Dec 16, 2024
This is an archive of our post on Aave governance forum. Read the full thread here.
In accordance with the 5-day ARFC timeline, we are submitting our interim report on LBTC. We are working to identify a suitable Oracle solution that would enable safe LBTC integration, particularly considering the aggressive parameters associated with E-Mode.
Summary
LBTC is a relatively new asset, launched in September 2024, that currently operates on a points-only system without yield distribution. While the protocol has shown steady growth, reaching $1.5B TVL, its market dynamics and peg stability mechanisms are still being tested. The protocol architecture is designed to accommodate future yield accruals from Babylon staking rewards, though this feature still needs to be activated.
A notable consideration is the protocol’s reliance on CubeSigner - a cloud-based HSM solution that differs from traditional MPC or on-chain multisigs. While built by respected security researchers, this solution has limited DeFi adoption, and we have yet to review it comprehensively. While the team has provided detailed documentation of their security measures, the actual implementation and ongoing operational security cannot be independently verified.
From a market perspective, LBTC faces challenges with limited and concentrated liquidity on Ethereum. There’s also an inherent risk of under-collateralization if Lombard faces slashing penalties in the Babylon Protocol. The protocol maintains sufficient bug bounties ($250K), as does its core dependency Babylon ($1M). Additionally, it features well-segregated smart contract admin access and a 24-hour timelock on critical protocol changes.
1. Asset Fundamental Characteristics
1.1 Asset
Key Statistics as of December 16th, 2024:
Market Cap: $1.5B
Circulating Supply: 14,159 LBTC
Yield: These are the only points for now, but there are plans for redistributing Babylon staking yield.
Launch date: September 5, 2024
LBTC by Lombard Finance is an ERC-20 token representing liquid-staked Bitcoin. It can be minted on various EVM-enabled blockchains, including Ethereum, Base L2, and BNB Smart Chain. The system operates through the Babylon Protocol, where users’ BTC is delegated to finality providers. These providers earn yields by validating PoS chains. Lombard uses a decentralized bridge to liquefy BTC staked in Babylon across different EVM chains. Currently, LBTC holders receive only points, though there are plans to implement a re-pricing model where LBTC’s value will gradually appreciate against BTC through native yield distribution from Babylon Protocol staking rewards.
1.2 Architecture
Overview
The architecture operates across three layers: EVM smart contracts on PoS chains, the Babylon Protocol, and the Bitcoin chain. The Security Consortium coordinates these layers - independent organizations that verify and sign critical operations like BTC staking/unstaking in Babylon and LBTC minting/burning on supported chains (Ethereum, Base, and BNB Smart Chain). The Security Consortium functions as a decentralized state machine using the Raft Algorithm for consensus. Members share a Threshold Key, requiring signatures from at least 2/3 of members to validate operations that can be verified through the LombardConsortium contract.
Source: Lombard documentation, December 16th, 2024
BTC to LBTC staking process:
The Security Consortium uses CubeSigner to generate a secure deposit address for user’s BTC
Once BTC is deposited and verified, the Security Consortium signs the deposit using their threshold key
The signed payload is recorded on the Babylon chain, providing proof for LBTC minting
The user can then mint LBTC by submitting the proof to the LBTC ERC-20 contract in a trustless way
Source: Lombard Finance documentation, December 10th, 2024
Within the Babylon Protocol ecosystem, the Security Consortium manages BTC delegation to Lombard’s finality provider service. As a finality provider - analogous to a validator in the Babylon Protocol - Lombard helps secure the network and generates yield returns through the protocol’s native staking mechanism.
Babylon Protocol
The Babylon Protocol enables Bitcoin staking across three chains:
Bitcoin chain: Where BTC collateral is locked
Babylon chain: Tracks staking balances
Target PoS chain: Enforces consensus rules
The slashing mechanism uses Schnorr signatures that could reveal stakers’ private keys. When slashing conditions are met, these keys are exposed on the Babylon chain, allowing any party to spend the slashed BTC from the corresponding UTXO.
Unlike typical PoS chains, the protocol enables near-instant bonding and unbonding. This is possible because Bitcoin’s Proof-of-Work security makes long-range attacks impractical - creating alternate forks requires competing with the main chain’s hash rate, making such attacks prohibitively expensive compared to PoS systems, which are essentially costless.
EVM Smart Contracts
The EVM part of the architecture is made of the following contracts:
LBTC ERC-20: the ERC-20 token contract for LBTC, which also allows for minting and burning LBTC by users.
Consortium’s Governance: the governance contract, an Ownable2StepUpgradeable contract which simply holds the public key part of the thresholdKey, which is needed to verify signatures from the Security Consortium onchain.
Proxy Upgrade Timelock: a 1 day Timelock for contract upgrades that controls the LBTC ERC-20 and Consortium’s Governance contracts.
Bascule Drawbridge: A redundant security component of the architecture that reports the state of the Bitcoin network, more specifically BTC deposits and withdrawals in Babylon, onchain. It is managed by the Cubist organization independently from the Security Consortium.
Bitcoin
Stakers deposit their BTC at specific addresses on the Bitcoin chain. Although the user technically retains ownership over the funds, transfers are restricted by a pre-defined set of UTXOs to spend the deposited BTC using the Bitcoin Script language, also known as Bitcoin covenants. The BTC can either be spent after a given time has expired (the unstaking delay) or sent to a burn address in case of slashing right away. The user is responsible for paying the Bitcoin network fee upon deposit and withdrawal. If the stake is withdrawn prematurely — before the unstaking delay has expired — an additional fee will be charged to the balance of the BTC deposited.
1.3 Tokenomics
Although Lombard Finance offers LUX tokens to incentivize users to hold LBTC, LUX currently has no economic value or utility within the Lombard Finance ecosystem. LUX points are not transferable and, therefore, not tradable for now.
1.3.1 Token Holder Concentration
Source: Etherscan, December 4th, 2024
Here are the top 5 holders of LBTC:
31.6% is restaked into the KarakNetwork
14.6% is restaked into EtherFi
12.2% is restaked into the Corn LBTC Silo
5.9% is restaked into Symbiotic
5.51% is deposited into the Pendle fixed-yield LBTC product
The sixth-holder is a Safe that holds 3% of the LBTC supply. Several other EOAs have holdings greater than 1% of the total supply. Although the top-5 DeFi contracts in which LBTC is deposited obfuscate the source of the LBTC deposits and could hide some whale holders, the distribution of LBTC appears to be spread out across the market.
2. Market Risk
2.1 Liquidity
Source: Cowswap, December 16th, 2024
According to Cowswap, a price impact of 7% corresponds to $35.8M of available liquidity (365 BTC).
2.1.1 Liquidity Venue Concentration
Here are the main liquidity venues for LBTC on Ethereum:
Uniswap V3 WBTC/LBTC: $42.5m of TVL
Uniswap V3 WBTC/cbBTC: $21.0m
Curve Tri BTC-Fi (LBTC/eBTC/WBTC): $7.6m of TVL
Curve LBTC/WBTC: $2.5m of TVL
2.1.2 DEX LP Concentration
Here is the DEX LP concentration for each of the top 4 liquidity pools:
Uniswap V3 WBTC/LBTC: 50% of the liquidity is held by a 2/3 multisig, the other 50% is held by the LBTC BoringVault.
Uniswap V3 WBTC/cbBTC: all the liquidity is provided by an EOA.
Curve Tri BTC-Fi (LBTC/eBTC/WBTC): 99.9% of the liquidity is held by the LBTC BoringVault.
Curve LBTC/WBTC: 65% of the liquidity is held by an EOA, 35% is held by another EOA.
Analysis shows significant liquidity concentration among a few wallets, including those directly linked to Lombard Finance (such as the LBTC BoringVault), while smaller liquidity providers are notably absent.
2.2 Volatility
Source: Coingecko, December 4th, 2024
LBTC experienced typical post-launch volatility during August and September 2024, followed by gradual stabilization. Notable price movements include:
Early October: Positive deviation reaching +0.5% above peg
November 21-22, 2024: Brief negative deviation of -0.2%, quickly corrected by market participants
These minor price variations can be attributed to emerging DeFi opportunities for LBTC.
2.3 Exchanges
LBTC is not yet listed on any centralized exchanges, despite Binance Labs’ investment in Lombard Finance.
2.4 Growth
As of December 3, 2024, 11,423 BTC staked into Lombard Finance, spread across 17,607 holders. The TVL has steadily increased since deployment from ~$200M to close to $1.5B.
Source: DefiLlama, December 12th, 2024
LBTC’s $1.5B TVL comprises nearly half of Babylon’s TVL, demonstrating significant protocol synergy.
3. Technological Risk
3.1 Smart Contract Risk
The protocol’s source code is publicly available on github.com/lombard-finance
. A total of 3 audits were performed, with the first 2 completed before the protocol launch. The overall conclusions were positive, with a few severe issues identified:
Halborn V0 (August 5, 2024): 10 findings total - 1 high risk, 2 low risk. No critical risks were found.
Veridise V0 (August 21, 2024): 10 findings total - 1 medium risk, 4 low risk. No critical or high risks were found.
Halborn V1.5 (October 10, 2024): 7 findings total - 1 medium risk, 3 low risk. No critical or high risks were found.
Since LBTC is built on BabylonLabs’ infrastructure, the security of the underlying protocol is also relevant. An audit conducted by Zellic (report) on June 28, 2024, identified 4 findings: 1 medium risk, 1 low risk, and 2 informational issues. No critical or high risks were found.
3.2 Bug Bounty Program
There is an Immunefi bug bounty offered by Lombard Finance with a maximum reward of $250k, active since September 4, 2024. Three smart contracts are in scope:
BabylonLabs also provides an Immunefi bug bounty since September 16, 2024, with a maximum reward of $1M for critical issues on blockchain/DLT code, and a maximum reward of $100k for critical issues found on websites and applications.
3.3 Price Feed Risk
A Chainlink LBTC/BTC price feed is available. This feed reports the secondary market price of LBTC on Ethereum.
3.4 Dependency Risk
Bitcoin
The Bitcoin chain is a protocol dependency since LBTC is a liquid staking token (LST) that represents a locked BTC on the Bitcoin chain. However, this dependency can be considered safe due to Bitcoin’s market cap’s economic security and proven PoW algorithm.
Babylon Protocol
Lombard Finance relies on the Babylon protocol to offer LBTC and acts as a finality provider within the Babylon protocol. The BTC deposited into Lombard Finance to mint LBTC is used to validate PoS chains in the Babylon Protocol. Lombard receives rewards through yield on this BTC but is also at risk of being slashed if it does not perform its duties as expected. If slashing occurs, the LBTC minted through Lombard Finance would become under-collateralized, resulting in financial losses for protocol users.
CubeSigner from Cubist
Lombard Finance relies on CubeSigner from Cubist. In this SaaS remote-signing solution, signing keys are kept in special hardware devices called HSMs (Hardware Security Modules) operated by Cubist in the Cloud. Signing keys are accessed through specific software policies. This security solution differs from onchain multisigs like Safe and MPC (Multi-Party Computation) solutions, where signing keys are split, and signatures are constructed using cryptographic methods.
While onchain multisigs are transparent, both MPC wallets and solutions like CubeSigner obfuscate the security measures in place and the list of authorized users. The Lombard documentation mentions different policies, such as the need for authorizations from multiple users, restrictions on the kind of transactions that can be signed, and a timelock. The specific details of those security policies are kept private.
This remote-signing SaaS represents a serious centralization vector, with a third-party business entity controlling who can access the keys and when. This solution’s service availability and uptime guarantees are not publicly documented, introducing potential operational risks.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
Lombard Finance Ltd operates the lombard.finance interface without FCA authorization or regulation, as stated in their Terms of Service. This means users do not receive standard UK regulatory protections. The company explicitly states it does not provide financial services, brokerage, or custody.
Access is restricted to qualified entities, including companies or partnerships with £5M+ in share capital/assets, trusts holding £10M+ in cash/investments, or professional crypto traders operating for business purposes, as detailed in the UK Residents Notice.
The platform maintains compliance through a risk monitoring framework powered by TRM blockchain intelligence tools to prevent sanctioned address interactions.
Their points program operates under strict limitations outlined in the Legal Notice. Points cannot be monetized, transferred, converted to tokens/assets, traded, or used as collateral. Lombard Finance does not commit to future token issuance.
The platform prohibits participation from U.S. persons (including citizens, residents, and entities), those in sanctioned jurisdictions, and areas where digital asset activities are not permitted. While Anchorage Digital provides custodial services for Babylon staking, the extent of integration with Lombard’s platform remains to be clarified.
4.2 Access Control Risk
4.2.1 Contract Modification Options
Controlling wallets
Here are the two main contracts powering LBTC onchain:
LBTC ERC-20: deployed behind a TransparentUpgradeableProxy that is owned by the Proxy Upgrade Timelock.
Consortium’s Governance: deployed behind a TransparentUpgradeableProxy that is owned by the Proxy Upgrade Timelock.
The Proxy Upgrade Timelock is a 24-hour Timelock with the following roles:
DEFAULT_ADMIN_ROLE, assigned to the Timelock itself.
PROPOSER_ROLE: assigned to a 3/5 Safe multisig and to an EOA.
CANCELLER_ROLE: assigned to a 3/5 Safe multisig and to an EOA.
EXECUTOR_ROLE: assigned to a 3/5 Safe multisig.
The Timelock is therefore controlled by:
An EOA, whose key is held by CubeSigner from Cubist.
A 3/5 Safe multisig also referenced as the treasury by the LBTC ERC-20 contract, as it receives LBTC minting and burning fees.
Both the 3/5 Safe multisig and the EOA can propose and cancel transactions, but only the multisig can execute the changes.
The Bascule Drawbridge contract 0xc750eCAC7250E0D18ecE2C7a5F130E3A765dc260 provides redundant transaction validation by independently tracking deposits and withdrawals. This contract operates under Cubist’s direct control through their CubeSigner key management infrastructure.
Critical contract functions
We list the critical functions that each contract exposes.
An ERC20PausableUpgradeable that can be paused by the pauser role assigned to a 2/8 Safe multisig, meaning that all LBTC transfers would be paused. The Proxy Upgrade Timelock can transfer the pauser role to another wallet.
The Proxy Upgrade Timelock can toggle the isWithdrawalsEnabled boolean variable, hence disabling the redumption of LBTC for BTC on the Bitcoin chain.
The Consortium’s Governance and the Bascule Drawbridge contracts can be updated by the Proxy Upgrade Timelock.
The deposit and burn commissions can be updated by the Proxy Upgrade Timelock.
The thresholdAddr variable, which contains the address that generates the consortium signatures, can be updated by the Proxy Upgrade Timelock.
4.2.2 Timelock Duration and Function
Contract upgrades must go through a 24-hour Timelock based on the TimelockController contract from OpenZeppelin.
4.2.3 Multisig Threshold / Signer identity
Lombard implements CubeSigner from Cubist, an enterprise-grade remote-signing solution, which maintains confidentiality of signing thresholds and signer identities through sophisticated obfuscation protocols. Under a comprehensive non-disclosure agreement (NDA), Lombard has provided detailed documentation of their security frameworks. While these frameworks outline robust safeguards and compliance with industry standards, their actual implementation and adherence cannot be independently verified due to the proprietary nature of the system. The implementation includes alleged redundant backup systems with independent recovery protocols to mitigate potential risks associated with third-party service disruptions or system failures.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
Aave V3 Specific Parameters
Parameters will be presented jointly with @ChaosLabs.
Price feed Recommendation
We are unable to identify a suitable oracle at this time. Currently, Chainlink’s LBTC/BTC price feed on Ethereum mainnet relies on secondary market prices, which is not suitable for this application due to relatively low liquidity and manipulation risks.
A key consideration is the availability of an internal exchange rate oracle that accurately tracks both the ratio between Bitcoin held for Ethereum and LBTC minted on Ethereum and potential slashing events in the Babylon Protocol. Chainlink’s planned Proof of Reserve (PoR) feed in Q1 2024 could address this requirement, pending confirmation it will exclusively track Ethereum-destined Bitcoin. Alternatively, deploying an internal exchange rate system remains viable, though this requires significant contract modifications.
Either solution would protect against market manipulation and slashing events, which is critical for the proposed E-Mode integration. Following implementation, the CAPO adapter is recommended for additional security.
Disclaimer
This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.