Asset Risk Assessment: Short-term Treasury Bill Token (STBT)

A dive into the RWA token backed by US T-bills and reverse repos

Aug 23, 2023

Useful Links

Relation to Curve

Short-term Treasury Bill Token (STBT) is a permissioned, yield-bearing token that provides exposure to short-term US Treasury Bills (T-bills) and reverse repurchase agreements (reverse repo). As a permissioned token, this presents unique challenges for integration into DeFi applications like Curve.

STBT is paired with 3CRV in the STBT-3CRV stableswap pool and contains around $6.8 million in assets as of early-August 2023. A Curve gauge proposal for STBT was submitted in March 2023, with the DAO vote passing at 92.9%.

The STBT Curve pool makes use of the 3CRV metapool implementation with support for positive rebasing (as STBT is a positive rebasing token). This is reflected in the LP token price over time:

Source: STBT/3CRV Curve Factory Pool | Date: 8/92023

Shortly after pool creation, it was discovered that the Curve contracts require whitelisting from the STBT service provider (Matrixdock) to withdraw admin fees and convert to 3CRV. The issue was resolved with their team shortly thereafter, although this is an important consideration for onboarding permissioned assets to Curve.

This report examines STBT’s structure and operation, analyzing its integration with Curve and relevant risks to both LPs and the DAO. Risk factors include centralization vectors such as operational risk, pricing/oracle risk, and the evolving regulatory landscape. These challenges necessitate prudent consideration and proactive monitoring by potential holders and liquidity providers.

STBT Overview

Introduction

Short-term Treasury Bill Token (STBT), launched in February 2023, is a yield-generating token on Ethereum that adheres to the ERC-1400 security token standard. It grants accredited investors access to US Treasuries with maturities of less than six months and reverse repurchase agreements collateralized by US Treasuries. Since its inception, STBT has reached a market capitalization of over $120 million, and, on average, has earned holders a range of 4-5% APY.

Each STBT token is 1:1 backed by a dollar’s worth of underlying reserves. Investors can expect to earn yields on their stablecoins consistent with the underlying assets. The token has a positive rebasing mechanism, allowing holders to realize the yield produced by its reserves while STBT remains pegged to $1.

Trust Structure and Token Issuance

The service provider responsible for the operational management of STBT is Matrixdock, a subsidiary of Matrixport, a crypto financial services company founded in 2019 that custodies over $6 billion in assets. This is Matrixdock’s first yield tokenization product.

Matrixdock’s parent company, Matrix Finance, and Technologies Holdings has robustly structured STBT within a specialized trust. The token-issuing entity, Prometheus Solutions Ltd., and the asset-holding entity, Epimetheus Technologies SPC, have been securely nested within this trust. The renowned legal and corporate service provider Appleby Global Services is the trust’s guardian. Additionally, Hamilton Services oversees trustee activities, ensuring trust mandate adherence. This “orphan trust structure” ensures the STBT entities remain distinct from Matrixdock’s financial overview, protecting against potential claims should Matrixdock face financial difficulties.

STBT’s operational blueprint mirrors the orphan SPV structure seen in traditional finance, especially in asset-backed and mortgage-backed securities issuance. This well-established mechanism, which supports over $1 trillion in global securities, has the potential to achieve AAA ratings with the right financial structuring. For STBT, the foundational assets already possess top-tier creditworthiness, backed by the U.S. government’s credibility.

Reserves Management

STBT is collateralized by a mix of short-term US Treasury bills (T-bills) and reverse repurchase agreements (reverse repos). The T-bills eligible as collateral must have a maturity of six months or less. This structure offers exposure to short-term US interest rates while curbing duration risk. The reverse repos are short-term (overnight) instruments, widely considered low risk. These utilize T-bills as their underlying collateral.

Every business day, Matrixdock releases proof-of-reserve statements delineating the distribution between T-bills and reverse repo assets supporting the STBT supply. STBT collateral is currently split approximately 90% repos and 10% T-bills. This allocation favors short-duration repos, given the current shape of the yield curve and the project’s early-stage status.

The attestations also disclose the CUSIP number of the treasuries, details of the repo agreements, and the market value of the underlying assets, as shown below:

Rebasing

The total supply of STBT rebases daily to match the Net Asset Value (NAV) of its underlying assets. Matrixdock performs rebases using Bloomberg pricing data by referencing the 3 p.m. New York time closing price and determining the fair market value of the underlying T-bills and repos. Price data is accessed via its historical prices (HP) function with reference to the Bloomberg Generic (BGN) price source on the Bloomberg Terminal.

If collateral value increases, new STBT is minted and distributed to holders through rebasing as:

Daily Interest Distributed = NAV of Current Day - NAV of Last Rebase Day - Expenses

where expenses include the T-bill Custodian Fee, Reverse Repo Brokerage Fee, and Matrixdock Service Fee (0.1% APY). Matrixdock estimates the total annual fee to be ~0.3%.

Occasionally the NAV can decrease due to volatility in the T-bill market, although this is a rare occurrence and the T-bill will reach par value if held to maturity. In rare cases when the NAV decreases, rebasing will not occur until rebounding back above the last rebase point. Note that, unlike algorithmic systems, STBT’s rebasing model relies on active management by Matrixdock.

Protocol Revenue Model

There are several fees charged in the process of issuing and redeeming STBT tokens:

Custodian Fee: Paid to the third-party custodian(s) that hold the T-bills and reverse repo collateral in custody.
Reverse Repo Brokerage Fee: Charged by the broker when engaging in reverse repo transactions backed by T-bills.
Matrixdock Service Fee: Matrixdock charges a 0.1% annual service fee as the platform issuer and manager.

The total expense ratio is estimated at around 0.3% annually. However, the exact breakdown of the custodian and repo fees is not provided.

User Flow

As STBT is targeted to accredited investors, a whitelist is imposed within the token contract to only allow transfers between whitelisted participants. This involves a KYC process with Matrixdock that takes an estimated 1-5 business days to complete.

Whitelisted users can mint or redeem OTC to stablecoins (USDC/USDT/DAI) on the Matrixdock website, through the Minter contract, or swap in the Curve STBT/3CRV pool. Redemptions incur a .1% redemption fee.

Issuance

Accredited investors looking to mint STBT must deposit stablecoins (USDC/USDT/DAI) and register on Matrixdock, undergoing a mandatory KYC and AML process. Once approved, users can initiate a mint request via the STBT portal, indicating their stablecoin preference, desired deposit amount, and transfer address. Matrixdock provides a corresponding deposit address.

After the deposit verification, the issuer proceeds with offboarding the stablecoin deposit into USD which is held by a third-party custodian. This is then allocated toward purchasing short-term US Treasuries and establishing reverse repo agreements anchored by these Treasuries. Consequently, the equivalent value of STBT is freshly minted to the depositor. Users can typically anticipate the receipt of their STBT at their designated address within a span of 3-4 business days, completing the entire procedure in under a week.

Redemption

To redeem STBT for stablecoins, investors have a streamlined process that mirrors the token’s original issuance. Redemption can be initiated in multiple ways:

Through the Matrixport APP.
By interacting with the Minter contract and using the ‘redeem’ function.
For those opting for Over-the-Counter (OTC) transactions, by sending their STBT to a designated official address.

Once the issuer receives the redemption request, the settlement process involving T-bills and Repos begins. Traders will initiate the settlement of the underlying (T-bill and/or Repo) and simultaneously the STBT token is burned. Once the settled USD is converted into USDC through the Circle account, the USDC will be settled back to the holders’ whitelisted address, which is the same address that sent the STBT, thereby ensuring the closure of the redemption cycle.

Minter Contract

If interacting with the Minter smart contract, redemption is triggered through the redeem() function. This burns the STBT and takes the token amount and data parameters.

Source: Matrixdock (unpublished document)

Operationally, redemption happens automatically once STBT is sent via the Minter contract to the dedicated address. The STBT is burned once the underlying T-bills and repos are settled into USD, which is converted to USDC and returned to the holder’s whitelisted address.

The Minter contract allows querying and setting customized mint fee rates for different currencies through the getCoinsInfo and setCoinInfo functions. Similarly, redeem fee rates can be checked and updated via the redeemFeeRateMap mapping. This enables programmatic control over fee schedules.

Chainlink Proof of Reserves

Chainlink Proof of Reserve (PoR) offers an on-chain valuation of the STBT reserves, aiming to ensure that the total STBT supply never exceeds the USD value of its reserves. The data is supplied to Chainlink by Matrixdock’s third-party auditing firm, The Network Firm LLP, which collects the data directly from the custodial partners’ APIs and calculates the net asset value (NAV).

Through the PoR integration, a network of 16 Chainlink oracle nodes receives attestation data from The Network Firm and transmits a digitally signed proof to Ethereum on a daily basis. The trigger parameters are either a 1% price deviation or a 24-hour heartbeat.

Market and Adoption

As of mid-August 2023, STBT has a market capitalization of approximately $74 million, down from an ATH of $123 million.

Matrixdock has a T+4 timeline for issuance and redemption. To supplement this, the Curve pool provides immediate liquidity for STBT holders. Liquidity is available through the STBT/3CRV pool on Curve Finance, which offers swapping and yield opportunities.

The pool TVL dropped substantially on July 31st after a Vyper bug was reported that resulted in the loss of user funds in several Curve pools (see the postmortem by Llama Risk). The STBT pool was not affected by the exploit, although liquidity appears to have been removed as a precautionary measure.

Pool utilization is generally quite low. The past 7-day average volume in the Curve pool is ~$112k/day or an average utilization of ~1.7%. Its highest volume day was $1.5m on June 21st.

In its short history (since February 2023), STBT has not experienced a significant depeg event. A brief dip to $0.9931 took place on March 14th, one week after liquidity was seeded to the Curve pool.

Matrixdock offers incentives for greater pool liquidity through bribes to vlCVX holders on Votium. This benefits STBT and 3CRV holders via CRV rewards on top of native yields. They deposited incentives most recently in round 49, presumably refraining in round 50 in the wake of the Curve hack.

Holders Distribution

There are 111 STBT holders, although only 62 addresses hold a value greater than 1 STBT and 44 with a value greater than 10,000 STBT. See all holders at this Dune query.

The top 10 addresses own 80.76% of the total STBT supply.

According to this STBT Dune query, there have been 190 mint events in the lifetime of the token as of 8/17/2023. Of the mint events, there are 59 unique addresses that have minted STBT.

Risk Vectors

Smart Contract Risk

The token contract follows the standards outlined for ERC-1400 security tokens and has undergone audits from reputable firms. The proxy structure allows for upgrades to be administered in a controlled manner. Ongoing monitoring for new vulnerabilities is recommended.

Token standards
STBT utilizes the ERC-1400 security token standard to implement useful features for a regulated financial product. Specifically, it leverages the modular ERC-1410, ERC-1594, ERC-1643, and ERC-1644 sub-standards:

ERC-1410 allows token balances to have associated metadata. This enables STBT to tag token holder information for compliance.
ERC-1594 enables transfer restriction capabilities. STBT uses this to whitelist approved addresses that have passed KYC verification. Unapproved addresses cannot send or receive STBT.
ERC-1643 allows document management associated with the contract.
ERC-1644 provides controller operation functions. This gives STBT an admin role for mandatory token transfers if needed, such as for legal actions.

By compositing these ERC standards, STBT gains compliance-oriented features like whitelists, transfer restrictions, and controller operations. This suits the regulated nature of STBT as a tokenized security deriving value from underlying real-world assets.

Audits
Three audits by BlockSec and one by Zellic published between January and August 2023 reviewed the STBT token contract, Minter, WSTBT, and TimelockController, identifying issues like precision loss, flawed nonce handling, insufficient validations, failing tests, and non-standard proxy patterns. Recommendations were made to improve code quality, fix the test suite, and follow best practices for proxies, many of which were addressed in later audits.

BlockSec Audit #1 (Jan 2023)

Scope: STBT token contract
Findings: 1 medium risk issue related to potential precision loss
Recommendations: Add sanity checks before setting parameters

Zellic Audit (Feb 2023)

Scope: STBT, UpgradeableSTBT, TimelockController
Findings: 2 low risks, 1 informational
Issues: Custom proxy design, failing tests
Recommendations: Fix tests, consider standard proxy patterns

BlockSec Audit #2 (June 2023)

Scope: Minter & WSTBT contracts
Findings: 3 high risks, 2 medium risks, 2 low risks
Issues: nonce errors, flawed validations, improper conversions
Recommendations: Fix tests, remove redundant code

BlockSec Audit #3 (Aug 2023)

Scope: Minter & WSTBT contracts
Findings: No new issues, prior audit issues fixed

Operational Risk

Access Control
Access control is protected through the StbtTimelockController, whereby privileged addresses operated by Matrixdock can conduct system operations, including upgrading implementation contracts, setting privileged addresses, minting and burning STBT, rebasing the STBT supply, whitelisting STBT users, and transferring/redeeming STBT from any holder address. The private keys associated with Matrixdock operations are custodied by Cactus Custody, another subsidiary of Matrixport.

The overall architecture of access control in the system is shown below:

The timelock includes Proposer/Executor/Canceler roles which are 3 significant EOAs for the STBT system. They are responsible for conducting all guarded operations. Actions are initiated by the Proposer and can be executed by the Executor after the timelock delay has expired. The Canceler is described by Matrixdock as a hardware wallet address that can cancel proposed actions before they have been executed.

The timelock does not make use of the minDelay check to prevent discrepancies in timelock duration for different operations. Instead, Matrixdock has opted to hardcode mandatory delay values for different function calls. Values can be queried via delayMap and function signature. To set new delay values, a new TimelockController must be deployed and set as the STBT owner.

During this execution process, the timelock contract interacts with the STBT proxy contract, which delegates calls to the STBT logic contract. If the keys to these addresses are compromised, malicious functions could be executed that disrupt protocol operations, although the security measures of Cactus Custody and the mandatory timelock delay mitigate this risk.

Matrixdock retains the ability to perform forced transfers between addresses and to reverse fraudulent transactions or recover funds after the loss of a user’s private key. This is in accordance with the ERC-1400 security token standard:

Since security tokens are subject to regulatory and legal oversight (the details of which will vary depending on jurisdiction, regulatory framework and underlying asset) in many instances the issuer (or a party delegated to by the issuer acting as a controller, e.g. a regulator or transfer agent) will need to retain the ability to force transfer tokens between addresses.
Examples of where this may be needed is to reverse fraudulent transactions, resolve lost private keys and responding to a court order.

Source: ERC1400: Security Token Standard

On the topic of Controller permissions, the whitepaper does state intentions to transition to a multi-signature Controller involving reputable third parties:

Matrixdock will strictly manage this permission internally, and will find several reputable partner institutions to manage the private keys of this function with Matrixdock in the future to further reduce this risk.

Source: STBT Whitepaper

As of our latest correspondence with Matrixdock in mid-August, they have not yet implemented this plan and the timeline for this security upgrade is unknown.

The system contracts and guarded functions/privileged roles are fully detailed in Appendix B: Access Control.

Limited Service Providers
STBT relies on a limited set of service providers to oversee custody, operations, and auditing:

Custodian(s): Hold the T-bill and reverse repo collateral in custody accounts under contract with Matrixdock. The names of these custodians are not disclosed publicly.
Broker-Dealer: Contracted to engage in the reverse repo transactions backed by T-bills. The service provider is not disclosed publicly.
Pricing Provider: Bloomberg is used for pricing data to determine net asset value and trigger STBT rebases.
Third-Party Auditor: The Network Firm LLP supplies daily attestations for STBT’s proof of reserves (PoR).

Due to regulatory uncertainty that may affect relations with correspondent banks, depository institutions are sometimes reticent about having a public association with crypto companies. Matrixdock has shared this information with us privately and we can confirm their custodial partners are reputable. They have told us they are opening up alternative venues for the T-bill subscription and repo trading to ensure there’s no single point of failure, and have assured us that the contractual terms are consistent with standard market practice.

Rebase Handling
Matrixdock distributes interest on a daily basis by calling distributeInterests. There are restrictions in place that prevent interest distribution greater than the value of the reserves portfolio (through a proof of reserve integration with Chainlink), although this fundamental system mechanic does require active and responsible operation by the Matrixdock team.

Should the fair market value of the T-bills and repo collateral fall below the value of the preceding day, it could necessitate a negative interest rebase to maintain full collateralization. However, STBT’s internal rebasing protocol doesn’t accommodate negative rebases. Instead, on days when the value declines, rebasing is deferred until the fair market value exceeds the last recorded rebase level.

This approach is designed to uphold stability and make STBT more composable with DeFi applications. Many DeFi applications can only accommodate positive rebasing tokens. Matrixdock considers this a reasonable design choice because the underlying assets are backed by the full faith and credit of the US government and experience very low volatility. Nonetheless, this also means token holders might not be immediately apprised of decreases in collateral value until rebasing is restarted.

Liquidity Risk

Due to the project being in an early stage, Matrixdock has a strong preference for a low-duration portfolio. It is currently ~5.5 days, with a ~90% allocation to overnight reverse repo agreements. This ensures a highly liquid portfolio that has low volatility risk.

T-bills are constantly rolled to keep the portfolio duration at a target length (currently 5.5 days). It is theoretically possible that due to large redemption demand, possibly in conjunction with an increase in the portfolio duration, T-bills must be sold before maturity to honor redemption requests. Given the current portfolio makeup, it would require 90% of STBT (~$100m) to be redeemed within a month.

If STBT tokens require redemption before the maturity of the underlying T-bills, it can result in a lower execution price. To account for this, the redemption amount is calculated as follows:

Redemption Amount = STBT Redeemed * Execution Price * (1 - 0.1% fee)

Where

Execution Price = T-bill Market Price / Prior Day T-bill Price

This means redeeming before maturity can result in receiving fewer stablecoins back due to the potential difference between mark-to-market and par value. The trust allocates only to T-bills with 6-month maturities or less to minimize the potential volatility.

Oracle Risk

Bloomberg Pricing
STBT employs Bloomberg’s price feeds to determine the fair market value essential for daily interest calculations. The NAV calculation uses Bloomberg’s daily closing prices, accessed via the historical prices (HP) function referencing the Bloomberg Generic (BGN) price source on the Bloomberg Terminal.

The pricing data is captured daily, directly by Matrixdock, as the trader has direct access to the Bloomberg Terminal. Bloomberg has alternative data sources in case of potential outages, though the trading team notes the feeds have proven highly resilient over decades.

Matrixdock adopts the amortized cost valuation method based on the acquisition price instead of the mark-to-market approach for valuing the T-bills. Although this method stabilizes prices, it might overlook potential deficits if T-bills were to be sold before their maturity. A mark-to-market approach would offer a more accurate representation of the actual liquidation value.

Any disruption in this data might influence the token’s rebase dynamics. Although rebasing offers real-time collateral value monitoring, it also introduces centralization concerns due to the reliance on a single pricing source.

Proof of Reserves
Through the integration with Chainlink Proof of Reserves, the protocol programmatically limits the issuance and interest distribution of STBT. In both cases, there is a check on the Chainlink PoR reserveFeed to ensure that the newly minted STBT will not exceed the reported value. Should the collateral value decrease significantly, the system will pause issuance operations until the system is recapitalized.

As shown below, the issue function requires the totalSupply of STBT + the new issuance of STBT to be <= the lastest PoR value:

As shown below, the distributeInterests function requires the totalSupply of STBT + the new issuance of STBT from interest distribution to be <= the latest PoR value:

There is a trust assumption inherent to this PoR strategy in its dependence on the reliable integration between The Network Firm and the custodial partners, the auditor’s accurate reporting of the values, and a sound calculation for the values of the reserve assets. Although Chainlink uses a network of nodes to preserve data integrity, the PoR ultimately depends on a single data source. Accuracy and coordination between multiple parties (who each represent a single point of failure) do present challenges, but Chainlink PoR offers a more transparent method for reporting reserves than many off-chain solutions.

Depeg Risk

Any loss of confidence in STBT, possibly due to unforeseen issues or redemption problems with Matrixdock, could cause its value to deviate from its intended peg. Restrictions on STBT transfers to only whitelisted addresses increase the risk of depeg, as arbitrage may be inhibited. Less arb competition may cause depegs during normal market conditions to persist longer than they would otherwise.

Liquidity considerations add to these risks. The liquidity in the primary market is influenced by the issuer’s ability to trade the underlying Treasuries and repos. In contrast, secondary market liquidity is linked to the STBT/3CRV Curve pool. As Curve is the only liquidity venue where STBT is traded, a significant price swing in related assets (USDT, USDC, DAI) might indirectly add volatility to STBT. During turbulent market periods, monitoring slippage and closely ensuring strong market-making is crucial.

However, STBT has not experienced a significant depeg since its inception in February. It does have a short history and limited secondary market exposure, so more time on the market is required to build confidence in the strength of its peg.

Regulatory Risk

Regulation of tokenized securities like STBT remains an evolving area as authorities grapple with classifying and governing these novel assets. Matrixdock has focused distribution on accredited investors as a prudent measure amid regulatory uncertainty. Monitoring compliance in target markets is essential as laws develop. See Appendix A: Securities Laws by Jurisdiction for more information.

Regulatory Compliance and Investor Onboarding

STBT, potentially being viewed as a security, is vulnerable to shifting regulatory landscapes. Matrixdock, in anticipation of this, has limited its distribution to accredited investors. It’s crucial for stakeholders to monitor evolving regulations continuously.

Matrixdock conducts a rigorous due diligence process for potential clients, ensuring only accredited or qualified investors are onboarded. The company’s meticulous market conduct monitoring aims to preemptively address any concerns regarding offering financial products in Matrixdock’s target markets, demonstrating strict adherence to reverse solicitation principles.

Furthermore, unlike public offerings, a private placement presents investment opportunities to select investors. Typically, an offering that doesn’t align with public offering criteria is considered a private placement. The issuer can facilitate a private placement for professional or accredited investors upon notifying the relevant financial regulatory body.

Seychelles Regulatory Framework

In Seychelles (where STBT’s specialized trust is incorporated), the Securities Act 2007 is the main legislation overseeing securities and investment products. The Financial Services Authority (FSA) is the designated regulatory entity for securities dealers, investment advisers, and exchanges. While the Securities Act clearly enumerates which financial products qualify as securities, it doesn’t categorize virtual assets or cryptocurrencies as such. Classifying an asset or product as a security within the scope of the Securities Act is contingent on the asset’s inherent traits.

Matrixdock has procured a legal opinion from a reputable Seychelles-based law firm confirming that the STBT offering does not qualify as an investment business, thereby not falling under the regulations of the Securities Act. This opinion is tailored to Seychelles’ existing laws and does not extend to other jurisdictions. Recognizing potential varied interpretations across jurisdictions, Matrixdock upholds high compliance standards, especially concerning security offerings.

Geographic Restrictions

Adhering to regulatory guidelines, Matrixdock abstains from offering services in specific regions:

Asia: Mainland China, Retail clients from Hong Kong (SAR of China), Singapore, North Korea, Japan, Iran, Syria, and Myanmar.
Americas: USA, Canada, American Samoa, Cuba, Guam, Puerto Rico, and the Northern Mariana Islands.
Europe: Crimea, Sevastopol, and Russia.

A Matrixdock legal representative has shared the onboarding process with respect to geographical and jurisdictional restrictions:

For each client we onboard, we look at their place of incorporation/residence, then determine the local rules to sell them a security token on an exempt basis. We do not sell to US persons period, but the analogous exemption would be Reg D accredited investor exemption.
We consulted major law firms in various jurisdictions (UK/EU/Singapore/HK. Etc) to understand the relevant exemptions for offer and sale of unregistered securities (ie STBT), and apply these standards in each transaction. If client is from an unknown jurisdiction (take Bhutan for example), we apply the US test, which is typically the most stringent and sufficiently demonstrates that such investor is well suited for the product.

In consultation with Llama Risk legal counsel, we have found that Мatrixdock has operational processes in place to ensure that the token offering falls within the prescribed prospectus exceptions. While offers are made to or directed at qualified investors only, the team also monitors the number of solicited individuals cautious of the rule that prospectus exemption applies if the offer is addressed to fewer than 150 non-qualified investors in the UK and per Member State in the EU.

STBT marketing to Singapore investors is carried out by a regulated legal vehicle - a Recognized Market Operator, dealing in capital markets products and operating under the Singapore regulatory fintech sandbox regime. Matrixdock sees better protection for customers in this client solicitation method. We should note that the recent partnership occurs in an environment of increased attention from the Singapore regulator and proposed enhanced safeguards for the marketing of financial products.

Risks and Disclaimers

The website disclaimers detail the inherent risks associated with STBT Tokens. It underscores potentially unfavorable outcomes, such as:

The potential for token holders to incur significant losses.
Owning STBT Tokens signifies an unsecured debt obligation without granting direct or indirect ownership over underlying assets.
The token’s value is susceptible to market dynamics, especially fluctuations in U.S. Treasury obligations.
Fixed-income instruments, foundational assets, carry heightened risks due to their sensitivity to interest rate changes.
Redeeming STBT Tokens may result in trading losses, with the STBT issuer possibly deducting associated trading losses or transaction costs from the redemption amount, leading to a reduced final redemption amount for token holders.

In summary, this comprehensive set of disclaimers transparently outlines the inherent risks of STBT Tokens. By clearly communicating these risks, the issuer minimizes their liability, making potential users fully aware of the possible outcomes.

Future Regulatory Considerations

The prevailing compliance position of STBT hinges on the contention that, under Seychelles legislation, STBT does not qualify as a security. In extending offerings to nationals of third countries, the strategy employed revolves around the reverse solicitation principle. It is crucial to underscore, however, that this approach remains susceptible to the ever-evolving nature of regulatory updates or potential shifts in interpretation by the competent authorities in the target jurisdictions.

Concurrently, the proactive endeavors by the Matrixdock team to distribute the token to Singaporean investors, facilitated through a collaboration with a locally accredited institution, serve as a testament to the issuer’s commitment to aligning with the intricate and dynamic legal landscape. This not only exhibits adherence to present regulatory standards but also underscores a forward-thinking approach in anticipation of future legal nuances.

LlamaRisk Gauge Criteria

Centralization Factors

Is it possible for a single entity to rug its users?
Yes, although the legal structure mitigates this risk. STBT is fundamentally a centralized product that relies on the proper custody and operational management of trusted third parties. The issuer and underlying asset custodian have been contributed to an orphan trust, isolating STBT from dependence on Matrixdock. Matrixdock’s role is limited to “service provider”, meaning it has no legal rights to take ownership of the underlying assets which rightfully belong to the STBT token holders. It provides daily operational support, and it is paid a fee for such service.
If the team vanishes, can the project continue?
Possibly. Critical operational processes, including token mints/burns, interest distribution, and transfer permissions rely on Matrixdock’s active participation as the sole service provider for STBT. Without the team, these processes would halt, and users might face challenges redeeming their tokens or accessing the underlying collateral. An alternative service provider could take over these responsibilities if Matrixdock ceased operations.

Economic Factors

Does the project’s viability depend on additional incentives?
No. The token’s value and yields are derived from underlying US Treasuries and repo markets. However, the Curve ecosystem does provide additional incentives for liquidity providers, enhancing opportunities to drive STBT’s growth.
If demand falls to 0 tomorrow, can all users be made whole?
Effectively yes, but possibly no in extreme circumstances. The reserve portfolio is conservative and highly liquid (90% overnight reverse repo, 10% short-term T-bills), although there is a possibility of losses when selling T-bills before maturity. Given the current structure of the yield curve and the project being early stage, management has a strong preference for having extremely low duration (currently ~5.5 days). Liquidity crunch, market volatility, or redemption bottlenecks remain low-risk considerations.

Security Factors

Do audits reveal any concerning signs?
Somewhat. The STBT contracts underwent multiple audits, and although there were issues found in the audits of various severity, they were all addressed or resolved in subsequent commits. These included precision loss, nonce errors, flawed validations, improper conversions, failing tests, and non-standard proxy patterns.

Risk Team Recommendation

RWA protocols are a topic of growing interest as rates continue to rise and investors seek stable, reliable yields. There is an immense opportunity for Curve to embrace partnerships with RWA issuers such as Matrixdock for integration in its stableswap pools and as collateral for crvUSD. Although the ERC-1400 security token standard creates some awkwardness with integration (requiring whitelisting of Curve contracts for pool operation) and may inhibit adoption, Matrixdock’s diligence to create a compliant product amid regulatory uncertainty is commendable.

Curve DAO should advocate for enhanced transparency in Matrixdock’s operations and controls to alleviate concerns related to centralization in its custody partners and operational management. Curve should seek detailed information and a timeline of Matrixdock’s intended shift to a multi-signature model involving reputable third parties. It’s also recommended that Curve continuously monitor the changing regulations surrounding tokenized securities and coordinate with Matrixdock to ensure compliant distribution.

Based on our assessment of the properties and risks associated with STBT, we believe STBT meets the necessary criteria for a Curve gauge and we look forward to continued integration of Matrixdock products with Curve.

Appendix A: Securities Laws by Jurisdiction

USA

The Howey test is the benchmark for determining if an instrument qualifies as a security in the USA. Originating from the 1946 Supreme Court decision in SEC v. W.J. Howey Co., this test defines an investment contract as one where an individual:

Invests money
In a common enterprise
Reasonably expects profits or returns
Derived from the entrepreneurial or managerial efforts of others.

To be classified as an investment contract, a token must meet all four Howey criteria. The token should be registered with the SEC if these conditions are satisfied. However, it might still qualify for exemptions from mandatory registration, depending on its offering structure.

European Union

MiFID II strengthens regulations for equities while expanding its scope to non-equities like bonds and derivatives. Core focuses are investor protection and product governance, prioritizing investor interests.

As securities, tokens may fall under EU financial regulations if they meet certain conditions. Tokenization should align with standards like MiFID II to uphold transparency, protection, and integrity principles.

The EU DLT Pilot Regime provisionally allows market structures to bypass some legislation to encourage crypto-asset growth. However, its narrow eligibility criteria and uncertain long-term status pose challenges to the relevance of STBT.

United Kingdom

The UK’s Financial Services and Markets Act outlines regulated activities like those involving securities per the Regulated Activities Order 2001.

Tokens offering rights akin to specified investments require registration with the FCA, which mandates standards around disclosures, conflicts, and consumer treatment.

The FCA oversees entities in specified investments, shielding against deceptive practices and ensuring alignment with investor profiles and unambiguous risk disclosures.

Other Jurisdictions

The UAE and Singapore view security tokens as digital representations of traditional securities, thus subjecting them to existing securities laws. Instead of a blanket classification, the financial authorities in these countries evaluate each token on a case-by-case basis, deciding whether it fits as a security or a commodity. This flexible approach ensures appropriate regulation based on each token’s characteristics, balancing investor protection with financial innovation.

Appendix B: Access Control

Timelock Controller:
Address: 0x22276A1BD16bc3052b362C2e0f65aacE04ed6F99)

Roles:
The Proposer/Executor/Canceler roles are 3 significant EOAs for the STBT system. They are responsible for conducting all guarded operations. Actions are initiated by the Proposer and can be executed by the Executor after the timelock delay has expired. The Canceler is described by Matrixdock as a hardware wallet address that can cancel proposed actions before they have been executed. Matrixdock says the private keys for these addresses are protected through Cactus Custody (another Matrixport subsidiary).

TIMELOCK_ADMIN_ROLE: StbtTimelockController
PROPOSER_ROLE: 0x65FF5a67D8d7292Bd4Ea7B6CD863D9F3ca14f046 (EOA)
EXECUTOR_ROLE: 0xd32a1441872774f30EC9C453983cf5C95a720123 (EOA)
CANCELLER_ROLE: 0x520839E886A285E196C8fA3d161797B4BaFABE94 (EOA)

Delays:
The timelock does not make use of the minDelay check to prevent discrepancies in timelock duration for different operations. Instead, Matrixdock has opted to hardcode mandatory delay values for different function calls. Values can be queried via delayMap and function signature. To set new delay values, a new TimelockController must be deployed and set as the STBT owner.

The following functions require a 24-hour delay:

resetImplementation - Upgrade the STBT implementation contract
setIssuer - Sets address with issuer role
setController - Sets address with controller role
setModerator - Sets address with moderator role

The following functions require a 4-hour delay:

setMinDistributeInterval - Sets min allowable interval to distribute interest in seconds
setMaxDistributeRatio - Sets max allowable interest to distribute as a percent of the total STBT supply
issue - Issues new tokens to an address that has permissions to receive STBT with mint limits enforced by the value reported by the reserveFeed
redeem - Redeems tokens belonging to the admin
redeemFrom - To process redemption, a user first calls approve some value to redeem by the timelock contract (owner). Then the issuer can redeemFrom the token holder’s address
distributeInterests - Distributes interest accrued with checks that the value does not exceed the maxDistributeRatio or the value of the total reserve as reported by the reserveFeed, and the time since the last call is greater than the minDistributeRatio
controllerTransfer - Allows the controller to force transfer STBT from any address to any address
controllerRedeem - Allows the controller to force redeem STBT from any address

The following functions require a 1-second delay:

setPermission - Sets permissions for an address to send/receive STBT
setDocument - attach a new document to the contract, or update the URI or hash of an existing attached document
removeDocument - Removes an existing document from the contract

STBT token:
Proxy: 0x530824DA86689C9C17CdC2871Ff29B058345b44a
Implementation: 0xba8275286e10489c4aee24a39b0d919c79c634e3

Roles:
STBT uses role-based access control (RBAC) to segregate operational categories, although currently all roles are owned by the timelock.

owner: Upgrades implementation, sets system parameters, sets privileged roles
moderator: Performs the configuration of permissions for an address as defined by ERC-1594
controller: Has the authority to perform mandatory transfer and redemption as defined by ERC-1644
issuer: Performs normal token issuance and redemption

The StbtTimelockController is assigned all the privileged roles.

Write functions, onlyOwner:

resetImplementation - Upgrade the STBT implementation contract
setIssuer - Sets address with issuer role
setController - Sets address with controller role
setModerator - Sets address with moderator role
setMinDistributeInterval - Sets min allowable interval to distribute interest in seconds
setMaxDistributeRatio - Sets max allowable interest to distribute as a percent of the total STBT supply
setDocument - attach a new document to the contract, or update the URI or hash of an existing attached document
removeDocument - Removes an existing document from the contract

Write functions, onlyModerator:

setPermission - Sets permissions for an address to send/receive STBT

Write functions, onlyController:

controllerTransfer - Allows the controller to force transfer STBT from any address to any address
controllerRedeem - Allows the controller to force redeem STBT from any address

Write functions, onlyIssuer:

issue - Issues new tokens to an address that has permissions to receive STBT with mint limits enforced by the value reported by the reserveFeed
redeem - Redeems tokens belonging to the admin
redeemFrom - To process redemption, a user first calls approve some value to redeem by the timelock contract (owner). Then the issuer can redeemFrom the token holder’s address
distributeInterests - Distributes interest accrued with checks that the value does not exceed the maxDistributeRatio or the value of the total reserve as reported by the reserveFeed, and the time since the last call is greater than the minDistributeRatio

Note that the Controller has the authority to force transfer or redeem from any address. On the topic of Controller permissions, Matrixdock says in their whitepaper: