USD Coin (USDC) on Aave Monad Assessments

This thread is the home for all risk and technical assessments of USD Coin (USDC) on Aave Monad.

It collects, in one place:

  • The pre-listing asset risk assessment, under the Aave Risk Framework.
  • The pre-listing technical asset assessment, under the Technical Asset Listing Framework.
  • All post-listing monitoring reports, periodic refresh assessments, and any re-evaluations triggered by material changes.

New assessments and updates will be posted as replies below as they are produced, so the full history stays in a single thread.

[Asset Technical Assessment] USDC on Aave V3 Monad

Author: Aave Labs

Date: 2026-06-30


Summary

Technical assessment of USDC (USD Coin) for onboarding to Aave V3 Monad, following the Technical Asset Listing Framework.

Overall result: :yellow_circle: MEDIUM :yellow_circle:

USDC on Monad is the genuine, native Circle stablecoin: the deployed code is byte-for-byte the audited FiatTokenV2_2, a live Chainlink USDC/USD feed is present and fresh, and the only cross-chain inflow is Circle’s Cross-Chain Transfer Protocol (CCTP V2), a correctly wired burn-and-mint route with no under-collateralised escrow. The asset is functionally sound. The principal consideration is that the most powerful authorities (the upgrade key, the minting authority, the pauser, the blacklister, and the equivalent CCTP roles) are concentrated in single Circle-controlled accounts with no on-chain timelock, which is Circle’s standard, by-design operating posture for a centrally issued, fully reserved fiat stablecoin.

Listing Recommendation

From a technical standpoint, USDC on Aave V3 Monad is technically eligible for listing, with conditions. Circle controls minting, burning, pausing, blacklisting, and contract upgrades through its own key management, which is the standard managed-control posture for this asset class. Two non-blocking recommendations to the issuer are noted: (a) migrate the upgrade authority and the other critical roles behind an on-chain timelock or multisig as a hardening measure to revisit as exposure to the asset grows; and (b) adapt and reduce the per-minter mint allowances to the asset’s circulating supply on each chain. Neither is a blocker for an initial listing.

Asset under review

Field Value
Asset USD Coin (USDC)
Target chain Monad (chain ID 143)
Target market Aave V3 Monad
Token contract 0x754704Bc059F8C67012fEd69BC8A327a5aafb603
Native to target chain? Yes. Native Circle issuance; new supply arrives through Circle’s own minting and through Circle’s CCTP V2, with no third-party bridge wrapper.
AAcA classification Stablecoin (fiat-backed)

USDC is Circle’s fully reserved, US-dollar-pegged stablecoin. On Monad it is the standard Circle FiatTokenV2_2 contract, an upgradeable token through which Circle controls minting, burning, pausing, blacklisting, and upgrades. Its value is anchored to $1.00 and backed by Circle’s off-chain reserves, with the on-chain token representing a claim on those reserves.

0. Pre-screening

USDC is deployed on Monad at 0x754704Bc…b603 as an upgradeable proxy, with the implementation at 0xbd520ea8…800b6d. The on-chain identity reads as a genuine Circle FiatToken (name and symbol USDC, six decimals, currency USD) and falls in the fiat-backed stablecoin class, which is not a non-approved or sanctioned category. A single canonical USDC address exists on Monad, with no competing native or bridged variant. The deployed implementation runtime bytecode is byte-identical to Circle’s audited FiatTokenV2_2, so there is no implementation rotation away from the audited version to track.

Rating: :green_circle: GOOD :green_circle:

1. ERC20 Compliance

USDC on Monad is Circle’s FiatTokenV2_2 with six decimals: transfer() and transferFrom() return bool, with no fee on transfer, no rebasing, no ERC777 or ERC1363 hooks, and no flash mint. The only transfer restriction is Circle’s blacklist, which blocks named accounts rather than smart contracts generally, so contracts can otherwise hold and transfer the token freely. Six decimals sits within Aave’s accepted band and needs no precision adjustment.

Rating: :green_circle: GOOD :green_circle:

2. Oracle

A live Chainlink USDC/USD feed exists on Monad with 8 decimals and a 1-hour heartbeat. At review the feed was fresh, with the latest answer well inside its heartbeat, so the price reference is usable for parameterisation.

Rating: :green_circle: GOOD :green_circle:

3. Access Control

USDC follows Circle’s standard Ownable and role-setter pattern, with the token owner able to rotate the master-minter, pauser, and blacklister roles. The upgrade authority (the proxy admin), the token owner, the master-minter owner, the pauser, and the blacklister are each single externally owned accounts (EOAs) with no multisig and no on-chain timelock between the key and the action. There is no global supply cap: minting runs through a configured set of minters, most of which are single Circle-controlled accounts rather than contracts, each drawing down a per-minter allowance, and on Monad the active minting to date has been performed directly by one such Circle-controlled account against a standing allowance; the authority to grant and raise those allowances traces back to these single keys. The blacklister role is actively exercised as part of Circle’s standard compliance program. Burning is constrained to a minter’s own balance, so no key can burn tokens from an arbitrary account.

Rating: :yellow_circle: MEDIUM :yellow_circle: → minting, pausing, blacklisting, and upgrade authority are concentrated in single Circle-controlled accounts with no on-chain timelock, Circle’s standard managed-control posture for this asset class.

4. Exchange Rate and Yield

Not applicable. USDC is a non-yield-bearing fiat stablecoin, pegged 1:1 to the US dollar and backed by Circle’s off-chain reserves. It does not rebase, exposes no exchange rate to manipulate, and carries no redemption queue on-chain.

Rating: :white_circle: N/A :white_circle:

5. Token Architecture

USDC on Monad is a single canonical deployment, with no migration contract or duplicate entry point affecting the same supply. Supply changes only through the configured minter set and is observable through standard Mint, Burn, and Transfer events. The token logic contains no tx.origin authorization and no delegatecall beyond the proxy’s standard forwarding to its implementation, and every privileged function carries an explicit access-control modifier.

Rating: :green_circle: GOOD :green_circle:

6. Bridge and Cross-Chain Risk

The only cross-chain inflow into Monad supply is Circle’s CCTP V2, a burn-and-mint design with no escrow or lockbox: USDC is burned on a source chain and an equal amount minted on Monad, so there is no pooled collateral that could become under-collateralised. The full bridge framework was applied, and no other bridge route (no LayerZero, CCIP, Wormhole, Hyperlane, or Axelar) mints this token. CCTP V2 is the only cross-chain mint path, though on Monad to date supply has been created by Circle’s own direct minting rather than through the CCTP TokenMinterV2, which is configured but has not yet minted on Monad. The route is correctly and reciprocally wired between Monad and Ethereum, uses the canonical CCTP V2 contracts, carries a non-zero per-message burn cap, and verifies cross-chain messages with a 2-of-2 Circle attester set. As with the token itself, every administrative role across the CCTP contracts is a single Circle-controlled account, so the cross-chain path rests on Circle’s key management rather than an independent on-chain check.

Rating: :yellow_circle: MEDIUM :yellow_circle: → the route is mechanically sound, but all CCTP administrative authorities are single Circle-controlled accounts with no on-chain timelock, consistent with Circle’s single-issuer model.

7. Audit and Security History

The deployed Monad implementation runtime bytecode is byte-identical to Circle’s audited FiatTokenV2_2, differing only in a per-deployment linked-library address and the trailing metadata hash, so there is no logic difference from the audited version. The most recent code change to this implementation line, the v2.2 changeset, was audited by Halborn, and USDC is one of the most widely deployed stablecoin contracts in production with no disclosed exploit and a public bug bounty. The CCTP V2 contracts were audited by ChainSecurity, with additional reviews attributed to OtterSec, Halborn, and Zellic, and no CCTP exploit has been disclosed in production. There is no post-audit logic rotation on Monad.

Rating: :green_circle: GOOD :green_circle:

8. Dependencies

USDC relies on Circle’s CCTP V2 for the cross-chain mint path, the Chainlink USDC/USD feed for valuation, and Circle’s off-chain reserves as the ultimate backing. CCTP is production Circle infrastructure, correctly wired and audited, and the price feed is independently verified and live. The reserve adequacy behind the peg is attested off-chain and cannot be verified through on-chain reads, which is the inherent dependency of any fiat-backed stablecoin. USDC is not staked or restaked and has no slashing or withdrawal-queue exposure.

Rating: :yellow_circle: MEDIUM :yellow_circle: → dependencies are production-grade and correctly wired, but the CCTP administrative authorities are single Circle-controlled accounts and the reserve backing is attested off-chain rather than verifiable on-chain.

9. Summary

Findings table

Area Key finding Rating
0. Pre-screening Single canonical Circle USDC at 0x754704Bc…b603; fiat-backed stablecoin class; deployed implementation byte-identical to audited FiatTokenV2_2, no rotation. Good
1. ERC20 Circle FiatTokenV2_2 with six decimals; returns bool, no fee on transfer, no rebase, no hooks, no flash mint; only restriction is the blacklist. Good
2. Oracle Live, fresh Chainlink USDC/USD feed (eight decimals, 1-hour heartbeat). Good
3. Access control Upgrade, minting, pause, and blacklist authority concentrated in single Circle-controlled accounts with no on-chain timelock; most minters are accounts rather than contracts and active minting is by a single Circle-controlled account; blacklist actively used; no global supply cap; burn is self-only. Medium
4. Exchange rate / yield Not yield-bearing; 1:1 fiat peg backed by Circle’s off-chain reserves; no exchange rate, no on-chain redemption queue. N/A
5. Token architecture Single canonical deployment; standard supply mechanics with standard events; no tx.origin, no delegatecall beyond proxy forwarding; access-controlled privileged functions. Good
6. Bridge and cross-chain Circle CCTP V2 burn-and-mint, no escrow; correctly and reciprocally wired, 2-of-2 Circle attesters; CCTP minter configured but not yet used on Monad (supply minted directly by Circle); all CCTP admin authorities single Circle-controlled accounts. Medium
7. Audit and security Deployed bytecode byte-identical to audited FiatTokenV2_2 (Halborn); CCTP V2 audited by ChainSecurity and others; no disclosed exploit; no post-audit rotation. Good
8. Dependencies CCTP V2 and Chainlink feed, both production-grade; CCTP admin authorities are single Circle-controlled accounts; reserve backing attested off-chain. Medium

Disclaimer

Aave Labs has no formal or informal affiliation with Circle or the USDC issuer beyond this technical assessment. Aave Labs has not been compensated by Circle or any related party in connection with this work.

Copyright

Copyright and related rights waived via CC0.