This is an archive of our post on Aave governance forum. Read the full thread here.

Summary

LlamaRisk supports the deployment of Aave on the Rootstock Network, focusing initially on the use case of borrowing rUSDT against RBTC. RBTC, a BTC wrapper, serves as Rootstock’s native currency and gas token. A substantial amount of RBTC has been bridged to Rootstock alongside several stablecoins paired with it. The network offers multiple liquidity venues with significant depth, facilitating liquidation execution.

Rootstock has operated seamlessly since 2018 and is secured by 82% of Bitcoin’s hash rate, providing economic security well beyond typical for a network with a ≈$300M TVL. A limited number of audits is available, although Rootstock has a continuous partnership with the Coinspect security firm to look at code changes continuously. A bug bounty of $200K is offered, unchanged since 2018, which we consider insufficient given the TVL.

The protocol design is solid, with no security incidents to report since 2018. The core BTC/RBTC bridge is secured by a federation of 9 members, with a 1-week threshold and a 50% threshold for membership changes. However the ERC20 token bridge presents lower security guarantees, with a 2/3 multisig and no timelock: this is an issue as rUSDT, the ERC20 token with the highest TVL, is secured by it. We also believe the network should provide more transparent documentation and regular updates about its smart contracts, particularly its technical architecture and access controls.

Introduction

The Rootstock Network is a Bitcoin Layer 2 scaling solution that provides an EVM-compatible environment, enabling BTC in DeFi applications. Although Rootstock operates as a sidechain, 82% of its economic security is derived from Bitcoin’s PoW consensus through merge mining. This mechanism allows Bitcoin miners to leverage their existing infrastructure to secure Rootstock while earning additional revenue. The network issues RBTC, an ERC-20 token that maintains a 1:1 peg with BTC via the Rootstock Bridge. It is secured by a network of 9 operators called the PowPeg network. ERC-20 tokens can also be bridged between Ethereum and Rootstock through a native ERC20 token bridge.

1. Network Fundamental Characteristics

1.1 Network Overview

Architecture

The Rootstock Network is made of several components. As a sidechain to Bitcoin, Rootstock reuses Bitcoin’s economic security through a process called merged mining. PowPeg, a decentralized federation that secures the 2-way peg system, enables bridging between Bitcoin and the Rootstock Network. Finally, a set of contracts allows for the bridging of ERC20 tokens between Ethereum and Rootstock. There is only one client implementation for running a Rootstock node - RSKj, written in Java.

Here are the contracts related to the ERC20 token bridge on Rootstock:

• Bridge: ERC20 token bridge.

• SideTokenFactory: creates SideToken contracts.

• AllowTokens: keeps track of whitelisted tokens for the ERC20 token bridge, and enforces various limitations like min/max amounts and daily limits.

• SideToken: created by the SideTokenFactory for each of the ERC20 token that is whitelisted by the AllowTokens contract.

• Federation: a custom oracle with a 3/5 treshold for securing the bridge.

Source: HackerNoon, July 9th, 2024

Merge mining

Merge mining enables Bitcoin miners to reuse their existing infrastructure to secure a sidechain with minimal cost and operational overhead. While Bitcoin blocks are proposed approximately every 10 minutes, Rootstock blocks are proposed every 24 seconds. Bitcoin mining pools include a reference to Rootstock blocks in the mining jobs they distribute to miners. Since Proof of Work (PoW) requires significantly more time to compute a solution than to verify its validity, participating in Rootstock’s consensus is highly energy-efficient. Every time a miner finds a solution, 3 outcomes are possible:

• The solution satisfies Bitcoin’s difficulty. The miner prepares a block that includes Rootstock’s references, which the Bitcoin network will ignore. Since Rootstock’s difficulty is lower than that of Bitcoin, the solution also satisfies Rootstock’s difficulty and is submitted to the Rootstock network.

• The solution does not satisfy Bitcoin’s difficulty target but does satisfy Rootstock’s difficulty target: the solution is submitted to the Rootstock Network only.

• The solution satisfies neither Bitcoin’s difficulty nor Rootstock’s difficulty.

Currently, approximately 82% of the Bitcoin hash rate is securing the Rootstock Network, representing significant economic security. The Bitcoin mining community has shown continued support, with new mining pools joining and none leaving, as they seek additional revenue streams alongside Bitcoin mining. Merge miners currently receive 79.2% of the transaction fees.

Powpeg

PowPeg is a decentralized network of operators that secures the 2-way bridge between Bitcoin and the Rootstock Network. BTC is locked on Bitcoin, and RBTC is minted on the Rootstock Network in equal quantity. Members must run powHSM hardware devices, which are specifically-purpose HSM (Hardware Security Module) devices whose firmware is open source on Github and has been audited.

powHSM devices safeguard the private keys used in the multi-signature scheme that secures BTC locked on the Bitcoin network. When validated by Bitcoin’s cumulative proof of work, these keys can generate signatures and unlock the funds. The PowPeg members are currently being rewarded for their work with 0.8% of the Rootstock transaction fees. PowPeg members operate a Bitcoin node in SPV mode (Simplified Payment Verification), enabling verifiable Bitcoin transactions without requiring a full Bitcoin node, thereby promoting decentralization. These features make PowPeg a robust, secure, and auditable solution for bridging BTC on Bitcoin to RBTC on the Rootstock Network.

Security

The Rootstock team has maintained a bug bounty on HackerOne since April 2018 with a maximum payout of $200k in case of critical vulnerability. The team resolved 34 reports, distributing $127,000 in bounties to hackers. Among the submissions, 10% were classified as essential and 16% as high-severity vulnerabilities.

The Rootstock network never experienced a security breach at the protocol level or any loss of user funds. The only significant incidents have been two service outages affecting the peg-in/peg-out functionality, both of which were resolved without any loss of funds:

• A June 2024 outage due to a bug in the BitcoinJ library

• An October 2022 outage related to non-standard Bitcoin transactions

The RSKj client, the only client implementation for running a Rootstock node, is open source on Github. It is a fork of the EthereumJ client that is now deprecated but on which Hyperledger Besu client is based. It was audited twice:

• TailOfBits (November 13, 2017): 2 high severity issues, 3 medium severity issues. The two high-severity issues relate to EVM incompatibilities, resulting in erroneous gas computation or invalid contract deployments. We note several DOS (Denial Of Service) issues due to memory leaks or free EVM operations.

• Patrick McCorry & Andrew Miller (July 12, 2017): identified an issue related to the block selection rule that could result in 3.5% of coins in circulation to be burned, as well as performance issues in the bridge component.

Rootstock notably depends on HSMs (Hardware Security Modules) to secure the keys held by each member of the PowPeg network. On October 3, 2022, an audit of the powHSM firmware was conducted by NCCgroup, a cyber security firm, which uncovered several low severity issues. The Rootstock team subsequently fixed all.

The total number of audits is relatively small considering the network’s age, with no notable audits since 2022. However, Rootstock has an ongoing contract with the Coinspect security firm to review its code changes on a continuous basis.

1.2 Decentralization and Legal Evaluation

Decentralization

The Rootstock team maintains a publicly accessible endpoint at https://public-node.rsk.co. Else, users can run their own Rootstock node or use third-party node providers. The PowPeg network is currently made up of the 9 following members:

• BlockVenture

• Luxor

• Collider

• Constata

• MyCointainer

• pNetwork

• RootstockLabs

• Sovryn

• Xapo

Each member’s associated cryptographic details, including the powHSM firmware attestations, are publicly available for anyone to verify on the Rootstock website. Overall, the quality of the PowPeg network could be improved by increasing the number of members and establishing minimum requirements for their track record and revenue.

If the PowPeg members could no longer operate their powHSM devices, or if those devices were to fail unexpectedly, the PowPeg network contains a time-locked emergency multi-signature as a fallback mechanism. It is a 3/4 multisig and can only unlock the deposited BTC after 1 year if no related UTXO is detected. This was formalized in the RSK Improvement Proposals (RSKIPs) RSKIP201 and RSKIP225. The signers are:

• RootstockLabs

• MoneyOnChain

• Jameson Lopp: CasaHodl Co-founder & CTO (key not accessible)

• Adrian Eidelman: Rootstock Co-founder

Access Control

ERC20 Token Bridge

Contracts related to the ERC20 token bridge are controlled by a 2/3 Multisig in the form of a MultiSigWallet contract, whose 3 EOA signers are:

• 0x2D55C30311ab391B057d67a5DBA71e7DcC9367A2

• 0xcFf39f920672a2556d9cE216280eDaE446e4Feb5

• 0x49dF55FFF9f7Cd43cb380a73069675e33B577fBc

Here are the access controls in place for each of the ERC20 token bridge contracts:

• Bridge: deployed behind a AdminUpgradeabilityProxy contract from OpenZeppelin, owned and pausable by the 2/3 Multisig.

• SideTokenFactory: only the Bridge can create a SideToken contract through the SideTokenFactory.

• AllowTokens: deployed behind a AdminUpgradeabilityProxy contract from OpenZeppelin, owned by the 2/3 Multisig.

• SideToken: not upgradeable, minter role assigned to the Bridge contract.

• Federation: deployed behind a AdminUpgradeabilityProxy contract from OpenZeppelin, owned by the 2/3 Multisig.

SideToken are ERC777 contracts representing each ERC20 token bridged to the destination chains. The ERC777 interface allows an account to designate an operator to act on its behalf. Since the default operator list is empty upon deployment and cannot be modified to add new default operators, there is no privileged access to user accounts, ensuring the security of users’ funds.

No timelock is restraining actions on the smart contracts by the 2/3 Multisig, despite an estimated TVL secured of more than $140m (mostly rUSDT).

PowPeg

Changes in Powpeg membership are controlled by the current PowPeg members through a pre-compiled contract. PowPeg members must vote to onboard or offboard a member through a formal process with a 50% threshold. A voting delay of 1 week applies, which gives users time to withdraw from the chain if needed.

1.3 Activity Benchmarks

Source: DefiLlama, January 14th, 2025

The Rootstock Network has been operational since June 2021, consistently maintaining a significant TVL ranging from $50 to $250 million. Its performance appears strongly correlated with overall crypto market trends, reflecting peaks during the 2021–2022 bull market and a potential upswing in the anticipated 2024–2025 bull run.

Commits per month.Source: DefiLlama, January 14th, 2025

In terms of developer activity, we can see a consistent amount of activity over time, with still some heightened level of activity during the most bullish phases of the market.

Source: Rootstock Network explorer, January 14th, 2025

Since the network’s inception, the number of accounts has increased somewhat linearly and sits at 100k accounts.

Source: Rootstock Network explorer, January 14th, 2025

The transaction success rate data only began being tracked from April 2023, explaining the apparent start of failed transactions. The subsequent data shows a consistently high success rate for transactions on the network.

Source: Rootstock Network explorer, January 14th, 2025

The number of contracts on Rootstock is a proxy for DeFi application deployment. Contract activity saw a significant increase around April 2021, followed by the emergence of a nascent exponential growth trend starting in late 2023.

2. Network Market Outlook

2.1 Market Infrastructure

Lending

Several lending protocols are already deployed on Rootstock:

• MoneyOnChain: BTC collateralized stablecoin, $114m TVL

• Svoryn: Lending protocol, $86m of TVL

• RIFOnchain: Over-collateralized stablecoin, $11.81m of TVL

• TropykusRSK: Lending protocol, $6.5m of TVL

DEX

We omit cross-chain DEXs because of the atomicity constraint for liquidations:

• Sovryn: $12.5m of TVL

• UniswapV3: $12.34m of TVL

• SushiSwap: $3.93m of TVL

• WoodSwap: $780k of TVL

CEX

Several CEXs are available for acquiring RBTC and withdrawing to a Rootstock Network wallet:

• MtPelerin

• Buenbit

• Lbank

• AgenteBTC

• BitPanda

• Criptala

• Gate.io

• Poloniex

We note the presence of many South American CEX, indicating deep ties and interest in RBTC from this region.

Bridge

RBTC Bridge

A 2-way bridge called PowPeg allows users to bridge BTC from Bitcoin to obtain RBTC on Rootstock. It is secured by 9 federation members, each of which is running powHSM devices, which are specific-purpose hardware devices that host the private keys that secure the deposited BTC on Bitcoin. Rootstock also supports bridging Bitcoin Runes, a protocol native to Bitcoin that allows for minting fungible tokens on Bitcoin.

ERC20 Token Bridge

(Rootstock Token Bridge | Rootstock Developers Portal), January 14th, 2025

The Rootstock Network maintains an official ERC-20 token bridge. Only tokens whitelisted by the team can be bridged between Ethereum and Rootstock, and a 0.2% bridging fee is collected. Developers on Rootstock can also integrate various third-party bridges like RouterProtocol, Wormhole, Hyperlane, LayerZero or StarGate.

Oracle

Price oracles for Rootstock are already available on the following platforms:

• UmbrellaNetwork

• Redstone

The Rootstock team also mentioned their intention to deploy Chainlink oracles soon. Should the Aave DAO decide to deploy Aave on Rootstock, we recommend using those Oracles.

2.2 Liquidity Landscape

We omit cross-chain swap aggregators due to our atomicity constraint when performing liquidations. The two main liquidity sources are Sushiswap and UniswapV3. Here are some of the biggest liquidity pools by TVL (as of January 18, 2025):

• UniswapV3 ETH/WRBTC: $8.56m of TVL

• UniswapV3 WRBTC/rUSDT: $1.33m of TVL

• SushiSwap ETH/RBTC: $1.17m of TVL

• SushiSwap RBTC/rUSDT: $826k of TVL

• SushiSwap RBTC/DOC: $532k of TVL

• SushiSwap DOC/rUSDT: $497k of TVL

• SushiSwap RIF/rUSDT: $440k of TVL

• UniswapV3 RIF/rUSDT: $291k of TVL

• SushiSwap RIF/WRBTC: $208k of TVL

• SushiSwap DOC/rUSDT: $196k of TVL

• UniswapV3 USDRIF/rUSDT: $114k of TVL

2.3 Ecosystem Resilience

Rootstock benefits from a long track record of flawless operation since 2018. No hack or security breach has been reported since then, despite the various upgrades that the network went through. Rootstock is still in active development, with the Lovell Network upgrade, which was recently proposed in August 2024.

Five organizations are currently securing the Rootstock Network as part of the PowPeg network, of which RootstockLabs is a member. Those organizations are ecosystem partners of Rootstock and include third-party bridges, blockchain investment funds, dApp developers, and custodians. As such, the Rootstock Network is not dependent on the Rootstock team itself for continued network operation. Furthermore, PowPeg members can always vote for adding or removing PowPeg network members, and an emergency multisig can step in to unlock the locked BTC after 1 year of network inactivity if needed.

The Rootstock team also organizes a quarterly Rootstock Ecosystem Summit that is online; the next one is scheduled for January 28, 2025. The X account of Rootstock boasts 252k followers, which is significant for the industry.

A grant program is available to support builders on the Rootstock Network, which includes mentorship and marketing support. Close to 50 grants to projects of various sizes were granted, with a focus on increasing interoperability within the ecosystem.

2.4 Ecosystem Growth Potential

Only an estimated 2% of the BTC circulating supply is currently bridged to DeFi-enabled Layer 2s like the Rootstock Network. This leaves the majority of BTC as untapped liquidity for networks like Rootstock, alongside the potential appreciation of BTC itself, which could significantly impact Rootstock’s growth.

The Rootstock ERC20 TokenBridge enables the transfer of ERC20 assets between Rootstock and Ethereum, allowing both networks to leverage each other’s assets and DeFi opportunities. However, the absence of RBTC on Ethereum highlights a potential growth area. Introducing an ERC20 wrapper for RBTC on Rootstock and bridging it to Ethereum could grant RBTC holders access to Ethereum’s established DeFi markets. Yet, this might detract from developing a robust DeFi ecosystem centered around RBTC on Rootstock. Expanding the TokenBridge to integrate with other EVM-compatible chains and Layer 2s beyond Ethereum mainnet presents another valuable growth opportunity, although this is also made possible by the new LayerZero and Stargate integration.

We note the absence of partnerships with Bitcoin staking protocols like Babylon, although the onboarding of a Bitcoin staking solution on Rootstock has been mentioned by the team in Q1 2025. Rootstock might want to favor RBTC over other BTC-correlated assets like LBTC from LombardFinance or Solv.BNN from Sovryn by developing its own staked version of RBTC through Babylon. This could create new Defi use cases for RBTC, including leveraged yield strategies and tokenization.

In the previous months, Rootstock has announced several partnerships and integrations, for instance with developer tools like Gelato and Alchemy, which is indicative of an ongoing effort on Rootstock’s side to develop its ecosystem.

2.5 Major and Native Asset Outlook

All provided figures are as of January 18th, 2025, in decreasing order of $ TVL:

• RBTC, the official bridged version of BTC on Rootstock and native gas token, has a current supply of 2,843 RBTC ($297.5m).

• RIF (RSK Infrastructure Framework) is a utility and governance token used by the RootstockCollective, the Rootstock Network DAO. RIF has an FDV of $91.2m

• SOV, the governance token of the Sovryn protocol, a Defi protocol native to the Rootstock Network, has an FDV of $28.6m.

• ETH bridged over through the Bridge contract amount to 3,536 units ($11.3m).

• rUSDT, USDT tokens bridged from Ethereum to the Rootstock Network through the Bridge contract. The minted supply of rUSDT is currently $5.3m.

• USDRIF is an algorithmic stablecoin collateralized by the RIF token with a minted supply of around $1m.

3. Onchain discoverability

There is an official network explorer for Rootstock that is based on Blockscout, as well as a dashboard with network metrics maintained by the team.

We note the presence of an official Safe UI and factory contract deployment.

Defi data points can be found on DefiLlama and TokenTerminal. The blockscout network explorer offers some interesting visualization about network infrastructure activity like cumulative contract creation or TPS. Rootstock can also be indexed on TheGraph, and several Footprint dashboards are available.

It is rather difficult to get an exhaustive list of ERC20 tokens deployed on Rootstock, together with their TVL and circulating supply: the Rootstock network explorer only offers a limited view of it, which makes it harder for users and dApp developers to monitor the chain.

4. Impact of AAVE Deployment

The Rootstock Network hosts a significant TVL composed primarily of BTC-like assets, such as RBTC and stablecoins. This makes it well-suited for enabling the borrowing of stablecoins against BTC-like assets—a use case that an Aave deployment on Rootstock could help foster. Such a deployment would contribute to expanding Rootstock’s DeFi ecosystem, which currently has a limited number of decentralized applications and activities.

We note the absence of yield-bearing BTC-correlated assets on Rootstock with platforms like Babylon with LBTC from LombardFinance or Solv.BNN from SolvProtocol. However, the team has mentioned that the integration with yield-bearing BTC derivatives is a priority and that such integration will most probably become available by the end of Q1 2025. In that case, the leveraged-looping of yield-bearing BTC-correlated assets on Rootstock through an Aave instance will be possible.

Unlike other wrapped BTC and BTC derivatives available on various chains, Rootstock has opted to keep RBTC exclusive to the Rootstock Network. This strategy aims to develop a DeFi ecosystem centered around RBTC on Rootstock itself, rather than on platforms like Ethereum. Despite the presence of the Rootstock Bridge, RBTC remains notably absent from Ethereum. In contrast, newer competitors like BOB, which lacks an official BTC wrapper, have chosen to focus on fostering the bridging of BTC-like assets across multiple chains.

5. Asset suggestions

Our assessment for initial asset selection considers three primary criteria:

• Previous successful integration and risk review within the Aave ecosystem

• Asset TVL on the network

• Available liquidity relative to total asset TVL

RBTC is a clear prime collateral on Rootstock, being both the native asset and gas currency of the chain and the asset with the highest TVL ($297.5m). Then follows rUSDT from Tether, the largest stablecoin issuer, with an rUSDT TVL of $5.3m.

RIF and SOV, governance, and utility tokens for the RootstockCollective and the Sovryn protocol are potential future assets to onboard but would necessitate a dedicated risk assessment from risk providers. Although there is a significant amount of bridged ETH on Rootstock (3,536 units, $11.3m as of January 20th, 2025), we don’t envision a meaningful demand for it as collateral as ETH doesn’t have any productive use on Rootstock.

The deployment of a GHO facilitator on Rootstock could be contemplated in the near future after the first successful onboarding of RBTC and rUSDT.

Disclaimer

This review was independently prepared by LlamaRisk, a community-led non-profit decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.

The information provided should not be construed as legal, financial, tax, or professional advice.

Change log

January 25th, 2025: After feedback from the Rootstock team, we clarified the architecture and differentiated between the RBTC bridge and the ERC20 token bridge. Several details related to the state of the Rootstock chain were also added.