Summary
Timeline: From 2025-05-07 To 2025-05-09
Total Issues: 1 (0 resolved)
Medium Severity Issues: 1 (0 resolved)
Overview
Elixir Protocol’s deUSD token is a decentralized stablecoin backed by real-world assets, maintaining its backing through a mix of treasuries and stETH yield. Authorized participants, including financial firms and institutions, maintain the peg through the minting and redemption of deUSD for its collateral backing. The sdeUSD token allows users to stake their deUSD, accruing LST and perpetual yield in the process.
An asset assessment was performed on these two assets in order to investigate their potential use within the Compound ecosystem as collateral assets for stablecoin markets. It is noted, however, that the review was focused on the smart contracts as deployed on Ethereum Mainnet at the addresses noted within this report. The technical state of the Elixir network and the off-chain components thereof did not form part of this assessment.
Materials Reviewed
| Material | Version/Date | Source |
|---|---|---|
| Smart Contract Code deUSD | d18c0d8 | Github/Etherscan |
| Smart Contract Code sdeUSD | d18c0d8 | Github/Etherscan |
| Technical Documentation | As of 2025-05-08 | Documentation |
Summary of Findings
Key Concerns
- The sdeUSD token is a non-standard ERC-4626 vault which may impose a delay on withdrawals of the underlying asset. This could, in turn, pose a risk to the Compound protocol by delaying liquidations.
Positive Observations
- The deUSD asset has both Chainlink and Redstone oracles available.
- Further efforts towards decentralization are expected.
Asset Information
deUSD
Type: Stablecoin
Blockchain: Ethereum Mainnet
Contract Address: 0x15700B564Ca08D9439C58cA5053166E8317aa138
Created Date: July 15, 2024
Standard: ERC-20
sdeUSD
Type: Yield-Bearing Stablecoin
Blockchain: Ethereum Mainnet
Contract Address: 0x5C5b196aBE0d54485975D1Ec29617D42D9198326
Created Date: July 16, 2024
Standard: ERC-4626
Key Metrics
Please note the below metrics were accurate as of 2025-05-08.
deUSD
| Metric | Value | Source | Verification |
|---|---|---|---|
| Total Supply | 175,198,341 | Etherscan | Verified |
| Market Cap | 175.180M | CoinMarketCap | Verified |
| Holders | 4953 | Etherscan | Verified |
sdeUSD
| Metric | Value | Source | Verification |
|---|---|---|---|
| Total Supply | 114,410,329 | Etherscan | Verified |
| Market Cap | USD 118.98M | CoinMarketCap | Verified |
| Holders | 7072 | Etherscan | Verified |
Token Economics
Elixir Protocol’s deUSD upgradeable ERC-20 token is a fork of Ethena’s USDe stablecoin. As such, the deUSD implementation includes OpenZeppelin’s permit and burnable extensions. The minting of deUSD is managed by Elixir Protocol, while users are permitted to burn any tokens that they own or have allowances for. All other standard ERC-20 functionality, including transfers and approvals, operate permissionlessly on-chain.
Users can choose to stake their deUSD in exchange for sdeUSD tokens, earning a portion of protocol LST and perpetual yields allocated by the Elixir Foundation. A voted yield distribution algorithm is utilized to allocate this yield, balancing between the protocol’s insurance fund, DAO activities, and staking yield. The sdeUSD token is an ERC-4626 vault which allows the minting and burning of sdeUSD shares in exchange for underlying deUSD assets.
The deUSD token is collateralized by a mix of Lido’s stETH and MakerDAO’s USDS T-Bill protocol, with other assets considered for inclusion as backing collateral in the future. Centralized exchanges are used for running the basis trade initially, with plans to fully run the basis trade on DeFi exchanges in the long term. deUSD enables select institutions and financial firms to mint and redeem deUSD, utilizing centralized exchange venues as a liquidity source and using Fireblocks off-exchange. Authorized participants are the only counterparties able to mint/redeem deUSD, pulling an indicative quote from an API endpoint and submitting a signed message to atomically mint/burn. Mints are done with stETH, and redemptions to USDT. It is noted that permissionless minting and redeeming of deUSD is an upcoming feature according to the documentation.
Supply Mechanics
deUSD
| Parameter | Value | Description | Verification |
|---|---|---|---|
| Initial Supply | 0 | No initial supply of deUSD. | Verified |
| Maximum Supply | Uncapped | No maximum supply limits have been set on the deUSD token. | Verified |
| Minting Mechanism | Centralized | Authorized participants, including institutions and financial firms, can mint deUSD using stETH. | Verified |
| Burning Mechanism | Permissionless | Anyone can burn their own tokens or tokens which they have allowances for. Authorized participants can also burn deUSD for redemptions to USDT. | Verified |
sdeUSD
| Parameter | Value | Description | Verification |
|---|---|---|---|
| Initial Supply | 0 | No initial supply of sdeUSD. | Verified |
| Maximum Supply | Uncapped | No maximum supply limits have been set on the sdeUSD token. | Verified |
| Minting Mechanism | Centralized | Anyone can mint sdeUSD by providing equal value of deUSD tokens. | Verified |
| Burning Mechanism | Permissionless | Anyone can burn their sdeUSD tokens to redeem for equivalent value of deUSD tokens. Redemptions may be subject to a waiting period. | Verified |
Distribution
deUSD
| Holder Category | Percentage | Number of Addresses | Notes |
|---|---|---|---|
| Top 10 Holders | 98.88% | 10 | 68% of the supply is held by the sdeUSD token contract as collateral for staking. |
| sdeUSD Token Contract | 68% | 1 | Note that although 68% of the supply is held by a single address, it serves as collateral backing for the permissionless sdeUSD token. |
sdeUSD
| Holder Category | Percentage | Number of Addresses | Notes |
|---|---|---|---|
| Top 10 Holders | 94.60% | 10 | 55.8% of the supply is held by the Morpho contract, providing liquidity for a Morpho market pool. |
Contract Analysis
| Asset | Contract Verification | Open Source | License | Compiler Version | Optimization Enabled |
|---|---|---|---|---|---|
| deUSD | Verified |
Yes |
MIT |
^0.8.20 |
Yes |
| sdeUSD | Verified |
Yes |
MIT |
^0.8.20 |
Yes |
Key Contract Features
deUSD
- Minting: The minter role is permissioned for all token minting, allowing authorized participants to mint deUSD in exchange for stETH.
- Burning: Any user can burn their deUSD or deUSD for which they have allowances set. Authorized participants utilize burning to redeem deUSD for USDT.
- Permit: Users can set token allowances using a signature rather than sending a transaction.
- Upgradeability: The deUSD token contract can be upgraded by changing the implementation contract address which the proxy is delegating to.
- Ownable: The deUSD contract owner manages the role-based access control, setting the minter address which is authorized to perform all token minting. The owner is also authorized for any contract upgrades.
sdeUSD
- Minting: Anyone can mint sdeUSD tokens by providing equivalent value in deUSD.
- Burning: Anyone can redeem sdeUSD tokens to equivalent value in deUSD, subject to a cooldown period.
- Permit: Users can set token allowances using a signature instead of sending a transaction.
- Upgradeability: The sdeUSD token contract can be upgraded by changing the implementation contract address which the proxy is delegating to.
- Access Control: A single admin has permission for contract upgrades, blacklist management, and rewards configurations. The admin role is uniquely held by a single address at a time and is revoked upon being transferred.
Access Control
deUSD
| Role | Capabilities | Controlled by |
|---|---|---|
| Owner | Sets the minter address which is in charge of minting deUSD tokens. Can perform contract upgrades. | Self |
| Minter | Authorized for all deUSD token minting. | Owner |
sdeUSD
| Role | Capabilities | Controlled by |
|---|---|---|
| Admin | Can perform contract upgrades, manage the blacklist, and configure all rewards settings. | Self |
Asset Checklist
deUSD Token Standard Compliance
| Requirement | Status | Notes |
|---|---|---|
| ERC-20 | COMPLIANT | N/A |
| Audit | COMPLIANT | Changes between the audited commit and the deployed version have been evaluated. |
| No Fee-on-transfer | COMPLIANT | N/A |
| No Blocklist | COMPLIANT | N/A |
| No Delay in transfer | COMPLIANT | N/A |
| Mintable | COMPLIANT | By the protocol and the institutional holders of whitelisted RWAs. |
| Burnable | COMPLIANT | By the holder or allowance. |
deUSD Common Vulnerabilities Check
| Vulnerability | Status | Notes |
|---|---|---|
| Price Easily Manipulable | NOT PRESENT | Chainlink and Redstone Oracles. |
| Should Not Expose Centralization Risks | COMPLIANT | Peg is centrally maintained. Collateralization can be monitored. |
sdeUSD Token Standard Compliance
| Requirement | Status | Notes |
|---|---|---|
| ERC4626 | NON-COMPLIANT | The contract implements cooldown functionality which may affect withdrawals. |
| Audit | COMPLIANT | Changes between the audited commit and the deployed version have been evaluated and are superficial. |
| No Fee-on-transfer | COMPLIANT | N/A |
| No Blocklist | NON-COMPLIANT | The contract implements blacklisting functionality. |
| No Delay in transfer | NON-COMPLIANT | There may be a cooldown for redeeming assets. |
| Mintable | COMPLIANT | By staking. |
| Burnable | COMPLIANT | By redemptions. |
Documentation Validation
Technical Documentation
| Documentation | Accuracy | Completeness | Notes |
|---|---|---|---|
| Elixir Protocol Docs | MEDIUM | MEDIUM | There is a paucity of information on sdeUSD within the protocol documentation |
Issues Found
Medium Severity
Withdrawal Delays Due to Cooldown
The sdeUSD asset is an ERC-4626 vault that has deUSD as its underlying asset. The issue is that the vault implements a cooldown feature which may delay withdrawals of the underlying asset from the vault. A delay in redeeming the token for the underlying asset creates an insolvency risk for the Compound protocol in that it disincentivizes liquidators from maintaining the health of the protocol as they may need to carry the increased risk of waiting for withdrawals of the underlying asset to clear in times of market volatility.
The potential delay in withdrawals precludes the use of sdeUSD as a collateral asset within a Comet Market. Further analysis is recommended should the cooldown requirement be disabled in the future.
Conclusion
deUSD and sdeUSD were reviewed for their potential use as collateral in stablecoin markets on Ethereum Mainnet.
The review of deUSD highlighted some centralization risks related to the minting of the deUSD token by a centralized team. However, this is common in the case of USD-denominated stablecoins. In the case of Elixir’s deUSD, there is a roadmap towards less centralized control, which may further decentralize control of the asset in the future.
The sdeUSD review revealed significant risks related to the potential delays in the withdrawals of the underlying deUSD token from the staking contract.
Risk Assessment deUSD
| Risk Category | Risk Level | Notes |
|---|---|---|
| Technical Risk | MEDIUM | The deUSD token is part of the Elixir network, which has a roadmap with continued technical developments expected in the future. Monitoring is recommended. |
| Economic Risk | LOW | The asset is fully collateralized through on-chain assets. |
| Operational Risk | LOW | The contract is upgradeable with a multisig as the owner and does not have pausing or blacklisting functionality. Monitoring for changes is recommended. |
Risk Assessment sdeUSD
| Risk Category | Risk Level | Notes |
|---|---|---|
| Economic Risk | LOW | The asset is collateralized through the underlying deUSD deposits. |
| Operational Risk | HIGH | The contract is upgradeable with a multisig as the owner and has blacklisting functionality. Delayed redemptions pose a challenge for liquidation incentives within the Compound protocol. |
Final Recommendations
The following recommendations are made regarding enabling deUSD for use as collateral on stablecoin Comet Markets on Mainnet Ethereum:
- Risk recommendations provided by Gauntlet should be considered by the community, in particular the recommendation to list deUSD for use as collateral on the USDS Comet Market only.
- Technical progress of the Elixir protocol should be monitored to ensure that new risks relating to minting and redemption changes are evaluated when they occur as these impact the token economics of deUSD.
- An updated assessment from Chainrisk prior to enabling the asset as collateral to any Comet Market is recommended, considering that the last report is older than four months.
- Use of deUSD as collateral on other networks may be evaluated on a case-by-case basis when proposed, with special consideration for the differences in implementation between the Mainnet and bridged tokens.
With regards to the use of sdeUSD as collateral for stablecoin Comet Markets on Ethereum Mainnet, the following recommendations are made:
- Due to the implementation of a potential cooldown period for withdrawals and the impact that may have on liquidators within Comet Markets, sdeUSD is not recommended as collateral at this time.
- Further analysis is advised should the cooldown feature be permanently disabled or if an alternative mechanism is provided which would enable liquidations to convert sdeUSD to deUSD immediately.