Asset Risk Assessment: staked USDT (stUSDT)
A look into the RWA token backed by short-term government bonds, issued on Tron and Ethereum
Links
Contracts: stUSDT (Ethereum) | wstUSDT (Ethereum)| stUSDT (Tron)
Markets: Curve crvUSD/stUSDT | JustLend wstUSDT
TLDR
While the stUSDT website states that reserves target short-term government bonds, there is no mandate on the portfolio composition, reserves and custodians are not disclosed, and no third-party attestations are available.
There are uncertainties regarding the legal validity, transparency, and regulatory compliance regarding a custody agreement between RWA DAO and JustLend DAO creating ambiguity around reserves management.
EOA accounts controlled by anonymous team members manage on-chain operations such as rate-limited rebasing, handling of user funds, and contract upgrades.
There are no published smart contract audits or a bug bounty program, and most system contracts have not been verified on Etherscan or Tronscan.
Relation to Curve
In the aftermath of a reentrancy exploit in July 2023 that resulted in losses to several Curve pools and negatively impacted the price and liquidity of CRV, DeFi lending markets such as Aave suddenly became at risk of accumulating significant amounts of bad debt. Justin Sun acquired 5 million CRV tokens as part of an OTC deal to alleviate the threat of liquidation. In connection with his new governance stake, Sun announced on Twitter the intent to promote a stUSDT pool on Curve.
A proposal was made shortly thereafter to add a gauge to the crvUSD/stUSDT pool. The pool has not yet been seeded with any liquidity as of September 2023, nor has there been a DAO vote to introduce any gauge. Although stUSDT exists on both Tron and Ethereum, the vast majority is currently on Tron and there are no DeFi integrations active on Ethereum.
stUSDT Protocol Overview
Introduction
In July 2023, the TRON ecosystem introduced its inaugural Real World Asset (RWA) product, staked USDT (stUSDT), a receipt token for stablecoins invested into interest-earning RWAs such as short-term government bonds. In its short history, stUSDT has offered rates consistent with other RWA tokens backed by U.S. Treasuries, ranging between 4–5%. stUSDT can be permissionlessly minted or redeemed for USDT with the intention of expanding support for additional stablecoins. For instance, the TRON deployment also allows users to mint stUSDT from TUSD.
stUSDT holders can passively earn income from real-world assets through periodic token rebases that regularly distribute yield produced by its underlying portfolio. Through the rebase mechanism, the smart contract distributes rewards to holders by increasing the quantity of stUSDT held in the user’s wallets. The mechanism maintains a 1:1 exchange rate between stUSDT and USDT, allowing holders to redeem their stUSDT for an equivalent quantity of USDT, minus a withdrawal fee.
There is a strong association between Justin Sun and the entities supporting stUSDT. The TRON founder and Huobi global advisory board member has actively promoted stUSDT and appears to own a significant amount of the token supply. In July 2023, Huobi and Poloniex, both exchanges with ties to Sun, announced they would be supporting stUSDT upon launch.
stUSDT is operating primarily through its integration with the Tron-based lending market JustLend. The vast majority of liquidity resides on this venue where it is available as both a collateral type and borrowable asset. The Ethereum implementation has not yet experienced appreciable adoption or active DeFi integrations. The vast majority of Ethereum-based tokens are held in wallets associated with Justin Sun.
RWA DAO
With design inspiration from Lido’s stETH, stUSDT is intended to be a decentralized token with key decisions being governed by a DAO of stakeholders. stUSDT advertises a system of governance operated by an entity called the RWA DAO, whose structure and responsibilities of its members are described on the stUSDT website.
Despite billing itself as “a decentralized, self-governing community” (source), there is no public information about the RWA DAO’s members or organization other than what can be found on the stUSDT website. Shortly after the launch of the product, a JustLend DAO vote seems to have approved the delegation of governance and stUSDT-related operations to JustLend DAO. Under this agreement, it is unclear what role the anonymous members of the RWA DAO or members of JustLend DAO play in managing stUSDT’s reserves, but the stUSDT website continues to advertise the role of the RWA DAO within its system.
The roles within the organization are described as follows:
Advisory Council: Elected by the DAO to oversee day-to-day RWA investment and operations and to propose changes to the DAO when necessary. Perform risk management duties. Appoint and evaluate RWA Arrangers.
RWA Arranger: Appointed by the Advisory Council to determine suitable investment strategies. Assesses fund performance and makes changes as necessary. Appoints Asset Managers.
Asset Managers: Appointed by the RWA Arranger to implement strategies specified by the Arranger. Periodically disclose RWA performance and asset holdings on-chain by performing rebases of the stUSDT token supply.
Overall, the operations of the organization are shrouded in mystery. Presumably, these duties have been delegated to JustLend DAO, although the identities of those members are not disclosed and the nature of the custody agreement is ambiguous. To date, there has not been any public governance discussion or votes on JustLend regarding the off-chain management of stUSDT’s reserves or clarity as to the persons or entities custodying user funds.
RWA Investment Process
The published standard for management of the reserves, transparency, and rewards distribution includes the following general guidelines:
Investment Strategy: Asset Managers invest funds based on the predetermined strategy.
Reward Sharing: Asset Managers distribute rewards gained via the stUSDT-RWA Contract to users.
Transparency: Asset Managers periodically reveal RWA investment performance and asset holdings.
Review and Adjustment: RWA Arrangers assess RWA investment performance and tweak strategies as needed.
Supervision and Risk Management: The Advisory Council oversees RWA investment and daily operations. They watch for potential risks and ensure effective control.
According to the stUSDT support page, RWA investment decisions involve the following process:
Discussion Phase: The Advisory Council discusses possible RWA investment opportunities with RWA Arrangers.
Pre-Voting: RWA DAO holds a pre-vote to decide if a proposed investment strategy should move forward.
Contract Setup and Voting: If the proposal passes the pre-vote, RWA Arrangers deploy the stUSDT-RWA Contract and vote on whether to proceed with the proposal.
Implementation: When the execution vote succeeds, the stUSDT-RWA Contract activates automatically. RWA Arrangers set up initial contract settings.
It is unclear from the description how assets off-chain are actually managed. There have not been any publicly disclosed votes to verify the workflow as it is outlined. The management of off-chain assets in practice is a black box with users having no insight about the custodians, the investment strategies implemented, or their legal right to ownership of their assets.
There is a very rudimentary daily attestations report offered by stUSDT that is linked in the Data page of the website. The team publishes daily attestations on their Medium blog in connection with rebases. There is no information about the specific assets on the balance sheet, although information includes individual investment date/maturity date (possibly 3-month U.S. T-bills, although not explicitly disclosed), the total investment, daily interest earnings, and bank fees. The reports serve to justify the daily rebase rate of the stUSDT supply.
There are occasional vague references to the composition of stUSDT reserves, for instance in Twitter posts that describe its allocation to “RWA investment such as in short-term government bonds”. The website likewise references short-term government bonds as an allocation target. However, there is no explicit disclosure of the investment strategy currently or any detailed guidelines on goals and acceptable risk parameters.
The webpage also claims a $10m buffer is maintained on-chain as emergency reserves that do not earn a yield and are available to process immediate redemptions. In general, the stUSDT policy states the intention to process withdrawals between T+0 and T+3, depending on the amount of stUSDT in the queue and other factors.
stUSDT does not charge a management fee, although it does disclose a .1% withdrawal fee on the staking page of its website that it claims covers the operational costs of RWA investment. The fee is described as a “promotion”, so users should be aware that this fee may increase in the future. There are also bank fees disclosed in the rebase reports which are subtracted from the profits in the daily rebases.
stUSDT Contract Architecture
The stUSDT contract architecture is deployed to both Tron and Ethereum with identical parameters. The contracts use an upgradeable proxy pattern and consist of several additional contracts that handle minting, burning, and security controls. The minter, burner, blackListManager, and mintPausedAdmin contracts are not verified on Ethereum or Tron, obscuring additional details about these contracts.
STUSDTProxy: 0x25eC98773D7b4ceD4cAFaB96A2A1c0945f145e10
The permanent stUSDT address with admin role that can update to a new admin or upgrade the implementation address.
Proxy Admin: 0xcC2BcF5f274595cb71fA0F5609cBA6e4b602E2D7 (EOA)
upgrade implementation
update proxy admin
Impl Admin: 0xcC2BcF5f274595cb71fA0F5609cBA6e4b602E2D7 (EOA)
set addresses for the rebase admin, blacklist manager, mint paused admin
add/remove stUSDT minters and burners (each handles a specific deposit token)
set the rebase rate limit for both positive and negative rebases and interval time
set max total underlying assets
rebaseAdmin: 0x13eD3eB5a9ad0D42C415064EACaeF5Ebdc9D97fC (EOA)
rebase the stUSDT token supply within parameters set by the admin. Current parameters are set with a rebaseIntervalTime of 3600 blocks, an increaseRateLimit of .0274% per interval, and a decreaseRateLimit of 0%.
STUSDT Implementation: 0x3ece77928fBbac9B6d48db7E2d23498df2Cb1F34
The implementation address contains logic for associated contract interactions including the minter, burner, blackListManager, and mintPausedAdmin contracts. It also specifies addresses for the admin and rebaseAdmin roles.
Minter (UNVERIFIED CONTRACT): 0xe22D16a16d8a5A92241cF696C35c08eaa873728c
The contract users interact with to mint stUSDT. On Ethereum, there is only a minter that accepts USDT deposits, but on Tron, there is a minter for USDT and TUSD. The contract apparently has the functionality to assign a custodian where user deposits are sent for offboarding, presumably to invest in RWAs. The custodian is the same address as the system admin.
Burner (UNVERIFIED CONTRACT): 0x156269966404Ca72F6721c3228676c56412c058c
The contract users interact with to burn stUSDT and redeem USDT. On Ethereum and Tron there is a single burner contract that redeems USDT to users. There appears to be a two-step process where users first request a withdrawal and burn their stUSDT. Then they can complete the withdrawal in 0-3 days, depending on the USDT available in the contract.
BlackListManager (UNVERIFIED CONTRACT): 0x6D91544f9Db628E690D69484087496c4C51fe1F0
The contract stores a list of blacklisted addresses. Blacklisted addresses cannot transfer, mint, or redeem stUSDT. There appears to be a set of 3 addresses assigned as operators of this contract.
operator: 0x758A926A24A32bC83b27c0Fd4761cc9C025F56B1
operator: 0xcC2BcF5f274595cb71fA0F5609cBA6e4b602E2D7
operator: 0x13eD3eB5a9ad0D42C415064EACaeF5Ebdc9D97fC
MintPausedAdmin (UNVERIFIED CONTRACT): 0x510D62a6a0f4b134bDDBa23BADAaE6c3de2dB610
This contract places an emergency pause on minting. There appears to be a set of 3 addresses assigned as operators of this contract (same addresses as blackListManager).
WstUSDTProxy: 0x572975FF6d5136c81c8d7448B6361eF9EEfE1AB0
The permanent wstUSDT address with admin role that can update to a new admin or upgrade the implementation address.
Admin: 0xcC2BcF5f274595cb71fA0F5609cBA6e4b602E2D7 (EOA)
upgrade implementation
update proxy admin
WstUSDT Implementation: 0xF7Eb8906D91a206D6E64575D3425AC558744d0D5
The implementation contains logic for wrapping/unwrapping and tracking the exchange rate of wstUSDT:stUSDT.
System Buffer
The stUSDT website claims there will be a 10m USDT buffer maintained to facilitate convenient withdrawals. In practice, the buffer funds are distributed across the minters and burners on both Ethereum and Tron. At the time of writing (9/20/2023), the buffer values across the system are:
Ethereum USDT minter: 3,250,833.236063 USDT
Ethereum USDT burner: 840,867.758149 USDT
Tron USDT minter: 2,268,116.36458 USDT
Tron TUSD minter: 0 TUSD
Tron USDT burner: 5,832,776.802329 USDT
This totals 12,192,594.16 USDT, safely above the stated target. However, there is only 6.67m USDT directly available in the burners, and users must rely on the stUSDT system operator to replenish funds as needed. Users should also be wary that the token distribution is highly concentrated, which may increase the risk of sudden redemption demand in excess of the available buffer. The stUSDT website claims that in the worst case, redemptions can be safely processed in 3 days.
stUSDT On-chain Activity
According to DeFiLlama’s RWA TVL Rankings, stUSDT is the largest RWA token by TVL. Furthermore, its TVL is greater than all other RWA issuers listed by DeFiLlama combined.
stUSDT has been deployed to both Tron and Ethereum. Both implementations include a wrapper contract that distributes interest by adjusting the wstUSDT:stUSDT exchange rate instead of rebasing. This makes the token more suitable for DeFi integrations such as DEXs and lending markets.
Since its inception in July 2023, the majority of adoption and activity has taken place on Tron. There is an integration with JustLend where a wstUSDT market was added on August 19th. With nearly 1.29B stUSDT deposited into JustLend as of September 20th, 2023, this constitutes over 72% of the stUSDT total supply. Almost 100% of the Tron-based wstUSDT is on JustLend.
stUSDT & wstUSDT - Tron Chain
As of September 20th, 2023, the total supply for stUSDT Tron chain is 1,711,137,809. Over 99% of the supply resides in 2 addresses: the wstUSDT contract and an EOA tagged as Huobi. Huobi controls over 98% of stUSDT not deposited into the wrapper contract.
Nearly all the Tron-based wstUSDT is deposited into JustLend, with a small quantity also in wallets tagged as Huobi and Poloniex.
jwstUSDT (JustLend): TD5SdLw5scR6mXgyMK2xKrFJpauDjpKqrW
Poloniex: TNCmcTdyrYKMtmE1KU2itzeCX76jGm5Not
The wstUSDT on JustLend increased substantially on September 16th from 434m to 1.3b wstUSDT. The borrow demand for wstUSDT is negligible. There is a 75% collateral factor on wstUSDT, referring to the value that can be borrowed compared to the value of wstUSDT supplied as collateral, so the primary use case for wstUSDT on JustLend appears to be as collateral. 99.75% of the jwstUSDT supply is held by the address TT2T17KZhoDu47i2E4FWxfG79zdkEWkU9N, which was previously connected to Justin Sun and Huobi.
Below is shown the funds flow of the two most significant stUSDT token holders on Tron. The TT2T address associated with Justin Sun has minted stUSDT from both USDT and TUSD and deposited them into JustLend. The TDTo address tagged as Huobi has minted stUSDT from USDT. The stablecoin deposits have been offboarded through Huobi.
Currently, there are 100,437 stUSDT holders on Tron. However, there are under 300 addresses that hold stUSDT, wstUSDT, or jwstUSDT with values greater than $100. The user base appears to have been artificially manipulated to create the impression that stUSDT is gaining widespread adoption. Below is the token holder count between July 20th and 30th, with a rapid rise to 100k holders:
The EOA address TKyCmGYVto67XfxhtkYt14EkU3qKTjUKii was used to send 0.0008 stUSDT to random addresses. Everyday, 10k users were sent 0.0008 stUSDT for 10 days to gain 100,000 stUSDT holders. This is further shown by the high token transfer count during that period:
stUSDT & wstUSDT - Ethereum Chain
Justin Sun’s stated intention to promote stUSDT liquidity on Curve has yet to materialize. There are currently only 6 addresses holding stUSDT with quantities over 100 stUSDT. The top 3 addresses account for 99.63% of the total supply on Ethereum.
All addresses are EOAs and the top two addresses have a transfer of funds between them, suggesting that they may both be associated with Justin Sun. The funds’ flow shows that USDT deposited into the system offboards through Huobi.
Shown another way are the two top stUSDT minters on Ethereum that account for over 95% of Ethereum-based stUSDT:
Although wstUSDT has also been deployed on Ethereum, there is no stUSDT deposited into the wrapper contract and the only interactions have been test transactions. The contract may experience greater demand if DeFi protocols begin integrating the product on Ethereum.
Risk Vectors
Smart Contract Risk
There are no published audits for stUSDT and the team does not advertise any bounty program. Many of the system contracts are not verified on Etherscan or Tronscan, including the minter and burner which are user-facing contracts, nor the blacklist manager and the mint paused manager. At the very minimum, all system contracts should be verified.
There is a system buffer that facilitates redemption demand which currently contains over 12m USDT across both the Ethereum and Tron implementations. Up to that amount is at risk in case of a smart contract exploit. Overall the TVL in the system at a staggering $1.7b after only several months on mainnet is far in excess of what the current contract maturity and transparency merits. However, the majority of the TVL is associated with insiders Justin Sun and Huobi, and most of the value in the system is custodied off-chain, possibly by affiliated entities.
Operational Risk
As described in the section on Smart Contract Architecture, there are a number of privileged roles that users depend on for normal operations and in case of emergency. Notable operational risks involving privileged operators include:
Rate Limited Rebasing: An EOA has the power to periodically rebase the stUSDT supply. It is possible the operator does not perform rebases consistent with the performance of the underlying portfolio. This risk is mitigated by the contract admin setting a rate limit on the interval and rebase amount. The limit is currently 3600 block intervals with a .027% rebase limit per interval.
EOA System Admin: An EOA has admin control across all relevant system contracts. The address is also the custodian that withdraws user deposits for offboarding. The owner of this address that handles user funds is anonymous and neither its trustworthiness nor the quality of its private key custody solution can be verified.
Mint Paused Admin: A set of 3 EOAs are assigned as operators that presumably can pause stUSDT minting (the contract is unverified so the contract logic cannot be confirmed). Failing to pause in an emergency could result in unbacked stUSDT being minted which may cause losses to LPs.
Collateral Risk
The reserves backing stUSDT are not disclosed, but the stUSDT website and posts on Twitter reference a target backing of “short-term government bonds” and an on-chain buffer of at least $10m to facilitate withdrawal requests.
The on-chain portion is publicly verifiable across the minter and burner contracts on both the Ethereum and Tron implementations. We have confirmed in a snapshot on September 20th that there is 12m USDT across these contracts, 2m in excess of the stated goal. However, the stated buffer target only accounts for ~0.6% of the overall stUSDT market cap (~$1.7b) at this time.
The only publicly available insight regarding the majority of the reserves is from the daily rebase reports posted by a stUSDT representative. While the reports are informal and neglect important information about the reserves, they do list the investment and maturity dates of its holding. Currently, all holdings (as reported by stUSDT) appear to be 3-month government bonds.
A look at the 3-month U.S. Treasuries yield (we are assuming the holding are U.S. T-bills, but this cannot be verified) show highly favorable rates for short-duration instruments:
This allows RWA issuers such as stUSDT to reap attractive rewards without incurring significant collateral risk. U.S. T-bills are backed by the full faith and credit of the U.S. government, making them among the lowest default risk instruments available. In case of excessive redemption demand that requires the liquidation of reserves before maturity, 3-month T-bills are highly unlikely to experience liquidity problems or incur significant market impact.
The primary risk to collateral is the unprecedented lack of transparency and therefore questionable accountability of the stUSDT Fund managers. The decisions regarding reserves management appear to be handled by a small team of anonymous individuals without oversight (despite claims made that investment decisions first go through an on-chain vote). The instruments backing stUSDT are currently unknown, and although there are references to “short-term government bonds”, there is no guarantee that the Fund managers will not shift exposure to high-risk instruments or even that they would notify stUSDT holders if it were the case.
Custody Risk
In a recently issued press release, it has been announced that stUSDT is launched by RWA DAO and will be managed by JustLend DAO. These operations are purportedly conducted under a formal custody agreement between the two DAOs.
However, upon close scrutiny of JustLend DAO’s governance forums, we find no evidence of proposals, discussions, or resolutions that pertain to the launch or management of RWA DAO. This absence of documentary evidence raises questions concerning the legal validity and operational transparency of the said custody agreement.
Furthermore, there is a notable lack of publicly available information detailing the legal structures or decentralized governance mechanisms underpinning RWA DAO. In the absence of such crucial details, it becomes challenging to ascertain the legal frameworks that might apply to this organizational entity, especially in matters concerning compliance, liability, and regulatory oversight.
The team responsible for the issuance and management of stUSDT has not provided public disclosures concerning certain key features of the protocol.
Reserve Assets: No information has been publicly disclosed regarding the safeguarding mechanisms employed to ensure that the valuation of reserve assets backing stUSDT is maintained at a level equivalent to at least 100% of the outstanding stablecoins in circulation at any given time.
Custody: There is no available data to verify whether the reserve assets that back stUSDT are held in segregated accounts, separate from the issuer’s own assets that are not reserved. The absence of such confirmation could present a risk of commingling, thereby complicating the legal and regulatory framework under which these assets are managed.
Solvency: Regulatory guidelines often mandate that stablecoin issuers maintain a minimum base capital. Additionally, under some legislative frameworks issuers are required to hold liquid assets valued at more than half of their annual operating expenses or an equivalent amount sufficient to facilitate either a recovery plan or an orderly wind-down of operations. Notably, this designated amount ought to be independently verified, providing an additional layer of assurance that the liquid assets on hand are adequate to meet regulatory objectives and financial obligations.
At this juncture, there is no publicly available information confirming whether stUSDT’s issuer complies with these or similar solvency criteria. Until such time as these key features are explicitly disclosed and verified, the level of risk associated with stUSDT remains uncertain.
Depeg Risk
A risk pertinent to Curve LPs is the resilience of the stUSDT peg. This is likely related to the efficiency of the arbitrage path to directly redeem stUSDT. There is a withdrawal buffer that can immediately process withdrawals, but in times of excessive redemption demand, a prompt response by the stUSDT team is required to replenish the buffer pool.
As the Ethereum burner pool is the most direct path relevant to Curve LPs for redemption processing, LPs should monitor the USDT in this contract. As of 9/21/2023, there is 840,867 USDT available out of 71,983,373 Ethereum-based stUSDT supply. This accounts for 1.17% of the stUSDT supply on Ethereum.
In case of high redemption demand, the stUSDT website claims withdrawals can be processed, at most, within 3 days of making a request. Assuming wise investment strategy and funds management, and reliable operational management by the team, depeg events should be short-lived. stUSDT appears to have a strong relationship with Huobi, which likely will ensure the crypto onramp is always available. However, this presents a systemic risk to stUSDT considering its primary partnership with Huobi. If the exchange were to fail due to a hack or it otherwise ceases operations, it may become difficult for stUSDT to onboard for reliable redemption processing. Extraneous factors such as this may disrupt the normal operation of stUSDT, leading to prolonged depeg events.
Regulatory Risk
stUSDT Privacy Policy
Purple Anthem Limited, a company incorporated under the laws of the British Virgin Islands, operates the stUSDT.io platform as per the Privacy Policy designation. The legal entity is dedicated to upholding and safeguarding the privacy rights of all individuals who engage with stUSDT’s set of websites, mobile applications, and ancillary services (collectively referred to as “the Services”)
In regard to the staking of tokens on stUSDT.io, it’s important to clarify that there are currently no restrictions imposed on this particular financial activity. However, it is pertinent to note that if Purple Anthem Limited, as a BVI entity, takes on the role of custodian by receiving, managing, and disbursing tokens in the context of a staking pool or as part of a rewards program, it may become subject to regulatory obligations under the Virtual Asset Service Provider (VASP) Act of the BVI.
VASP Act
The Virtual Asset Service Provider (VASP) Act, effective as of February 1, 2023, represents a landmark regulatory framework for the BVI offering comprehensive guidelines for the governance of virtual asset service providers.
Under the Act, a “virtual asset” is specifically delineated as a digital embodiment of value, exchangeable and transferable digitally, that can serve payment or investment functions— excluding, however, digital versions of fiat currencies. Meanwhile, “Virtual Asset Service Providers” or VASPs, are characterized by the multitude of services they offer, ranging from currency exchanges to safekeeping of assets and the provision of financial services related to virtual assets. Existing operators within the BVI jurisdiction have the benefit of transitional arrangements, permitting them to continue operations while they undergo the registration process.
Noteworthy is the Act’s provision for certain exceptions, such as the development and sale of software or hardware, and the offering of “unhosted” wallet services where customers retain control over their private keys.
Finally, the Act imposes a robust set of general obligations on VASPs, encompassing anti-money laundering protocols, stringent data protection, cybersecurity measures, annual financial reporting, and specific requirements for the fitness and propriety of senior officers and beneficial owners.
We have attempted to engage with a representative from stUSDT for clarity about its role as a service provider. As of today, we have not yet received a conclusive response to the critical query whether the platform is currently being fully run by Purple Anthem Limited or the company is solely responsible for data privacy management. Additionally, we have no formal verification as to whether the company in question has secured all requisite licenses and registrations mandated by the laws of the BVI.
This inquiry is of paramount importance not only for purposes of legal compliance but also to ensure that stakeholders are fully apprised of the operational and regulatory status of the platform under the jurisdiction of BVI law.
JustLend
JustLend demonstrates a commitment to legal probity and adheres to a strict set of compliance measures. Specifically, the lending platform restricts the provision of services to any individual or entity that is either
(a) the subject of economic or trade sanctions administered or enforced by any governmental authority or otherwise designated on any list of prohibited or restricted parties or
(b) (including but not limited to the following) a citizen, resident, or organization of the Chinese Mainland, Taiwan (province of China), Hong Kong (SAR of China), the United States and Singapore.
Given these compliance limitations imposed by JustLend, it can be reasonably inferred that the stUSDT is not offered to residents or entities in these specified territories—at least not via the JustLend platform. This self-imposed restriction mitigates any additional regulatory burden that might otherwise be placed upon the platform, especially in jurisdictions with a complex or ambiguous legal framework concerning the classification of tokens.
On the other hand, a comprehensive evaluation of the regulatory standing of stUSDT’s issuer, RWA DAO, is currently unattainable. The reason for this constraint lies in the scant availability of pertinent information about RWA DAO, including but not limited to its structure, governance protocols, and compliance measures.
LlamaRisk Gauge Criteria
Centralization Factors
1. Is it possible for a single entity to rug its users?
Yes. As an RWA service, user funds are offboarded and are handled or otherwise held in the custody of trusted third parties. Very little is known about the RWA DAO or its team of asset managers, nor is any information available about custodial relationships aside from Huobi’s role as an on/off-ramp for user funds. There are very few legal protections that protect users and their ownership rights over funds they have deposited into the system.
2. If the team vanishes, can the project continue?
No. The operation of stUSDT depends on the team to actively manage exit liquidity for users and rebasing the token supply. Given the markedly intransparent operation of stUSDT and its legal relationship with custodial partners, it is possible for the project to be abandoned by the current team without a contingency plan to continue operations.
Economic Factors
1. Does the project’s viability depend on additional incentives?
No. As an RWA service, stUSDT has a self-sustaining economic model that earns yield on short-term government bonds. The service charges a withdrawal fee to finance operations and custodian expenses are deducted from interest earned.
2. If demand falls to 0 tomorrow, can all users be made whole?
Possibly. Redemptions of stUSDT are always available, but involve an exit queue that can take up to 3 days to process withdrawals. The question of whether all users can be made whole depends on how trustworthy the RWA DAO is in managing its RWA portfolio. If it follows its promise of investing only in short-term government bonds, users likely can be made whole. There is a strong trust assumption, though, because there are no official reserves attestations and the Fund managers have no mandate to maintain a conservative investment strategy.
Security Factors
1. Do audits reveal any concerning signs?
Yes. There are no public audit reports and no bug bounty program. The system already has $1.7b in TVL after only a few months of being in production. Most functions are guarded by stUSDT team access controls, although there is currently ~$12m held on-chain as a system buffer, and that value can directly be at risk in case of a smart contract bug.
Risk Team Recommendation
The stUSDT product is in its early days, having launched in July 2023. The majority of adoption and activity has so far taken place on Tron, with only a handful of EOA addresses holding stUSDT on Ethereum. The token supply is highly concentrated in addresses associated with Justin Sun and Huobi. Despite Justin Sun’s stated intention on Twitter to pursue a deeper partnership with Curve by promoting the stUSDT pool, this has not yet materialized and the Curve pool remains unseeded.
To put it plainly, there are some concerning signs about this project and they should be adequately addressed before considering incentives for a stUSDT pool. Essentially nothing is known about the RWA DAO, the team involved with on-chain operations, the custodial partners, the reserves portfolio, or any associated legal rights users have concerning their ownership of their assets once they have been deposited into the system. Compared to other RWA issuers we have reviewed, such as Ondo and Matrixdock, the transparency practices and user assurances of stUSDT are practically nonexistent.
We have attempted to open a dialogue with a representative from stUSDT to give them an opportunity for clarification on these matters and they have so far declined to comment. We continue to invite them to engage with us, and it is our hope we can follow up with positive developments in response to some of the concerns listed in this report.
Our recommendation is for the members of RWA DAO and JustLend to first clarify their involvement with the project, hire a third-party auditing firm to provide attestations and publicize the partnerships and legal relationships governing the management of off-chain assets. Once steps are taken to protect users’ rights to their assets, it would be appropriate for Curve to consider approving a gauge to the stUSDT pool.