Wrapped Ether (WETH) on Aave Monad Assessments

This thread is the home for all risk and technical assessments of Wrapped Ether (WETH) on Aave Monad.

It collects, in one place:

  • The pre-listing asset risk assessment, under the Aave Risk Framework.
  • The pre-listing technical asset assessment, under the Technical Asset Listing Framework.
  • All post-listing monitoring reports, periodic refresh assessments, and any re-evaluations triggered by material changes.

New assessments and updates will be posted as replies below as they are produced, so the full history stays in a single thread.

[Asset Technical Assessment] WETH on Aave V3 Monad

Author: Aave Labs

Date: 2026-06-30


Summary

Technical assessment of WETH (Wrapped Ether) for onboarding to Aave V3 Monad, following the Technical Asset Listing Framework.

Overall result: :yellow_circle: MEDIUM :yellow_circle:

WETH on Monad is a clean, standard ERC20 (18 decimals, no fee on transfer, no rebasing, no transfer hooks, no blacklist) whose supply is wholly controlled by the Monad Native Bridge, with backing verifiably full because the Ethereum escrow holds slightly more canonical WETH than the total Monad supply. The bridge requires two independent verifier networks (Wormhole guardians and Axelar validators) to attest before any mint, but every bridge admin, upgrade, and mint authority concentrates on the Wormhole guardian set with no on-chain timelock, and the deployed contracts are a custom variant that sits outside the audited standard implementations. A live Chainlink ETH/USD feed exists on Monad and prices WETH directly.

Listing Recommendation

From a technical standpoint, WETH on Aave V3 Monad is technically eligible for listing, with conditions to surface and revisit as exposure to the asset grows. The bridge admin, upgrade, and mint authority concentrate on the Wormhole guardian set with no on-chain timelock and do not benefit from the two of two verifier redundancy that protects message attestation; the deployed bridge is a custom multi-token variant of Wormhole’s transfer framework plus an Axelar transceiver that no located audit covers at its deployed version. None of these is a blocker for an initial listing.

Asset under review

Field Value
Asset Wrapped Ether (WETH), a bridged representation on Monad of canonical Ethereum WETH
Target chain Monad (chain ID 143)
Target market Aave V3 Monad
Token contract 0xEE8c0E9f1BFFb4Eb878d8f15f368A02a35481242
Native to target chain? No. Bridged: minted on Monad by the Monad Native Bridge when WETH is locked on Ethereum, and burned on Monad to release the Ethereum escrow.
AAcA classification Wrapper, cross-chain representation of ETH (non-yield-bearing)

WETH on Monad is not a deposit wrapper minted by depositing the gas coin locally. It is a bridged claim on canonical Ethereum WETH (0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2): a user locks WETH in a bridge escrow on Ethereum, two independent verifier networks both attest the lock, and the Monad-side bridge then mints an equal amount. To move value back, the Monad WETH is burned and the Ethereum WETH is released. The Monad token’s value therefore depends on the integrity of that bridge and on the canonical Ethereum WETH that backs it.

0. Pre-screening

WETH is deployed and verified on Monad at 0xEE8c0E9f1BFFb4Eb878d8f15f368A02a35481242, a small ERC-1967 proxy reporting name “Wrapped Ether”, symbol “WETH”, and 18 decimals. The Monad token list registers exactly one WETH, bridged through the Monad Native Bridge, with no competing representation from another bridge provider. The asset is a wrapper and cross-chain representation of ETH, not in any non-approved or sanctioned category, and WETH is a core collateral primitive across Aave V3 markets, though the bridge on Monad is specific to this deployment. The token clone is not upgradeable and its implementation has never rotated, but no published audit is scoped to these specific deployed implementations, so a match between deployed and audited code cannot be established (see Section 7).

Rating: :green_circle: GOOD :green_circle:

1. ERC20 Compliance

WETH on Monad is a standard OpenZeppelin ERC20 with 18 decimals plus an EIP-2612 permit (gasless approval by signature): transfer() and transferFrom() return bool, with no fee on transfer, no rebasing, no ERC777 or ERC1363 transfer hooks, and no flash mint. There is no whitelist, blacklist, or transfer restriction, so any address, including contracts, can hold and transfer it freely. Minting is restricted to the bridge manager, and these absences are present by design rather than merely zeroed.

Rating: :green_circle: GOOD :green_circle:

2. Oracle

A live Chainlink ETH/USD feed exists on Monad with 8 decimals, a 1-hour heartbeat, and a Low Market Pricing Risk classification, and it was fresh when read, roughly 55 seconds old, well inside its heartbeat. Because WETH tracks ETH one to one, this feed prices the asset directly, with no exchange rate adapter required.

Rating: :green_circle: GOOD :green_circle:

3. Access Control

The WETH token uses a minimal role model with a single minter, set to the bridge manager, and has no owner, pauser, blacklist, or other token-level governance to capture. Mint authority rests with the bridge manager alone and is gated by the two of two bridge attestation, while burning is holder-scoped (a holder burns their own balance, or burns from another account only with an allowance), so there is no arbitrary burn from unconsenting holders. The token clone is a non-upgradeable minimal forwarder whose implementation cannot rotate, but the bridge manager, both transceivers, and the message transport are all upgradeable and owned by the same Wormhole guardian-governed module, which executes any call when handed a guardian-signed governance message (a 13 of 19 guardian quorum), with no on-chain timelock between a governance action and its effect. There is no separation in depth between the bridge transport, the token’s mint authority, and the upgrade path: all roll up to one guardian-governed root.

Rating: :yellow_circle: MEDIUM :yellow_circle: → upgrade and mint authority sit well above plain wallet risk (a guardian quorum, no externally owned account), but there is no on-chain timelock and a single authority controls every layer.

4. Exchange Rate and Yield

Not applicable. WETH on Monad is a one to one bridged representation of Ethereum WETH with no yield, no exchange rate, and no accrual mechanism: it is minted and burned one to one against the locked Ethereum WETH, with no convertToAssets or pricePerShare ratio to expose. No Correlated-Asset Price Oracle (CAPO) requirement arises, since the asset tracks ETH directly.

Rating: :white_circle: N/A :white_circle:

5. Token Architecture

Supply is controlled by the bridge but bounded by the two of two attestation requirement and a configured bridge rate limit, and the only supply entry point is the bridge manager’s mint, which is restricted to the minter. Every supply change emits a standard Transfer event to or from the zero address, providing observability, and there are no transfer restrictions, so the token is fully composable. The implementation contains no delegatecall and no tx.origin authorization. A single supply-bearing deployment exists: the bridge maps the Ethereum WETH origin to exactly this one Monad token, with no duplicate or legacy entry point to the same supply.

Rating: :green_circle: GOOD :green_circle:

6. Bridge and Cross-Chain Risk

Supply integrity on Monad depends entirely on the Monad Native Bridge, a custom multi-token variant of Wormhole’s Native Token Transfers (NTT) framework (a way to move a token across chains without liquidity pools, using a manager contract and pluggable transceivers) that adds Axelar General Message Passing as a second independent verifier: a mint executes only when both the Wormhole guardian network and the Axelar validator set attest the Ethereum lock (two of two). The model is lock and release with a destination mint and burn, where canonical WETH is locked in an escrow on Ethereum and an equal amount is minted on Monad, and the only live route is Monad to Ethereum, fully wired in both directions with no half-open peers. Backing is verifiably full: the Ethereum escrow holds approximately 13,040.38 WETH against a Monad supply of approximately 13,040.37 WETH, slightly over-collateralised consistent with in-flight transfers, and a configured rate limit bounds inbound minting and refills linearly over a 24-hour duration. The residual concerns are that the guardian-rooted admin and upgrade authority over the mint path carries no on-chain timelock, and that the guardian set is simultaneously one of the two verifiers, so the admin path does not benefit from the two of two redundancy that protects normal message attestation.

Rating: :yellow_circle: MEDIUM :yellow_circle: → the verification design is strong (two independent networks both required, full escrow, real rate limits, a single clean route), but the guardian-rooted admin authority over the mint path has no timelock and the audit coverage of the custom variant is unverified.

7. Audit and Security History

Wormhole’s standard single-token NTT framework on EVM is publicly audited (Cyfrin and Cantina in 2024, OtterSec in 2025), and the Wormhole core and guardians, the Axelar gateway and validators, and the Chainlink feed are long-running, separately audited production systems. The contracts deployed here, however, are a custom arrangement of a multi-token manager, a separate message transport, and an Axelar transceiver alongside the Wormhole transceiver, and no located published report is scoped to these specific deployed implementations; Wormhole’s own documentation states that such custom deployments fall outside its audited standard implementations and may contain vulnerabilities. Because no public report names a commit covering this variant, a comparison between the deployed code and an audited version cannot be completed, a confirmed coverage gap rather than an unverifiable unknown, though the source is public, the framework it derives from is audited, and the deployment operates with full escrow and two of two attestation. The token implementation at least is confirmed not to have rotated since deployment, so for that contract the gap is one of audit scope, not a moving target.

Rating: :yellow_circle: MEDIUM :yellow_circle: → the underlying framework and the building blocks are audited, but the deployed custom multi-token variant has no located audit scoped to it and is flagged by the provider itself as outside the audited standard.

8. Dependencies

WETH on Monad rests on canonical Ethereum WETH as its backing asset, an immutable, battle-tested contract with no admin and deep liquidity, which is the strongest possible base dependency. Its other dependencies are the two bridge verifier networks (Wormhole core and guardians, and the Axelar gateway and validators), both reputable audited production systems, and the Chainlink ETH/USD feed for pricing. Redemption to Ethereum runs through the bridge, where the Monad WETH is burned and the Ethereum escrow released, subject to the rate limit and the two of two attestation. Any guardian-governed change to a peer, rate limit, pause, or upgrade is an observable on-chain transaction, but takes effect immediately, with no timelock window.

Rating: :yellow_circle: MEDIUM :yellow_circle: → the base asset is excellent and the dependencies are reputable audited systems, but the bridge’s verifier and governance dependencies carry no on-chain timelock.

9. Summary

Findings table

Area Key finding Rating
0. Pre-screening Verified ERC-1967 proxy at 0xEE8c0E9f…1242; single registered WETH on Monad, bridged via the Monad Native Bridge; token implementation has not rotated, but no audit is scoped to the deployed implementations. Good
1. ERC20 Standard OpenZeppelin ERC20 with 18 decimals plus EIP-2612 permit; returns bool, no fee on transfer, no rebase, no hooks, no flash mint, no transfer restrictions; mint restricted to the bridge manager. Good
2. Oracle Live Chainlink ETH/USD feed on Monad (8 decimals, 1-hour heartbeat, Low Market Pricing Risk, fresh when read); prices WETH directly. Good
3. Access control Token has only a single minter (the bridge manager) and no owner, pauser, or blacklist; mint gated by two of two attestation, burn is holder-scoped; manager, transceivers, and transport are upgradeable by one guardian-governed module with no on-chain timelock. Medium
4. Exchange rate / yield Not yield-bearing; one to one bridged representation of Ethereum WETH; no exchange rate, no accrual, no CAPO requirement. N/A
5. Token architecture Single supply entry point (the bridge manager); supply bounded by two of two attestation and a refilling rate limit; no delegatecall, no tx.origin, no duplicate supply path. Good
6. Bridge and cross-chain Custom multi-token Wormhole NTT variant plus an Axelar transceiver, two of two verifiers, single live route Monad to Ethereum, escrow fully collateralises Monad supply; admin guardian-rooted, no timelock. Medium
7. Audit and security Standard single-token NTT framework and the Wormhole, Axelar, and Chainlink building blocks are audited; the deployed custom multi-token variant has no located audit scoped to it and is flagged by the provider as outside the audited standard. Medium
8. Dependencies Canonical Ethereum WETH (immutable, deep liquidity) as backing, Wormhole and Axelar as verifiers, Chainlink for pricing; redemption via the bridge; guardian-governed changes are observable but take effect with no timelock. Medium

Disclaimer

Aave Labs has no formal or informal affiliation with Monad, Wormhole, Axelar, or the WETH issuer beyond this technical assessment. Aave Labs has not been compensated by any of these parties or any related party in connection with this work.

Copyright

Copyright and related rights waived via CC0.