances scalability and security. Its integration on Aave V3 Avalanche has proven successful in terms of risk profile and utility.

Given that BTC.b has already passed governance and risk assessments for the Avalanche Instance, and Lombard’s technical infrastructure has also been approved through onboarding of LBTC on the Core Instance, this proposal aims to onboard BTC.b to the V3 Core Instance under the same configuration parameters used for Avalanche, adjusted for market conditions where appropriate.

Specification

Useful Links

BTC.b mainnet token contract: Address: 0xB0F70C0b...106817072 | Etherscan

BTC.b Documentation: https://docs.lombard.finance/lbtc-liquid-bitcoin/btc.b-bridged-bitcoin

BTC.b FAQ: https://docs.lombard.finance/frequently-asked-questions/btc.b-faq

Disclaimer

This proposal is powered by Skywards. ACI is not directly affiliated with Lombard Finance and did not receive compensation for creation of this proposal.

Next Steps

1. Publication of the proposal (current stage) collect community & service providers feedback.
2. Publish an AIP vote for final confirmation and enforcement of the proposal.

Copyright

Copyright and related rights waived under CC0.

BTC.b is currently only live on Avalanche, with its Ethereum deployment and broader cross-chain expansion still pending. The asset was acquired by Lombard Finance from Ava Labs in October 2025 and is currently undergoing a migration process that includes testing and security audits. Post-migration, BTC.b will transition from the existing Avalanche Bridge SGX enclave-based key system to Lombard’s security model (previously assessed during the LBTC onboarding), while maintaining the same token address on Avalanche. Because the BTC.b token contract on Avalanche is immutable, a new AssetRouter contract will be introduced to handle withdrawals under the updated design, according to the preliminary technical details shared in Lombard’s blog.

LlamaRisk will provide a comprehensive assessment once full details are available, following the completion of the Avalanche-side migration and the Ethereum token deployment, which are expected to be done in Q4 2025. Optionally, the DAO may consider pausing the BTC.b market on Avalanche during the brief migration window to maintain protocol safety, although Lombard has indicated that existing protocol integrations will remain unaffected.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Please read my post about the cencoring of btcs on Lombards bridge:

As per our review, Lombard’s Terms are drafted to permit Lombard to implement and enforce mixer-related compliance controls based on risk signals alone, without needing to establish that a user “actually used” a mixer. The breadth of the “Prohibited Uses” construct provides Lombard with strong contractual discretion to treat mixer exposure as an AML/sanctions risk-management trigger. Practically, however, any such measures are constrained to what Lombard controls (i.e., the front-end and Lombard-operated features) and cannot extend to altering or reversing the underlying on-chain protocol state.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work. The information provided should not be construed as legal, financial, tax, or professional advice.

Summary

Following the successful migration of BTC.b to Lombard’s security model, LlamaRisk supports onboarding BTC.b to the Aave V3 Core Instance. BTC.b on Ethereum is currently backed by approximately $13M in DEX liquidity, entirely protocol-supplied by the Lombard team, which mitigates the risk of abrupt liquidity removals, as it is not subject to the typical flight dynamics of third-party LPs. While the current circulating supply stands at ~32 BTC ($2.1M), this is consistent with the asset’s recent launch on Ethereum and is expected to grow as the ecosystem matures and bridging activity increases.

BTC.b on Ethereum benefits from robust administrative safeguards. Contract upgrades are subject to a 1-day timelock enforced via LombardTimeLock, with the executor role controlled by Lombard’s 3/5 Safe multisig. The protocol maintains an active bug bounty program, and the most recent audits have not surfaced any critical or high-severity findings. On the fee side, BTC.b carries a modest mint fee of 29 satoshis (~$0.02) and a flat redemption fee of 10,000 satoshis (~$6.50) for withdrawals to native BTC, both of which are negligible relative to typical transaction sizes. Taken together, these factors suggest that BTC.b presents a manageable risk profile for integration into Aave. However, continued monitoring of supply growth and liquidity depth will be prudent as the asset establishes itself on Ethereum.

1. Asset Fundamental Characteristics

1.1 Asset

According to the Aave Asset Class Allowlist (AAcA), Cross-chain Bitcoin (BTC.b) is classified as a bridged BTC wrapper, and assets of this category have already been approved for use on Aave. BTC.b is an ERC20 token on Ethereum, Avalanche, Katana, MegaETH, Monad, and Stable, backed 1:1 by BTC. It was established in 2022 by Ava Labs and later acquired by Lombard Finance in October 2025 to expand its product suite and offer a non-yield-bearing Bitcoin asset alongside its yield-bearing LBTC counterpart.

At present, approximately 3,566 BTC.b of the total 3,632 (~$238M) supply resides on Avalanche, while only 32.43 BTC.b ($2.1M) is issued on Ethereum. This highlights that the vast majority of supply remains on Avalanche, with Ethereum representing a relatively small and early-stage share of total circulation.

1.2 Architecture

BTC.b on Ethereum is built on Lombard Finance’s NativeLBTC infrastructure. The AssetRouter contract acts as the canonical entry point for deposits, redemptions, and payload routing. It maintains per-token configuration, including redemption fees (redeemFee+ toNativeCommission), mint fee caps, and oracle references. For cross-chain transfers, BridgeV2 enforces a burn-and-mint bridging logic: outbound transfers burn tokens and dispatch a message via the Mailbox (a GMP abstraction layer), while inbound messages are finalized as mints only after they are accepted.

image1920×1080 136 KB

Lombard’s trust architecture rests on three components.

• The Consortium contract is an epoch-based weighted multi-signature verifier: it maintains a validator set per epoch, where each validator has an address and a weight. When a proof-based mint is submitted, the contract decodes an array of ECDSA signatures, sums the weights of matching signers, and reverts if the total weight falls below the threshold. Validator set rotations are themselves consortium-attested; setNextValidatorSet requires a valid proof from the current epoch’s validators, ensuring the quorum cannot be unilaterally changed. The Lombard Security Consortium consists of the following 15 independent digital asset institutions.

image1654×943 95.7 KB

• The Bascule drawbridge provides independent verification: when enabled, every proof-based mint must also pass validateWithdrawal(depositID, amount), confirming the Bascule has independently observed the corresponding Bitcoin deposit. Currently, this address is set to null, meaning the Bascule check is disabled.
• Cubist CubeSigner underpins the key management layer, providing HSM-backed signing where key material is never exposed to operators and signing is constrained by policy.

Fee

The fee structure operates across multiple layers. For minting, there is a flat fee cap (maximumMintCommission) stored per-token in the AssetRouter’s TokenConfig, currently set to 29 satoshis (~$0.02). For redemptions (burning BTC.b to receive BTC), the AssetRouter deducts a flat redeemFee of 0 (in satoshis) from the burn amount before processing. An additional toNativeCommission of 10,000 satoshis ($6.5) is applied through the Validation.redeemFee calculation during redemption to BTC. The mint fee cap is adjustable by the operator, currently an EOA, while redemption fees (redeemFee and toNativeCommission) are governed by the AssetRouter’s admin, the LombardTimeLock contract.

1.3 Tokenomics

The total supply of BTC.b is variable and expands or contracts based on user-driven bridging of native BTC. On Ethereum, the circulating supply currently stands at 30.45 BTC.b, held across just 29 unique addresses, indicating a still-nascent holder base.

In contrast, the majority of BTC.b supply resides on Avalanche, with approximately 3,566 BTC.b outstanding. Smaller allocations exist on other networks, including Monad (23.42), MegaETH (15.37), Stable (10.78), and Katana (7.82), bringing the aggregate cross-chain supply to ~3,659 BTC.b.

1.3.1 Token Holder Concentration

image910×360 38.1 KB

The top 3 holders of BTC.b are:

• Curve BTC.b/cbBTC pool: 65.83% of the total supply.
• Uniswap V4: 24.73% of the total supply.
• Lombard BTC Vault: 9.42% of the total supply.

The top three holders collectively control 99.98% of BTC.b’s total supply on Ethereum, reflecting a highly concentrated ownership structure. Meanwhile, approximately 90% of the circulating supply is held on DEXs, supporting deep on-chain liquidity and facilitating efficient trading.

2. Market Risk

2.1 Liquidity

image1966×1176 149 KB

Users can swap 187 BTC.b for $12.27M USDC within a price impact of 7.5%.

2.1.1 Liquidity Venue Concentration

image1979×1178 113 KB

On-chain liquidity for BTC.b on Ethereum is concentrated across two recently deployed pools: Uniswap V4 BTC.b/WBTC ($10.97M TVL) and Curve BTC.b/cbBTC ($2.62M TVL). Both of these pools were seeded with liquidity this month, with the majority added on February 9, 2026. The majority of this BTC.b liquidity is sell-side, totaling ~180 BTC ($11.9M), consistent with the price slippage chart, which shows a cliff beyond $12M in trade size.

2.1.2 DEX LP Concentration

BTC.b liquidity on Ethereum is highly concentrated, with the Lombard team accounting for nearly 100% of the DEX liquidity across pools. This reflects a near-exclusive reliance on a single liquidity provider at the current stage of market development. Below is the breakdown (as of February 23, 2026):

• Uniswap V4 BTC.b/WBTC: Lombard BTC Vault is the top supplier, with a near-100 % share of the pool’s liquidity.
• Curve BTC.b/cbBTC: Lombard BTC Vault is the top supplier with nearly 100% share of the pool’s liquidity.

2.2 Volatility

image1687×826 33.3 KB

BTC.b has consistently maintained its 1:1 peg to BTC across secondary markets and is currently trading at a modest 26-basis-point (bps) premium.

2.3 Exchanges

BTC.b is exclusively traded on DEXs and is not currently listed on any centralized exchange.

2.4 Growth

image1978×1178 117 KB

BTC.b, following its migration and deployment on Ethereum, has seen upward growth since late October 2025. As of February 23, the circulating supply on Ethereum stands at 32.43 BTC.b, representing a ~24% drawdown from its early-February peak. A closer inspection of the supply chart indicates that these changes were largely driven by a small number of sizable single-mint-and-burn transactions, rather than gradual organic inflows or outflows, suggesting that activity on Ethereum is still in the early stages and continues to scale post-deployment.

3. Technological Risk

The BTC.b technological risk on Ethereum, including smart contract risk, bug bounty program, and dependency risk, remains unchanged since our BTC.b MegaETH onboarding review and is excluded here for brevity, as no new contracts have been deployed, and the underlying architecture remains identical.

4. Counterparty Risk

4.1 Governance and Regulatory Risk

The operational setup has evolved since our previous review of Lombard Finance. A Cayman foundation has been established to act as the steward of the Lombard Protocol, oversee initiatives, and own Lombard Finance Ltd., a Cayman limited entity and the developer of the Lombard Protocol. The company acts as operator of the DAO and DAO-related activities for the Lombard Protocol and its products.

Lombard’s Terms of Service set out the services rendered by Lombard Finance Ltd., namely providing access to and use of the Lombard Finance website and/or the website-hosted user interface available at lombard.finance (the “App”), as well as certain features contained on the Website and in the App. Lombard states that it is not acting as a broker, financial institution, or creditor, and that the Services are provided only as an administrative platform. Lombard Finance is not authorised or regulated by the UK Financial Conduct Authority. Protections provided by the UK regulatory system will not be available to users when using Lombard.

As per our review, Lombard’s Terms are drafted to permit Lombard to implement and enforce mixer-related compliance controls based solely on risk signals, without requiring proof that a user “actually used” a mixer. The broad Prohibited Uses definition gives Lombard ample contractual cover to treat mixer exposure as an AML/sanctions risk-management measure. Importantly, there is a practical limitation to such measures: Lombard can only police what it controls (the front-end and Lombard-run features), not the underlying on-chain Protocol state.

The Lombard team relies on legal counsel across various jurisdictions (the US, Europe, and Singapore), which has advised on BTC.b’s legal implications and regulatory compliance. According to the team, because BTC.b is simply a wrapped asset, no regulatory blockers have arisen.

While BTC.b is offered as a tokenised representation of native Bitcoin, certain structural features carry distinct regulatory implications, particularly in the US and the Cayman Islands. The assumptions below are set out for the purpose of testing the asset’s regulatory exposure.

In the US, native BTC is widely accepted as a commodity under CFTC jurisdiction. However, viewed through a conservative regulatory lens, BTC.b may be seen as having an identifiable issuer (Lombard), a consortium-based minting apparatus, and cross-chain bridging infrastructure that, collectively, may satisfy the “investment contract” prong of the Howey test. A key mitigating factor is that BTC.b does not generate yield, which weakens the “expectation of profits from the efforts of others” element.

In the same vein, BTC.b’s permissionless minting and redemption mechanism—where users deposit native BTC and receive BTC.b tokens across multiple chains—may constitute a money transmission service under FinCEN’s definitions.

In the Cayman Islands, BTC.b, as a 1:1 wrapper of a commodity with no yield or governance rights, is unlikely to qualify as a security. However, if the wrapper were recharacterised as a derivative of BTC (because it derives its value from the underlying), the SIB Act definition could apply. The 2026 amendments clarifying that tokenised fund interests do not require VASP licensing may provide some analogical support for non-securities treatment.

Strong mitigating factors observed include the absence of yield generation (BTC.b does not offer staking rewards or yield) and the US regulatory shift, which creates a more permissive environment for commodity-adjacent crypto assets. Furthermore, we remain in close contact with the Lombard team, focusing on their regulatory compliance strategy and the regulatory exceptions they rely on in the jurisdictions mentioned.

4.2 Access Control Risk

4.2.1 Contract Modification Options

Here are the wallets controlling BTC.b on Ethereum:

• LombardTimeLock: Admin and owner of the BTC.b contract.
• Multisig1: Lombard-controlled 3/5 Safe, holds executor/proposer/canceller roles of the LombardTimeLock contract and can pause the BTC.b contract.

The following contracts power the BTC.b architecture on Ethereum:

• BTC.b: Upgradeable ERC20 contract for the BTC.b token controlled by LombardTimeLock.
• AssetRouter: Upgradeable contract, handles deposit/redemption orchestration and fee accounting.
• BridgeV2: Upgradeable contract, handles bridge execution for burn-and-mint transfers.
• LombardConsortium: Upgradeable contract, epoch-weighted multi-signature verifier.

A role-based access control mechanism is employed for BTC.b to manage sensitive functions:

4.2.2 Timelock Duration and Function

A 1-day (86400 seconds) delay has been implemented for BTC.b contract upgrades via the LombardTimeLock.

4.2.3 Multisig Threshold / Signer identity

Lombard controlled Multisig1 (3/5 Safe) holds is the executor of the LombardTimeLock contract, which has the following role-based access control:

The 3/5 Safe Multisig1 has the following signers:

• 0xd7B78BF124eB327F23f75F5C49De0c3fa5d2265A
• 0x116744098070508c080B120A555B5453422b66eF
• 0x70B9b04b19D9015EfBe1db37BBe30Dd304737950
• 0xd775959eb15f6DfF24A267f988F6c2E2f769DeDa
• 0xDD48B7cfd0c2256E008B7C690Fbe47ca77CD6071

Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.

Aave V3 Specific Parameters (BTC.b)

Final recommended parameters will be coordinated with @ChaosLabs

Price feed Recommendation

We recommend using the Chainlink BTC/USD feed to price BTC.b on Aave V3 Core.

Disclaimer

This review was independently prepared by LlamaRisk, a DeFi risk service provider funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Overview

Chaos Labs recommends listing the asset on the Ethereum Core instance, subject to the implementation of an accurate Proof of Reserve. While BTC.b is already listed on the Avalanche instance, the recommendation has been made under a different infrastructure configuration. In October 2025, Lombard acquired BTC.b with the intent to partially upgrade its infrastructure and integrate it into its broader product suite. The announcement has outlined substantial changes to the smart contract implementation on the BTC.b hosting networks, along with upgrades to the underlying reserve structure. In this analysis, we explore the changes that have been enacted during the transition.

Technical Architecture

BTC.b is a wrapped Bitcoin token originally launched in 2022 by Ava Labs. It had broad DeFi integrations on the Avalanche chains, including Aave deployment, at the time of its acquisition by Lombard Finance in October 2025.

The asset operates as a permissionless, non-custodial BTC representation on EVM chains. Users deposit native BTC on the Bitcoin network and receive BTC.b on supported chains at a 1:1 ratio. Reserve integrity is verified on-chain via Chainlink Proof of Reserve, with an independent confirmation layer provided by Cubist Bascule.

In terms of current supply distribution, the asset remains heavily concentrated on Avalanche, where it first launched, and its total circulating supply is approximately 3,477 BTC.b.

image1225×547 59.7 KB

The fee structure of BTCB.b is minimal by design: minting carries a flat fee cap (currently equivalent to approximately 29 satoshis, or ~$0.02), while redemptions apply a flat burn-side fee of 0 satoshis plus a commission of 10,000 satoshis (~$6.50) to cover BTC-side transaction costs.

The system’s security model rests on three independent components operating in concert:

The Lombard Security Consortium is a CometBFT-based coordination layer operated by 15 independent digital asset institutions. Members include OKX, Galaxy, DCG, Wintermute, Amber Group, Figment, P2P, Kiln, Kraken, Antpool, and F2Pool, among others. The Consortium contract functions as an epoch-based weighted multi-signature verifier: each validator holds an address and a weight, and proof-based mints require aggregated ECDSA signatures meeting a two-thirds quorum threshold. Validator set rotations are themselves consortium-attested, preventing unilateral changes to the signer set. BTC deposits are accepted after 6 confirmations.

Cubist CubeSigner underpins key management, providing HSM-backed signing where key material is never exposed to operators and all signing actions are policy-constrained.

Cubist Bascule Drawbridge serves as an independent verification layer, confirming that BTC deposits are observed on-chain before authorizing mints, and verifying token burns before authorizing BTC payouts on redemption. Note that, as of recent configurations, the Bascule check address is set to null on Ethereum, meaning this verification layer is currently disabled on that deployment.

A Trustless Relayer automates monitoring and operational execution steps but is scoped to operational roles only, with no elevated privileges.

Reserves and Backing

Before the acquisition of BTC.b by Lombard, a proof of reserves for the asset had existed, which outlined the BTC locked on the Bitcoin network associated with BTC.b backing. The dynamics can be observed in the upper section of the attached plot. On January 28th Lombard team has effectively migrated the reserves from bc1q…9u90 to bc1q…zuke.

image (1)2876×1434 268 KB

As the transition of reserves finalized, the question regarding the separation of said reserves with regard to Lombards distinct products became central, as the assets exhibit substantially different risk profiles. Specifically, LBTC represents staked BTC, while BTC.b does not imply similar staking-specific risks. Therefore, the question of the separation of reserves presents a central issue in our assessment.

Reserve Segregation

In order to independently assess the composition of Lombard reserves with respect to staking activity, we have used the Proof-of-Reserve contract on Base, which exposes the list of bitcoin addresses and respective owner public keys. Using getPoRAddressListLength() we identified the total number of bitcoin addresses and collected relevant addressStr and rootPkId utilizing the getPoRAddressSignatureMessages function. The resulting set has contained approximately 27,000 unique bitcoin addresses and 2 distinct root public key ids. The verified cumulative sum of the addresses’ balances matched against the Proof-of-Reserve. Nevertheless, this confirmation speaks only to the totality of reserves and does not, in itself, provide insight into their composition; whether BTC.b and LBTC reserves are held in segregated addresses or share a common pool. The latter scenario would imply that a portion of the BTC nominally backing BTC.b could be actively staked on Babylon which would contradict BTC.b’s expected risk profile.

We used the known migration address bc1q…zuke, which, as mentioned previously, has received the consolidated BTC.b reserves on January 28th during the transition to Lombard architecture, as a primary anchor to identify the majority of reserves attributable to the BTC.b backing. The fact that approximately 3385 out of 3542 BTC.b reserves were allocated in a single address directly implied that the remaining BTC.b reserves, if any, would be distributed across a relatively small number of additional addresses. This substantially narrowed the problem: any address in the reserve pool carrying a balance exceeding 200 tokens could be directly attributed to LBTC staking activity rather than BTC.b backing.

image (2)1986×784 44.9 KB

To further validate this attribution, we cross-referenced the large reserve addresses against the voting power of Lombard-associated finality providers on the Babylon protocol. Finality providers publish their aggregate delegated BTC as voting power, which we matched against the balances of addresses exceeding the 200 BTC threshold. The aggregate voting power of Lombard-associated finality providers aligned with the balances of these addresses, confirming that they are actively participating in Babylon staking and are attributable to LBTC exclusively.

As the table illustrates, the observed balances across identified address sets align closely with the voting power reported by each Lombard-associated finality provider, with discrepancies of less than 1 BTC in all cases. The BTC.b reserves are concentrated across 4 addresses totaling approximately 3,556 BTC, consistent with the reported supply. The remaining large-balance addresses map cleanly to individual Lombard staking providers, with the residual addresses collectively accounting for the 363 BTC attributed to the Lombard Finance finality provider. Taken together, this confirms that BTC.b and LBTC reserves are not commingled. While directly verifying the staking status of individual Bitcoin addresses is non-trivial, the conclusion follows from a simpler observation: the aggregate voting power across all Lombard-associated finality providers is fully accounted for by the identified LBTC reserve addresses, leaving no residual delegation capacity that could implicate the BTC.b reserve addresses. The BTC collateralizing BTC.b is therefore demonstrably unstaked, consistent with its intended design and backing.

Mint and Redeem

BTC.b exists on two chains under distinct contract architectures. On Ethereum, BTC.b (0xB0F7...7072) is Lombard’s NativeLBTC contract, an upgradeable ERC-20 with Consortium proof validation, redemption logic, and role-based mint/burn authority. On Avalanche, BTC.b (0x152b...3E50) is the legacy Avalanche Bridge token with a bridgeRoleAddress pattern, where a single address, specifically Lombard’s BridgeTokenAdapter (0x85D1...e4d2), holds mint and burn authority. Both chains share a common infrastructure layer: the AssetRouter (0x9eCe...021ac), the Mailbox (0x9646...3fc0), and the Lombard Consortium’s off-chain Ledger. A keeper EOA (0xCd1b...c01b) batches most mint operations on both chains.

Three distinct domains produce mint and redeem transactions for BTC.b:

1. Native Bitcoin deposits/withdrawals,
2. Internal Lombard asset conversions between BTC.b and StakedLBTC (LBTC
3. Cross-chain transfers via Chainlink CCIP

Native BTC Minting

The primary minting path on both chains is direct, after a user deposits BTC on Bitcoin L1 to a pre-specified address, Lombard’s validates a deposit proof, and BTC.b is minted.

On Ethereum, the keeper calls batchMintV1WithFee(bytes[] payload, bytes[] proof, bytes[] feePayload, bytes[] userSignature) directly on the BTC.b token contract. Each payload encodes a BTC deposit record; the contract validates the Consortium proof, confirms the mint through the Bascule drawbridge (0xC3ec...38eD), and mints BTC.b to the depositor. A mint commission, which is capped by a configurable maximum and confirmed the user, is deducted and routed to the Lombard treasury (0x251a...4892). Users can also submit proofs themselves via mintV1(bytes payload, bytes proof) without a keeper. The MintProofConsumed payload contains the BTC deposit txid, confirming the deposit. On Avalanche, the same flow routes through the BridgeTokenAdapter contract. The keeper calls batchMintV1(bytes[] payload, bytes[] proof) on the adapter, which validates the Consortium proof, confirms via the Bascule (0x10fa...23ad), and calls mint() on the BTC.b token using its mint authority.

Native BTC Redemption

Redemptions to the Bitcoin network follow different paths on each chain but converge on the same infrastructure: the AssetRouter contract dispatches a GMP message through the Mailbox to the Lombard Ledger’s Assets module, the Consortium authorizes custody release, and native BTC is sent to the user’s specified Bitcoin address.

On Ethereum, the user calls redeemForBtc() directly on the BTC.b token contract, which internally delegates to the AssetRouter. The event traces show MessagePaid and MessageSent on the Mailbox, a Transfer minting a neglibile fee to the Lombard treasury, and a Transfer burning BTC.b from the user. On Avalanche, the users call redeemForBtc directly on the AssetRouter, with fromToken set to the BridgeTokenAdapter (0x85D1...).

The difference in interfaces reflects the underlying contract architecture. On Ethereum, Lombard deployed BTC.b from scratch inheriting functionality from NativeLBTC with role-based access control (MINTER_ROLE granted to multiple addresses) and a native redeemForBtc() that delegates internally to the AssetRouter. On Avalanche, BTC.b is an immutable contract token with a single bridgeRoleAddress that holds exclusive mint and burn authority, Lombard’s BridgeTokenAdapter now occupies that role. Users therefore call redeemForBtc on the AssetRouter (with fromToken set to the BridgeTokenAdapter), and the adapter exercises its bridgeRoleAddress authority to execute the burn on the user’s behalf.

BTC.b and LBTC Conversion

The AssetRouter also mediates conversions between BTC.b and StakedLBTC via the Lombard Ledger’s BTC Staking module (0x89E3...C23A). Such operations typically occur in two steps: the user burns one asset, and a GMP message is sent to the Ledger, which produces a release message that a keeper (or the user) subsequently delivers to mint the other asset.

To swap BTC.b into LBTC the user calls deposit on the AssetRouter with toToken set to the LBTC contract. BTC.b is burned and a GMP message is dispatched to the Ledger’s BTC Staking module. The Ledger processes the conversion and produces a release message, which the keeper delivers via batchMintWithFee on the AssetRouter to mint LBTC. The user deposits BTC.b in 0x8dfb...476a , where BTC.b is burned, MessageSent is emitted to the module, MessageDelivered also is emitted by the same module 0x89E3..., and finally, LBTC is minted to the same user.

To perform an inverse operation users call redeem on the LBTC contract, which routes through the AssetRouter to burn LBTC and send a GMP to the Ledger. The Ledger produces a BTC.b release message, delivered via mint or batchMint on the AssetRouter.

Additionally, two redeemForBtc calls were observed on the Ethereum AssetRouter (0x97a7b6f1..., 0xc7e85c29...), both with fromToken = LBTC. These are direct LBTC to native BTC redemptions bypassing BTC.b entirely, routing through the same Assets module (0x8BF7...) used for BTC.b redemptions. Notably, no BTC.b to native BTC redemptions have ever been processed through the Ethereum AssetRouter.

Cross-chain bridging via Chainlink CCIP

BTC.b can be bridged between Ethereum and Avalanche via Chainlink CCIP. Such transactions typically originate with the user calling ccipSend on the chain’s CCIP Router. The token flows through a 4-hop burn path: User → LombardTokenPool → BridgeTokenAdapter (Avalanche only) → BridgeV2 (0x451c...0A2D) → burn. Additionally, two parallel messaging systems process the transaction: CCIP carries the cross-chain token message, while BridgeV2 simultaneously sends a Lombard GMP message through the Mailbox to the destination chain’s BridgeV2 to keep bridge state in sync. The payloadHash is identical on both chains, linking the operations. On the destination, the Chainlink DON calls transmit on the OffRamp, which routes through the LombardTokenPool to deliver the Lombard GMP and mint BTC.b.

Risk Parameters

The risk parameters proposed for BTC.b on the Core instance are derived from those currently active on the Avalanche instance, where the asset has accumulated approximately 2,400 BTC in supplied reserves. Given that BTC.b continues to represent a fully-backed, non-staked bridged claim on Bitcoin, the transition to Lombard’s infrastructure does not materially alter the asset’s underlying risk profile. The reserve structure remains intact, as confirmed by our analysis above, and the smart contract changes introduced by Lombard have been subject to independent security audits. Accordingly, we propose an LTV of 70.00%, a Liquidation Threshold of 75.00%, and a Liquidation Penalty of 6.50%.

Liquidity

At the time of writing a sell order of 170 BTC.b for USDT would incur a conservative slippage of 2%. The majority of BTC.b exit liquidity is currently allocated across a Uniswap v4 pool , Curve V2 pool with respective TVLs of $11.8 and $2.5 million.

Pricing

We recommend pricing BTC.b using a BTC/USD price feed, consistent with the oracle configuration used for other BTC-denominated assets on the Aave V3 Core instance. Given that BTC.b represents a 1:1 bridged claim on Bitcoin, no additional exchange rate adapter is required.

Specification

Disclaimer

Chaos Labs has not been compensated by any third party for publishing this recommendation.

Copyright

Copyright and related rights waived via CC0