## **Section A: Underlying Assets**
LlamaRisk, as part of its GMC responsibilities, has produced a framework to apply to applicant submissions. This framework takes into account lessons learned from working with Aave, Ethena and Curve and localizes them to Arbitrum's context.
Each section's points of consideration are starting points, with each subsection using them to begin and guide considerations on potential risks inherent to strategies.
| Subsection | Points of consideration |
|------------|---------------------|
| **1. Asset Risk** | |
| 1.1 Fundamental Asset Characteristics | - ERC20 compliance<br>- Category of asset (e.g., stablecoin, governance token).<br>- Ownership fragmentation<br>- Market capitalization |
| 1.2 Architecture | - What underpins the asset? (collateralization model, algorithmic mechanisms). |
| 1.3 Tokenomic Structure | - How is the asset distributed?<br>- Is there an associated governance token?<br>- How does the governance token operate (e.g., voting mechanics, delegation processes)? |
| **2. Arbitrum Market Outlook** | |
| 2.1 Asset Liquidity | - Historical liquidity depth on DEXs over time.<br>- LP fragmentation analysis.<br>- Price impact on trades (e.g., slippage for large trades). |
| 2.2 Volatility | - How much intraday volatility is documented in ETH terms (both 30-day average and during market spirals events). |
| 2.3 Exchanges | - Is the underlying asset available on centralized exchanges (CEXs)? |
| 2.4 Growth | - How is the asset developing against the wider market backdrop? (TVL growth, user adoption, developer activity) |
| **3. Asset Technological Risk** | |
| 3.1 Asset Smart Contract Risk | - Has the asset’s smart contract been audited?<br>- What were the audit results?<br>- Were there any past exploits? |
| 3.2 Bug Bounty Program | - What is the size of the bug bounty program relative to the asset’s TVL?<br>- Are there documented historical payouts and program activity? |
| 3.3 Price Feed Risk | - Is the asset dependent on price feeds?<br>- If yes, which feeds are used (e.g. exchange/market)? |
| 3.4 Dependency Risk | - What external infrastructure keeps this asset functioning? (bridges, oracles, liquidity pools) |
| **4. Counterparty Risk** | |
| 4.1 Governance and Regulatory Risk | - How is change management handled?<br>- Who decides what changes are made?<br>- What is voter turnout like?<br>- What jurisdiction governs the asset’s team?<br>- What regulatory risks does this present? |
| 4.2 Access Control Risk | - What components of the asset are upgradeable?<br>- Who can perform upgrades?<br>- How quickly can upgrades be executed (timelock duration)? |
---
## **Section B: Strategy Risk**
| Subsection | Points of consideration |
|------------|---------------------|
| **1. Strategy Design Risk** | |
| 1.1 Design Risk | - Is principal protected?<br>- Is leverage involved?<br>- How complex is the design?<br>- How many counterparties are involved?<br>- Can the strategy be operated or unwound without counterparty input? |
| 1.2 Strategy Mechanics | - How complicated are the mechanics?<br>- How many other protocols are involved?<br>- Are cross-chain messages involved? |
| 1.3 Economic Incentive Structure | - What is the source of yield (fee or emission)?<br>- How subject is that source to change? Is it sustainable?<br>- Does it affect other ecosystem participants by delivering the yield? |
| 1.4 External Protocol Dependency Risk | - What category of protocol does the strategy depend on?<br>- What are their inherent risks?<br>- Are other networks used?<br>- What are the protocol's general security and ownership practices?<br>- How may they affect the DAO’s return on investment? |
| **2. Market Risk** | |
| 2.1 Market Volatility Exposure | - Is there any chance the strategy may result in deviation from 1:1 with ETH?<br>- Can this be backtested?<br>- How does it perform in adverse market conditions (e.g., deleverage spirals, DEX liquidity shrinkage)? |
| 2.2 Liquidity Risk | - How liquid are the products used to generate the yield?<br>- What is the strategy used to assure liquidity?<br>- Are there time-bound lockup periods?<br>- What slippage settings are documented if rebalancing is used? Is price impact documented?<br>- Is the strategy susceptible to MEV?<br>- Are multiple DEXs used (if applicable)? |
| 2.4 Systemic Risk | - How susceptible is the strategy’s performance to a deleverage spiral?<br>- If the strategy experiences unintended performance, will it affect other parts of Arbitrum's ecosystem?<br>- How correlated to underlying protocols is the strategy’s performance? |
| **3. Operational Risk** | |
| 3.1 Strategy Smart Contract Risk | - Is the strategy audited or "bug-bountied"?<br>- What are the results of the audits?<br>- Has the code been exploited in the past? |
| 3.2 Oracle Reliability | - What oracles does this strategy depend on?
| 3.3 Automation Risk | - Is the strategy susceptible to automation failure (e.g. Keepers/offchain compute failing to broadcast transactions)? |
| 3.4 Mitigation Techniques | - Are there monitoring tools/dashboards for strategy health (e.g., borrow health factor, position dominance limits, LP concentration circuit breakers)?<br>- Is capital possible to be programmatically withdrawn from the strategy (i.e. using verified contracts) if necessary?<br>- Are there liquidity buffers maintained to guarantee exits? |
| **4. Counterparty Risk** | |
| 4.1 Ownership Model Risk | - How are the strategies adjusted?<br>- How are these changes decided?<br>- How far in advance are they explained?<br>- How is the DAO structured?<br>- Are key stakeholders potential adversaries to Arbitrum DAO? |
| 4.2 Access Control Risk | - What may admins change in the strategy?<br>- How quickly are these changes made?<br>- Who may make these strategy changes?<br>- What about the external dependencies? |
| 4.3 Regulatory Risk | - (If applicable) where are the strategy managers based?<br>- What is the regulatory regime there like?<br>- Is there a possibility they are unable to continue maintaining the strategy? |
| 4.4 Reputation Risk | - Has the proposed partner conducted themselves in a manner not aligned with Arbitrum’s core values? |
| 4.5 Withdraw Risk | - Did the applicant detail a withdrawal workflow? |
---
*Version 2.1 | Last Updated: February 11, 2025*
Sign in with Wallet
Connect another wallet