LlamaRisk.

Asset Risk Assessment - Tangible (USDR)

Lavi_54 & dabar_90
Lavi_54 & dabar_90

A deep dive into a pioneering real-estate-backed stablecoin on Polygon.

Useful Links

A TLDR of our Findings

This report will investigate risks associated with the USDR stablecoin issued by Tangible. The team submitted a proposal in March 2023 to add CRV incentives to the USDR/am3CRV pool on Polygon. The proposal successfully passed a DAO vote on March 30, 2023.

  • Tangible is building an on-ramp and trading platform for real-world assets (RWAs). Physical items such as gold bars, watches, or real estate (RE) are tokenized (i.e. minted) as tangible non-fungible tokens (TNFTs).
  • The protocol provides a marketplace to issue and trade TNFTs. The legal entity behind the project (Tangible Labs) facilitates the real-world purchase and custody of these goods. It collaborates with several service providers (vendors, custody) across different jurisdictions. However, most of its business is centered around the UK.
  • In the case of real estate, Tangible creates SPV (special purpose vehicles) to acquire and manage the properties. These are legal entities specifically established for this purpose. They already have listed over 14 properties in the UK.
  • The protocol’s token $TNGBL is used to incentivize the usage of Tangible’s products, and it provides a revenue share to those locking the token. In return, stakers receive so-called 3,3+ NFTs that represent their positions. TNGBL is not a governance token (yet).
  • Tangible also issues a stablecoin - Real USD (USDR). It is pegged to the US Dollar and over-collateralized with RE TNFTs, DAI, and TNGBL (it's native toke). USDR comes with intrinsic yield, generated by the RE TNFTs, which is forwarded to its holders via daily rebases. Currently, the yield sits at ~8% with an additional 10% subsidized through TNGBL airdrops.
  • The stablecoin is natively issued on Polygon, where it currently has 176 holders. USDR is not a trustless or decentralized stablecoin. It relies on the protocol's own RWA on-ramp service and management by the team.
  • As it is backed by RWA collateral, USDR relies on centralized processes (RE on-ramp) and real-world custody. It also applies elements of hybrid algo-stablecoins (automated collateral management and TNGBL as collateral).
  • Using RE as collateral comes with some benefits but also risks. While its yield and price stability are very attractive, its price finding and liquidation can pose an issue. The current setup can also lead to a conflict of interest, as Tangible is the only issuer of the collateral that is backing its own stablecoin.

The project is very ambitious and multi-faceted. It combines elements of DeFi and RWA tokenization to create a novel solution. However, it appears to be quite complex on a technical level, introducing many centralized components and potential single points of failure. The protocol and its stability strategy are not “battle-tested” and it is fully dependent on the founding team. Custody and management are still centralized both on and offchain, much of the collateral backing is illiquid (RWAs) or endogenous (TNGBL), the regulatory status of the product is unclear, and thus, Tangible represents a particularly high risk to users.

Introduction - Tangible

Tangible is a marketplace for tokenized assets, a stablecoin issuer, and an on/off-ramp service for real-world assets (RWAs). Tangible’s marketplace enables the primary purchase and secondary trading of tokenized physical goods, such as wine, real estate, watches, or gold bars. When purchasing a good through Tangible, the buyer receives the product in the form of a TNFT - a tangible non-fungible token - which is minted upon purchase. These TNFTs represent ownership of the physical item.

The physical item is acquired through one of Tangible's partner vendors, and stored in one of their storage facilities. Each product type requires individual storage facilities. A storage fee is charged to the owner of the TNFT. For example, the fee for storing gold bars is 1% per year.

In case of redemption, Tangible collaborates with logistic firms to ensure the safe shipping of physical goods. Shipping fees must be paid by the person redeeming the TNFT and are calculated on an individual basis.

In summary, Tangible allows the conversion of real-world assets into TNFTs, which can be redeemed for the physical product. Their docs provide an overview of the process to explain how it works (see image below).

marketplace-process

(Source: Tangible Docs)

  1. A user buys an item on Tangible’s marketplace. Smart contracts process the item price and storage fee where relevant.
  2. The TNFT is minted and sent to the user’s wallet.
  3. Concurrently, Tangible completes the purchase of the physical item through its partner supplier.
  4. The purchased item is shipped to a Tangible Vault for storage.

In addition to minting new TNFTs through the primary store, Tangible also built a secondary marketplace that facilitates the trading of existing TNFTs. In this scenario, the buyer sends USDR and in return, the TNFT is transferred to their wallet. Tangible applies a 2.5% marketplace fee per trade. 33.3% of the fee is used to buy and burn TNGBL tokens, and the remaining 66.6% is distributed to TNGBL stakers (3,3+ NFT holders).

However, secondary market sales can be an issue for sellers who need liquidity immediately. The current system requires users to wait until a buyer is willing to pay for the goods. The team is working on a solution that should enable faster liquidations (not live yet).

Product Categories

Four tokenized product categories are live on the platform. These are Gold, Wine, Watches, and Real Estate. For each category, Tangible is working with the following international suppliers:

For the trading and storing of gold bars, Tangible uses the service of PX Precinox in Switzerland. For wines, they collaborate with London-based Bordeaux Index, and for watches, they work with UK-based BQ Watches.

In the case of real estate, Tangible creates local Special Purpose Vehicles (SPV). These are legal entities established for every property. SPVs manage the property by sourcing tenants, collecting rent, or managing repairs. All properties are leased out and rental yield is paid to the TNFT holder(s) in USDC.

Each UK-based property has its own UK-SPV. This is done because real estate cannot be directly tokenized. However, legal entities can. Real estate TNFT holders get beneficial ownership over the SPV, which grants them beneficial ownership over the property. Legal ownership of both, however, remains with Tangible’s legal entity (i.e. BTS TNFT Limited, incorporated in the UK. Tangible also has an entity registered in the British Virgin Islands with the same name).

Fractional TNFTs

Tangible Fractions are smaller fractions of a whole TNFT. This allows large ticket items (e.g. real estate) to be split into more affordable pieces. This way multiple owners can share the risks and rewards of an investment. To create fractionalized TNFTs, the complete TNFT is locked into a smart contract vault that splits it into several Fractional TNFTs. The original TNFT can only be redeemed by collecting all the individual fractions.

TNGBL Token

Tangible’s token $TNGBL has three main functions. It serves as a reward token (to incentivize usage of the marketplace and subsidize USDR yield), it has a revenue-sharing mechanism (to incentivize lock-ups of TNGBL), and lastly, it functions as a backing for USDR (i.e. it can be used to mint USDR). It does not have any governing rights so far.

The max supply of TNGBL is capped at 33M. The initial distribution plan promises a majority allocation to the DAO and the community (70.8%). The rest is mostly reserved for the team, investors, advisors, and Tangible Labs. Another 1.25% were sold in an IDO in April 2022 via PeakDeFi. However, there is no distribution schedule or any information provided on how the “DAO share” will enter circulation.

While officially capped at 33M, more TNGBL could theoretically be minted. An evaluation of the token contract via GoPlusLabs reveals that:

  • Change Balance - The contract owner has the authority to modify the balance of tokens at other addresses, which may result in a loss of assets.
  • Mint Function - The contract may contain additional issuance functions, which can generate more tokens.
  • Hidden Owner - The token has a hidden owner address. Meaning that developers can potentially still manipulate the contract even if ownership has been abandoned.

Polyscan-Erc20-sol-file

(Source: TangibleERC20.sol)

As mentioned, TNGBL holders can earn a share of the platform's revenue by locking up their tokens. The longer the lock-up period, the higher the reward multiplier. The multiplier rewards stakers with additional TNGBL tokens. When locking TNGBL, users receive a so-called 3,3+ NFT in return, which represents the locked position. The maximum lock-up period is four years. In comparison to other established ve-tokenomics designs, however, Tangible’s 3,3+ NFTs do not grant lockers any governance rights or influence over a reward gauge.

Tangible also built a marketplace for 3,3+ NFTs that allows users an early exit without having to unlock TNGBL. 33.3% of the marketplace fees are used to buy back and burn TNGBL. The remaining 66.6% can be claimed by 3,3+ NFT holders. The reward is issued in USDR and depends on the amount of locked TNGBL and the multiplier. 3,3+ NFTs were also handed out as a reward to early users of the platform. For instance, by purchasing a gold bar and minting a gold TNFT, users were rewarded with a 3,3+ NFT. This incentivization is no longer active.

At the time of writing, 99% of TNGBL supply is held by the top 5 addresses on Polygon. The largest holder is the PassiveIncomeNFT contract. It holds 81.7% of all TNGBL tokens. This means that the vast majority of circulating supply is locked in 3,3+ NFTs. There are currently 7,401 addresses holding these 3,3+ Passive Income (PI) NFTs. The largest one is the Tangible:Deployer EOA with 10%, as this address minted and distributed NFTs to IDO participants.

Real USD (USDR)

USDR is a natively rebasing, yield-bearing, over-collateralized stablecoin, pegged to the US dollar. USDR is issued on Polygon where it currently counts 179 holders. The stablecoin, issued by Tangible, is backed by a combination of ERC-20s, LP tokens, and tokenized real estate TNFTs. Using real estate TNFTs as collateral enables two novel features:

  1. Intrinsic Yield - According to Tangible, their properties yield 8-10% annual interest from rentals. This yield is paid out to USDR holders in the form of daily rebases (i.e. the amount of USDR in a wallet automatically increases). To boost yield for early adopters, Tangible is currently subsidizing USDR via a daily airdrop of TNGBL to USDR holders, thus increasing the yield by ~10%.
  2. Exposure to a novel asset class - Stablecoins are usually backed by either highly volatile crypto assets or other stablecoins. Real estate, on the other hand, has a long track record of relatively low volatility and continuous appreciation in value. In other words, the value of the collateral backing USDR should steadily increase.

The drawback of these TNFTs is the relative illiquidity that comes with the real estate market. Unlike currencies or securities, properties cannot be sold within minutes. Additionally, real estate can still depreciate in value. Therefore, a good liquidation mechanism is required, along with precautions to keep USDR over-collateralized. Tangible has a few methods for keeping the collateralization ratio (CR) over 100%:

  • In case the CR of USDR falls below 100%, half of the rental yield payments are retained by the USDR collateral treasury. The daily rebase is consequently reduced by 50%. In other words, USDR holders earn less interest, until the CR is back to 100%.
  • The treasury that is backing USDR always holds a diversified portfolio of liquid assets for fast liquidations (e.g. DAI, protocol-owned liquidity, and TNGBL tokens).
  • In case all DAI and other reserves are emptied, real estate TNFTs are liquidated. In such a scenario, users will receive pDAI instead of real DAI. pDAI serves as an IOU token that represents a claim to real DAI, once the liquidation is executed.
  • A benefit of RE-based yield is that it’s not highly correlated with the asset’s price volatility. Rents don’t change in the short to mid-term, even if the properties’ value decreases.

Minting Real USD

USDR can be minted using TNGBL or DAI at a 1:1 ratio. To access the minting function, users can visit Tangible's website. The USDR contracts are deployed on Polygon and are based on Open Zeppelin smart contracts.

When minting USDR, DAI or TNGBL tokens are sent to the collateral vault that is backing USDR. Tangible calls this contract the USDR treasury. However, there's a limit to how much USDR can be minted using TNGBL. According to the docs, it cannot exceed 10% of the total USDR minted, minus USDR redeemed. This reduces the risk associated with TNGBL's volatility and prevents a potential death spiral event.

Tangible aims to also mint USDR from system gains. This happens when the assets in the USDR treasury exceed a 100% collateralization ratio. In such cases, the system uses the gains to buy more real estate TNFTs by minting new USDR. For instance, if the price of TNGBL increases, new USDR is minted against this appreciation and used to buy TNFTs. This helps shift the collateralization from TNGBL to yield-bearing real estate.

The team also expresses the intention to fully automate this process in the future. While the process indicates a willingness to maximize capital efficiency, the team has left a collateral buffer to reduce risk (more on that later).

Redeeming Real USD

Real USD is redeemable 1:1 for DAI at any time. Using the redemption function will incur a 0.25% fee. According to Tangible, this fee is configurable and will sit just above the fee of Curve, thus encouraging swaps over redemptions.

In the event that all DAI from the treasury is redeemed, users who wish to redeem USDR will receive pDAI (promissory DAI) - a synthetic IOU token that represents a claim to real DAI. The treasury will then start the liquidation process of its TNFTs. Users will be able to exchange pDAI 1:1 for DAI, once real estate TNFTs were sold for more DAI.

After all RE has been liquidated, users are finally able to redeem TNGBL. As a precaution in case of 100% redemption demand, there is an insurance fund made of a diversified treasury that ensures 1 USDR can always be redeemed for $1 worth of DAI.

Tangible also has plans to leverage protocol-owned liquidity (POL). They already own most of the Curve metapool (USDR-am3CRV). It thus makes sense to have a redemption fee that is higher than the Curve swap fee, as users are incentivized to swap USDR using the Curve metapool instead of emptying the treasury.

In conclusion, the redemption of USDR is limited to the amount of DAI in its treasury (and, by extension, to the number of other stables in the Curve pool). However, this only counts for immediate redemptions. Users who are willing to wait, can rely on the TNFT liquidation mechanism, and receive pDAI instead of DAI.

USDR Collateral Structure

As mentioned above, USDR is backed by different types of collateral. There are currently five categories, each with a flexible share.

According to their docs, the collateral structure is targeted to look as shown in the image.

usdr-collatera-structure

(source: TangibleDAO documentation)

The actual collateral structure currently is quite different from the above targets.

The image below displays the current collateral structure. The share of real estate is only 43.24%. This section requires more growth to achieve 50-80%. The TNGBL’s share on the other hand is over 15%. A difference of plus 5% from the intended allocation. This is due to TNGBL's recent price appreciation, according to the team.

tangible-website-collateral-ratio

(source: Tangible Website - USDR)

[Side note: The reported shares in the image correspond to the outstanding USDR ($21.1M). When compared to the overall collateral ($24.1M), real estate only accounts for 37.8%].

The system backing can be verified at the following addresses:

The majority of insurance fund reserves are on Polygon. Assets include USDC20/TNGBL80 balancer LP, locked USDC/TETU LP, locked CVX, USDC, locked VELO and OP. Although the insurance fund is intended to protect users against a TNGBL death spiral (ie. to ensure users are made whole in case of 100% redemption demand), nearly half of the insurance fund value is from TNGBL. ~$420k worth of value is in timelocked assets, and only ~$27k is both liquid and exogenous (not exposed to TNGBL).

It’s also worth noting the sizable share of protocol-owned liquidity (POL). Having POL backing USDR benefits the protocol by increasing liquidity, creating a revenue stream for the treasury, and providing another venue to swap USDR (besides redemption). However, it is recommended to differentiate POL from user minted collateral (e.g. DAI or TNFTs). USDR minted through automated POL strategies are more akin to available reserves than circulating supply. Reserves depend on LPs in the Curve pool to supply the counterparty asset, and overreliance on POL strategies is indicative of low organic demand for the core product. Tangible currently owns ~42% of the Curve pool, indicating that there is relatively low organic demand to provide liquidity (although the new Curve gauge is likely to attract more external LPs).

Tokenized Real Estate as Collateral

Real Estate (RE) represents the main collateral type of USDR. As mentioned earlier, using RE has several advantages. It is natively yield-bearing, it comes with low price volatility, the yield is independent of the price, and it has a history of strong value appreciation.

Tangible plans to make real estate the main collateral. Up to 80% of USDR is going to be backed by RE. This leads to some key questions:

  • How is the real value (market price) of RE defined?
  • What method is used to value RE’s appraisal?
  • Is 100% CR the optimal parameter for USDR, considering the risks that come with RE as the main type of collateral?
  • Should USDR have a built-in risk management and liquidation system?
  • How trustless is the RE on-ramp and liquidation process?
  • How is the regulatory situation impacting tokenized RE?

It’s beyond the scope of this article to answer all these questions. However, it is clear that there are certain drawbacks to using RE as collateral. First of all, it complicates the calculation of the collateral’s value. It doesn’t come without effort to determine the real value of these properties. Some websites offer the service of estimating the market price. For instance, zoopla.co.uk is one option. Tangible recommends using hometrack.com to find housing prices. However, these are all just estimations, as the real price is only determined once the property is sold.

The second obstacle is the verification that the TNFT represents the promised SPV and that the SPV owns the property. It would be trivial to mint TNFTs without actually buying a house. Tangible therefore provides access to all the official documents for each property (example property). The team claims to be working with Chainlink and a third party auditor to integrate proof of reserves (independent verification of property ownership and proper documentation backing the NFT) and a price feed from hometrack.com (later expanding to an aggregate of pricing data providers). The team believes this integration will be complete by mid-May.

Currently, Tangible is trusted to make value estimates for its collateral. While Tangible have stated intentions to incorporate independant third-parties and decrease a central reliance on the team, this remains to be seen.

Proof of Ownership & Purchase - An Example

Tangible provides a list of all 14 properties backing USDR. Let’s look at the example of the apartment in Gillingham (see the image below). This is one of the properties backing USDR. All relevant documents can be accessed via a Dropbox file share.

tangible-website-appartment

(Source: Tangible Website)

According to the list on the website and on-chain records, the corresponding TNFT is owned by the USDR treasury. The item is listed on Polygon. It can be recognized by its ID number (340282366920938463463374607431768211474).

This, however, only completes the on-chain proof that the USDR treasury owns the corresponding TNFT. Tangible attached eight documents to the respective Dropbox share for proof of purchase. Among them is a valuation report, which attests the apartment's market price of £470k (~580k in USD). Further, there is a sales agreement providing the agreed-upon sales price, as well as a completion statement confirming that the property was bought for £413k (incl. stamp tax and other fees). There is also a property management agreement (PMA) and an insurance policy.

Moreover, the file share entails a certificate of incorporation confirming the establishment of an SPV named TNFT PROP 12 LTD. This can also be confirmed by checking the official company register of the UK. A transfer document confirms that the property at Chatham Waters, Gillingham was transferred to the respective LTD (SPV).

Evidently from the legal documentation made available by Tangible for each property listed on RE section of the platform, conveyance contract(s) have been executed by Tangible incorporated subsidiaries in UK - Special Purpose Vehicles. Consistent with Tangible business model and LO statements, each SPV is expected to acquire and take legal and beneficial title to the property.

Assuming that all documents are correct, this completes the proof of ownership. According to Tangible’s docs, the legal ownership remains with the token issuer, which is Tangible. The beneficial ownership, however, is with the token holder. This setup is similar to Circle’s USDC.

In conclusion, the process of verifying the price and ownership of real estate is rather cumbersome and not scalable. Users of Tangible or USDR have to either trust the project or go through a verification process for each and every TNFT that is backing USDR. This process needs to be improved and better methods to increase transparency need to be found. Tangible mentions a collaboration with Chainlink, to directly feed market prices of its properties from an independent source. This, however, is not live yet and raised other questions (more on that in the next section).

Risk Vectors

Smart Contract Risk

The protocol already has over 60 unique smart contracts deployed (list 1 and list 2). It has cross-chain implementations and many off-chain components that play an important role. The smart contracts related to USDR were audited by CyberScope over three phases:

  1. Initial audit (Nov. 24, 2022)
  2. Correction phase 1 (Dec. 15, 2022)
  3. Correction phase 2 (Jan. 17, 2023)

[Side note: CyberScope’s audit report mistakenly mentions the release date as January 2022, instead of 2023. The team was notified and acknowledged the error]

The audit did not find any major bugs or high-severity issues. In total 19 issues were found (2 medium, 17 minor, and 0 critical). But it did surface several recommendations to improve the code or the architecture. Some examples are listed below:

  1. Administrator Configurations - Many contracts depend on configurations from an administrator, for example, for funding allocations (e.g. bond program, affiliate, and incentive features) and direct state manipulation. In other words, the protocol depends on human interaction with its contracts. The Tangible: Deployer EOA can set privileged roles within the system that have the power to affect user funds.
  2. Decimal Architecture - The contracts do not have a decimals normalization mechanism. This results in excessive decimals normalization within the contracts, creates unnecessary dependancies between contracts, and hardcodes values that may change. One example from the audit is highlighted below:

cyberscope-audit-report

(source: CyberScope audit)

  1. Architecture of Contracts Roles - Every contract contains its own access layer. Several roles were used, for example, BURNER, MINTER, CONTROLLER, TRACKER, ROUTER_POLICY, etc. The DEFAULT_ADMIN_ROLE, which controls some of the most critical functionalities, has been granted to the Tangible DAO 4-of-5 multi-sig.

    The auditors pointed out a possible conflict between administrator roles and general architecture (addresses, contracts). They recommended using multi-signature wallets as an additional layer of security.

Adding to the last point, there is a general concern around access rights. Our research found that almost every contract has some sort of admin access. Hence, none of the contracts are immutable. Despite the use of multi-sigs for most contracts, it opens a potential attack vector, given the high number of contracts. The Tangible: Deployer EOA, in particular, has enormous power within the system. It is the DEFAULT_ADMIN_ROLE that can set roles for an arbitrary address. Although the team regularly passes admin control to the 4-of-5 multi-sig, care must be taken that the new admin revoke the admin role from the Deployer for every deployed contract. This manual process increases the risk of human error that can potentially affect user funds.

In conclusion, the audit did not find any severe issues. However, despite the audit's findings, the current setup warrants caution. None of Tangible’s 60+ contracts are immutable, and many are relying on manual interaction (administrator role). These roles can be difficult to track and are not implemented in a uniform manner. The sheer amount of contracts and the current setup create additional complexity. Essentially, this opens unnecessary risk vectors and is prone to human errors. Moreover, the contracts are susceptible to compromised access rights. Adding to these points are the facts that the project has no decentralized components (e.g. a governance module) and lacks a bug bounty program.

On-Chain Custody Risk

As mentioned above, the Tangible platform and the USDR smart contracts involve a role-based access control system owned by a few multi-signature wallets (which are granted by the Deployer EOA). The custody risk thus lies in the hands of the Tangible: Deployer and in these signers. They basically control the entire project, making it a fully centralized project.

Looking at the signers from the most relevant wallets leads to the conclusion that the same two to three EOAs control all wallets. A summary of all signers is listed below:

  • Tangible Labs Multi-sig (2-of-3). This wallet has control over the USDR collateral treasury and minting of all TNFTs, including real estate:
    • Signer 1 (460 days - high activity; ENS tag -> tangiblelabs.eth)
    • Signer 2 (558 days - medium activity)
    • Signer 3 (428 days - low activity)
  • Tangible DAO Multi-sig (4-of-5) This waller has admin privileges across the majority of system contracts:
    • Signer 1 (460 days - high activity; ENS tag -> tangiblelabs.eth)
    • Signer 2 (558 days - medium activity)
    • Signer 3 (428 days - low activity)
    • Signer 4 (306 days - no activity)
    • Signer 5 (306 days - no activity)
  • USDR Treasury Manager Multi-sig (3-of-5). This wallet manages assets in the USDRTreasury:
    • The same five signers as for the wallet above (Tangible DAO Msg)

In summary, the first three signers are the same for all three wallets. The other two that complete the 4-of-5 and 3-of-5 multi-sigs have no activity. This suggests that all multi-sigs may be controlled via three addresses.

Another example is the marketplace fee distributor. This contract is used to distribute 66.6% of the fees and swap the remaining 33.3% on Uniswap to buy and burn TNGBL. This contract is controlled by one single EOA. The same is true for the 3,3+ NFTs: Tangible: Deployer controls 78% of these. Additionally, the bribe manager is the same EOA across all chains.

In other words, there is a high trust factor for all assets in Tangible’s smart contract custody. One person controls considerable fund flows within the system, which should ideally be automated/callable by a public function. The collateral in the USDR treasury is also accessible by the Tangible Labs multi-sig, as are almost all smart contracts. Our conclusion is that the current custody setup is highly risky, highly trusted, and prone to errors.

Off-Chain (RWA) Custody Risk

As indicated earlier, having real estate as collateral for a stablecoin comes with some benefits, but also with several risks. The main risks are summarised below:

  • Off-chain Custody - RE as collateral requires trusted custody of the legal ownership within an SPV. The SPVs and the on-chain equivalents are controlled by Tangible Custody LTD.
  • Legality and regulatory compliance - Given the lack of regulatory guidance, it is unclear if and how the current setup is regulatory compliant. This can be said over most crypto projects, however, this case is even more relevant as it has an impact on the real world, incl. tenants and local communities.
  • Conflict of Interest - Having the same company that is issuing USDR also controlling the on- and off-ramp of the RWA’s backing the stablecoin can lead to conflicts of interest. It also adds a single point of failure and it raises the question of scalability.
  • Evaluation of Real Estate - Evaluating the collateral value of RE is a complicated process. The support offered by websites such as hometrack or zoopla is a decent start, but these are just estimates. They can’t predict the liquidation value. Besides, hometrack is not usable for free, thus limiting accessibility (it costs £20 per valuation). Zoopla on the other hand is free to use.

Oracle Risk

Risks associated with the last two points become apparent when looking at an example. Using the same property as in the previous section, Zoopla estimates a price between £370k–390k ($457k–482k). This is for a property similar to the apartment in Gillingham mentioned above. In comparison, Tangible values the Gillingham property at $529k USDR. A difference of plus 9–15%. Thus allowing for a higher issuance of USDR, which might reveal to be not fully backed in a stress test. According to the team, their valuation also includes other funds held in the RE reserve (e.g. 5% maintenance fee, 2% vacancy fee, 2% management fee, etc). Nonetheless, this example emphasizes the conflict of interest that occurs when the same protocol issues the stablecoin and the collateral backing it. Naturally, Tangible is incentivized to apply a high evaluation.

Tangible implemented a fingerprint oracle solution for pricing its RWAs TNFTs. A fingerprint oracle uses a unique ID assigned to each product (product_id = a string representing a unique item). This way, Tangible can map each item to its market price, provided by their suppliers. Fingerprints are assigned to products before the TNFT is minted, and token IDs are mapped to the fingerprint after minting. This solution is also chosen because it fits within the limited block size of the Polygon sidechain.

There is also a TNGBL pricefeed that limits how much USDR can be minted from TNGBL. The USDRExchanger contract enforces the USD value of TNGBL that can be deposited by querying the TNGBLPriceOracle. The TNGBL price oracle is updated by multi-sig tx, using the TNGBL/DAI pool on UniV3 as a secondary pricefeed that is only accepted if lower than the team's primary value. This protects against market manipulation by setting an upper bound on an settled TNGBL price, but further highlights system dependence on the active management by the Tangible team.

In summary, Tangible uses a custom oracle solution. This allows them to inform the prices of their traded goods. Some details were also provided in the Curve Gauge Proposal: “We have our own oracles for properties at the moment but are working with Chainlink to integrate, then true property valuations via 3rd party Hometrack.com can be reflected on a chain in Real Time so the treasury values and the collateralization ratio are up to date, this also allows for “minting on gains” to work more effectively in real-time.

A collaboration with Chainlink and an independant auditor would be a substantial improvement. This would remove concerns surrounding Tangible’s conflict of interest. However, using Hometrack as the sole price authority moves the question of reliability to another single entity. While it’s definitely an improvement, it can’t guarantee that the oracle quotes a reliable liquidation price.

Regulatory Risk

Real Estate NFTs may be classified as securities tokens, which may require registration with the UK Financial Conduct Authority (FCA). In the absence of clear regulatory guidance, an official Legal Opinion (LO) on the proposed business model would serve as justification for the compliance of the tokenization. We requested access to the LO statement from the team, and they have shared it with us. The document was examined by Llama Risk legal counsel, then following its provisions and confirmation by Tangible we were assured that their operations are exempt from registration with the FCA.

As regulatory clarity continues to be a challenge for projects offering RWAs such as real estate NFTs, securing quality legal guidance is essential. The Tangible team currently solicits legal advice on a weekly basis and say they will have an in-house legal and compliance team starting in June.

Users should be aware, that as per the Tangible Terms of Service, TNFT Ltd. excludes the company's liability for damages and limits liability in contract, tort, misrepresentation or restitution to 1,000 GBP.

photo_2023-04-24 12 32 54

Source: Tangible.store TOS

It is the opinion of Llama Risk legal counsel that since Tangible acts as a bridge between RWA and on-chain transactions/relationship, when tokenizing property and selling to retail investors, a merchant acting in good faith ought to ensure sufficient level of customer protection. The TOS here offers minimal protection.

Depeg Risk

Since its inception, USDR has been relatively stable. The only mentionable depeg happened during the weekend of March 11/12, 2023. The same weekend that USDC lost its peg. USDR is partially backed by DAI (~25%), which itself is mostly backed by USDC (~63%). Tangible described the incident in their gauge proposal. "On Saturday am UTC the DAI reserves were depleted as people began to panic. We anticipated that people would begin to redeem for pDAI, and that on Monday am UTC we would need to create a liquidity pool for DAI-pDAI for those who wanted to quickly exit their position. However this was not required as we regained peg without the protocol needing to issue pDAI at all. This risk however remains ever present and is the single largest downside to backing a stablecoin with tokenized Real estate."

However, with regard to USDR’s stability, the price has been mostly around the one Dollar mark. It also recovered quickly from the depeg in mid of March (see image below).

coingecko-usdr-price

(Source: Coingecko)

The following stability mechanisms are installed to keep USDR at peg:

  • As a first measure to prevent depegs, USDR is redeemable for the DAI that is backing it. Currently, around 25% of its collateral is denominated in DAI.
  • As a second measure, USDR is backed by protocol-owned liquidity, consisting of the USDR Curve pool. In combination, the two measures guarantee a certain amount of liquidity for trading or redeeming USDR.
  • As a third step, Tangible established an insurance fund. At the time of writing, the insurance fund stands at ~$1.1M (9.2%) of USDR's collateral. However, the Polygon-based multi-sig mainly contains 20/80 USDC/TNGBL LP tokens. In other words, the insurance fund mostly consists of more TNGBL.
  • As mentioned earlier, Tangible also aims to implement pDAI (i.e. promissory DAI). pDAI would be required in the case of a bank run, meaning that Tangible has to sell its RE TNFTs, to make USDR holders whole. In such a scenario, pDAI would be redeemable instead of DAI. And once enough real estate is liquidated, pDAI holders can swap it for real DAI.

TNGBL as Collateral

Tangible targets 5-10% of the collateral backing to be composed of its own TNGBL token, which can be minted as $1 worth of TNGBL for 1 USDR. This makes USDR a partial algo-stable and raises concerns about its reliability in adverse market situations. Although Tangible limits the amount of USDR that can be minted from TNGBL, it now accounts for ~14% of the total backing.

There are concerning and potentially unsustainable strategies that can be used by having a partially endogenous collateral type. For instance, the bribe manager regularly deposits TNGBL to mint USDR for its incentive scheme. This gives Tangible a similar power to mint unbacked stablecoins that prompted an emergency action against Mochi's USDM. Tangible could potentially mint USDR against TNGBL and redeem for DAI or sell into its Curve pool for USDC/USDT/DAI. The team recently began bribing aggressively for its USDR/am3CRV pool with a $225k deposit to Warden Quest. The majority of funding came from Binance wallets, and some were bridged from Polygon with funds flowing from TNGBL -> USDR -> DAI (Curve pool) (tx).

Screen Shot 2023-04-21 at 1 17 34 PM

Source: Warden Quest

An analysis of TNGBL deposits into the USDRTreasury shows that the vast majority of USDR minted from TNGBL is from team deposits, mostly from their bribe wallet (bribes for incentives that increase USDR liquidity) and gov wallet (purchases gov tokens, including CVX and VELO, to increase incentives to USDR pools). The treasury transfer, labelled below, includes a majority share of deposits coming from those two team wallets. Overall, 1,023,854 of the 1,106,514 (>92%) TNGBL in the treasury contract are confirmed team deposits.

screenshot_1682361819882

Source: Breadcrumbs.app analysis

This strategy allows Tangible to aggressively expand by funding incentives for the USDR/am3CRV pool (and other liquidity venues), with the caveat that the price of TNGBL must sustain. In case TNGBL drops significantly in price, USDR may become undercollateralized. As described in previous sections, TNGBL is the last treasury asset to become redeemable, after all DAI and RE has been redeemed. The insurance fund is composed mostly of the USDC/TNGBL Balancer pool, and would be mostly ineffective in case of emergency. TNGBL poses a significant risk to the solvency of USDR.

wUSDR

USDR is available cross-chain, which needs to be considered as well when looking at the peg stability. To use its stablecoin outside of Polygon, Tangible created wrapped USDR (wUSDR).

Real USD can be wrapped into wUSDR through Tangible’s website. Wrapping is done on Polygon. From there, it can be transferred to BSC, Optimism, Ethereum, and Arbitrum using Multichain’s router. wUSDR holders can then provide liquidity and farm on different DEX and yield aggregators across these ecosystems. For instance, Beefy and Velodrome (Optimism), Thena (BSC), or Balancer and Aura (Ethereum). Farming on Arbitrum isn't enabled yet.

In order to be compatible with Multichain’s router as a “bridge asset”, wUSDR implemented Multichain’s extension smart contract Anyswapv6ERC20.sol. This creates a better user experience when transferring wUSDR to mentioned chains. However, as highlighted in our previous report about Multichain, this hands over the control for the wUSDR mint and burn functions to Multichain’s MPC. Thus adding an additional element of dependency and risk to USDR and wUSDR.

Moreover, there is a big difference between wUSDR and USDR. The wrapped version of the token does not rebase. Instead, it increases in price when the rental distribution occurs. Hence, there is a difference between the price of wUSDR and USDR (see the image below).

wrapped-usdr

(Source: Tangible website)

With a constantly increasing price, these liquidity pools are not “pure stable pools". They can not be considered to meaningfully contribute to USDR's pegging mechanism. On the contrary, adding more complexity to a project that is already a handful. It’s also worth pointing out that there is a high concentration in terms of wUSDR token holders. On all chains outside of Polygon, almost all wUSDR tokens are deposited into the above-mentioned DEXs (see image below).

wusdr-cross-chain-implementation

In conclusion, Tangible has built several mechanisms that support the peg of USDR. They have conceptualized a promising method (pDAI) to assure that USDR holders can always redeem USDR for something of equal value. However, most measures are still new, and not battle-tested, and some are fully centralized (e.g. real estate liquidations). Especially in the case of a bank run, it's questionable whether USDR can hold its peg. Moreover, the project introduced multiple dimensions of additional complexity and potential weaknesses through its wUSDR token and Multichain integration. These factors do not contribute to the safety of USDR’s peg stability. Nonetheless, USDR has so far proven to be quite stable (since October 2022) and survived its first depeg well.

Llama Risk Gauge Criteria

  1. Is it possible for one single entity to rug its users?

Yes, Tangible can neglect to liquidate assets or not honor redemptions. It also acts as its own oracle for pricing RWA's. Most of the protocol’s funds, including its treasury, insurance funds, and collateral assets in smart contract custody, can be accessed through a team-controlled multi-sig. Moreover, there are no timelocks.

The fact that the team is doxxed and is experienced in building Web3 start-ups adds some credibility. However, the high level of system complexity along with centralized access control give cause for concern.

  1. If the team vanishes, can the project continue?

No, the team controls all contracts, assets, and custody of all RWAs. If the team vanishes, the DAO could not exercise the liquidation of its RWAs. Moreover, nobody could update the contracts, distribute fees, or access any other assets held in the treasury. Hence, it’s unlikely that the real estate properties or any other RWAs in Tangible’s custody can be accessed by anyone outside the team.

The team mentioned a plan to partner with other RE issuers to reduce dependency on their own LLC. This remains to be seen.

  1. Does the protocol rely on CRV or other incentives to keep its peg?

Somewhat. USDR has grown to a market cap of $11.5M before receiving a Curve gauge. USDR has also been relatively stable. The only depeg occurred during the depeg of USDC, whereby most stablecoins experience some issues over the course of one weekend. USDR has quickly recovered and remained stable since.

However, USDR depends on POL in the Curve pool to offer adequate liquidity and minimize redemptions thorugh the protocol directly. This can create a dependence on incentives to the Curve pool to avoid a liquidity crunch, which could become a crutch in case the system faces risk of insolvency.

  1. Do audits reveal any concerning signs?

No, the first audit did not find any severe issues. However, there has only been one audit so far. A second audit is underway while this report is being written. It is worth noting that there is no active bounty program, and generally Tangible and USDR is still a young project.

There seem to be some architectural inconsistencies and an excess of manual, privileged functionality. Currently, Tangible is more a company than a protocol, leaving the possibility for human errors or poor system management. Given the complexity of the system, a single audit and absence of a bug bounty program are inadequate to make strong security assurances.

Conclusion

Tangible is a very ambitious and fast-moving project. It introduces novel RWA use cases and an innovative stablecoin with intrinsic yield and a rebase mechanism. The concepts with regard to RWA trading and real estate as collateral are novel and well thought through. The degree of centralized control by the team does, however, present a conflict of interest, as the team is both the issuer of RE TNFTs and custodian of the underlying assets. Additionally, the actual implementation of the project's vision leaves much room for improvement. Tangible is prioritizing growth and fast releases of new features over the decentralization and sustainability of the existing infrastructure.

The entire setup related to smart contract access control, RWA custody, governance, and collateral structure is insufficient and merits caution. The protocol is susceptible to human errors and requires complete trust in the entities behind the platform. Moreover, it’s quite complex on a technical and conceptual level, and much is needed to improve the project’s transparency (e.g. ownership and custody of RWAs, pricing of RWAs, cross-chain wUSDR implementation, roadmap, access rights, admin roles, and hidden owners, just to name a few).

Although we commend the project's ambition, our opinion is that there is simply too much dependence on the core team. Users are wholly reliant on honest and responsible management by the team. In order to meet requirements for a Curve gauge, Tangible should implement their plan to transfer price oracles and proof of reserve for their RWAs to an independant auditor and oracle provider. TNGBL should also be removed as a collateral asset, as it magnifies the riskiness of USDR. Until these changes take place, we believe Curve should not be incentivizing the USDR/am3CRV pool.

Resources