### Useful Links: Website: https://app.frax.finance Documentation: [frxETH Docs](https://docs.frax.finance/frax-ether/frxeth-and-sfrxeth) | [Frax Blog](https://fraxfinancecommunity.medium.com/) Social: [Frax Telegram](https://t.me/fraxfinance) | [Frax Telegram Announcements](https://t.me/fraxfinancenews) | [Twitter](https://twitter.com/fraxfinance) Contracts: [frxETH](https://etherscan.io/address/0x5E8422345238F34275888049021821E8E08CAa1f) | [sfrxETH](https://etherscan.io/address/0xac3E018457B222d93114458476f3E3416Abbe38F) | [frxETHMinter](https://etherscan.io/address/0xbAFA44EFE7901E04E39Dad13167D089C559c1138) | [frxETH Treasury multisig](https://etherscan.io/address/0x8306300ffd616049FD7e4b0354a64Da835c1A81C) Governance: [Discussion](https://gov.frax.finance/) | [Snapshot](https://snapshot.org/#/frax.eth) Markets: [Curve frxETH/ETH](https://curve.fi/#/ethereum/pools/frxeth/swap) | UniV3 [frxETH/FRAX](https://info.uniswap.org/#/pools/0x36c060cc4b088c830a561e959a679a58205d3f56) Dashboards: [Frax Facts](https://facts.frax.finance/frxeth) | [frxETH Community Dune](https://dune.com/struct3r/frax-frxeth) # Introduction **This report is conducted by the Prisma independent risk and research team operated by [Llama Risk](https://cryptorisks.substack.com/) as part of a series on LSD collateral risk assessments. In this report, we examine Staked Frax ETH (sfrxETH).** This report will comprehensively cover all relevant risk factors of sfrxETH for collateral onboarding. Our approach involves both quantitative and qualitative analysis to help determine whether the collateral can be safely onboarded and to what extent there should be restrictions on the protocol’s exposure to the collateral. As Prisma will be onboarding a variety of LSDs as collateral, our review involves comparative analysis to determine suitability as collateral. Risks are categorized into: - **Market Risk** - risks related to market liquidity and volatility - **Technology Risk** - risks related to smart contracts, dependencies, and oracle price feeds - **Counterparty Risk** - risks related to governance, centralization vectors, and legal/regulatory considerations These risk categories will be summarized in the final section of this report and are meant to assist tokenholders in their determination around sfrxETH onboarding and setting suitable parameters. # Section 1 Protocol Fundamentals This section addresses the fundamentals of the proposed collateral. It is essential to convey (1) the value proposition of sfrxETH, and (2) the overall architecture of the protocol. This section contains descriptive elements that cannot be quantified and act as a descriptive introduction to the collateral. This section is divided into 2 sub-sections: - 1.1: Description of the Protocol - 1.2: System Architecture ## 1.1 Description of the Protocol **Key metrics (as of July 12, 2023)** - Circulating Supply: [237,699](https://facts.frax.finance/frxeth) frxETH | [146,510](https://etherscan.io/token/0xac3E018457B222d93114458476f3E3416Abbe38F) sfrxETH - Staked Tokens: [237,878](https://defillama.com/lsd) - Number of validators: [5,884 active | 311 pending](https://facts.frax.finance/frxeth) - Number of operators (mainnet): 1 - Market share of ETH staked: .99% - Market share of LSDs: [2.3%](https://defillama.com/lsd) ### 1.1.1 Underlying Collateral Frax Ether introduces a novel dual-token model for its liquid ETH derivative. This system comprises: - **frxETH** (Frax ETH), a stablecoin that maintains a soft pegged to ETH - **sfrxETH** (staked frxETH), which serves as a yield-bearing asset. The strategy behind the token model involves incentivizing distinct utility between the two tokens. Frax [voted](https://snapshot.org/#/frax.eth/proposal/0x1272233285b3b4ce026173ec4e2a59d6c8daba3d64b41e67ba160cc526fc5c7d) to initiate the frxETHBP and WETHR program that would allocated incentives to liquidity pools that include frxETH (excluding sfrxETH). As a result, frxETH is most commonly LP'd in DEXs such as Curve and Uniswap. sfrxETH is more commonly used as a collateral asset or held in wallets to accrue staking yield. sfrxETH is able to earn boosted staking rewards because all frxETH rewards are diverted to sfrxETH holders. Market dynamics drive liquidity between the two tokens depending on the relative yield potential. Unlike other LSD products, ETH deposited into frxETH is not necessarily deployed to a validator to earn staking rewards. Frax also manages frxETH liquidity and may instead deploy ETH toward liquidity provision. In any case, every frxETH in existence should always be backed by at least 1 ETH in the frxETH system. ### 1.1.2 Yield Accrual Mechanism Frax operates its own validators with user deposited ETH. All profits generated by Frax Ether validators are distributed among sfrxETH holders. By converting frxETH into sfrxETH, individuals become eligible to earn staking rewards. As validators earn staking rewards, they send them to the Frax Treasury multisig which uses the rewards to mint additional frxETH. Rewards are distributed in 7-day epochs when anyone can call syncRewards earned by staking validators to update the sfrxETH:frxETH exchange rate. Rewards can be realized when converting sfrxETH back into frxETH. To prevent malicious users from sniping the reward distribution, the contract distributes the rewards surplus linearly over the remainder of the cycle window. ### 1.1.3 Provider Fee A [Snapshot](https://snapshot.org/#/frax.eth/proposal/0x3b781b741c958f2494d6ae0d20150d20266dd016623df5f840623b1fdc0cb687) vote that concluded November 6, 2022 resulted in a 10% protocol fee applied to staking rewards. - 8% of the ETH revenue goes to the Frax Protocol Treasury multisig in the form of frxETH. This is ultimately distributed back to FXS holders.* - 2% goes into an insurance fund to cover potential slashing events/unforeseen penalties with the goal to keep the system over-collateralized. 90% of ETH earned is passed onto sfrxETH vault stakers in the form of frxETH. **Frax is currently recapitalizing the FRAX stablecoin which is 95.5% collateralized. All frxETH revenue is being directed to recapitalization efforts, at which point the revenue is intended to be directed back to FXS holders.* ### 1.1.4 Node Operator Set In the current v1 of frxETH, the Frax Core Team completely controls all validator nodes. > The validators are ran by the Frax Core Team in geodiversified commodity data centers across North America and Europe through AWS and OVH with firewall+DDOS protection. The frxETH v1 validator set is consistenly rated #1 out of all entities running validators including higher rated than Lido, Binance, Kraken, Coinbase etc. -Sam Kazemian, Frax Founder Each validator's public address and real time stats can be monitored at: [Frax Facts](https://facts.frax.finance/frxeth/validators) Third party & community tracking of all of frxETH's validators can be found on [Rated.network](https://www.rated.network/o/Frax?network=mainnet&timeWindow=1d). ### 1.1.5 Validator Selection While validator selection is currently managed by the Frax team, Sam made a [Tweet thread](https://twitter.com/samkazemian/status/1664737658797686784?s=20) on June 2nd that outlines the plans for frxETH v2. The v2 (unknown release date) is intended to be designed similar to existing lending protocols (e.g. Aave or Compound). Node operators will be able to borrow validators by supplying ETH collateral. A fully decentralized beacon oracle and liquidation system could liquidate validators that experiences losses beyond a predefined LTV threshold. For now, there is no public code related to frxETH v2 and the feasibility of the design as it has been described cannot be confirmed. ### 1.1.6 Governance Model Currently, finalized draft proposals in the Frax ecosystem undergo a three-day discussion period, followed by a five-day off-chain voting period on [Snapshot](https://snapshot.org/#/frax.eth). Voting results are determined by a simple majority and a 7.2m veFXS quorum requirement. Frax uses weighted voting, allowing veFXS holders to allocate their votes across multiple options. Since Snapshot voting cannot execute code, Frax relies on the Frax team-controlled [3-of-5 multisig](https://etherscan.io/address/0xb1748c79709f4ba2dd82834b8c82d4a505003f27) to manage protocol operations and execute the wishes of veFXS holders. Frax has stated an intention to decentralize governance [since 2021](https://cryptorisks.substack.com/p/asset-risk-assessment-frax-finance), but has yet to upgrade its governance system. Frax’s new [governance system](https://github.com/FraxFinance/frax-governance) (unknown upgrade date) will comprise two governor contracts: Governor Alpha (GovAlpha) and Governor Omega (GovOmega). The concept balances efficiency with decentralization by optimistically allowing the Frax multisig to continue executing actions, but veFXS voters would be able to veto and have ultimate governance authority. ## 1.2 System Architecture ### 1.2.1 Network Architecture Overview Users onboard by depositing ETH to the frxETHMinter, either procuring frxETH or sfrxETH. The ETH is either deposited into pre-approved, team-controlled validators or withheld for liquidity provision. The frxETHMinter has a [withholdRatio](https://etherscan.io/address/0xbAFA44EFE7901E04E39Dad13167D089C559c1138#readContract#F16) that determines a percentage of ETH deposits that are withheld by the treasury multisig, allowing it to deploy deposits toward its market making strategies (this value is currently set at 70%). The Treasury multisig manages active validators by adding validators with proper credentials. New credentials are added as needed to ensure that there are always validators ready to take deposits. If the contract runs out of approved validators, frxETH will continue to be minted as normal but no new validators will be spun up until more are added to the stack. Withdrawal credentials are assigned to the validators such that their ETH can only be withdrawn to a pre-approved address. The address is set to the Treasury multisig for all validators. For all ETH rewards received to the Treasury, an equivalent amount of frxETH is minted, with 90% directed to the sfrxETH vault and 10% sent to the Frax team multisig as a fee. Every week, a call is made to update the sfrxETH:frxETH exchange rate based on the staking rewards earned. The internal accounting distributes the accrued yield over the course of the epoch to prevent MEV sniping of the weekly earnings. Users wishing to exit can redeem their sfrxETH for frxETH and sell their frxETH for ETH. There is no withdrawal mechanism currently, although the Frax team have said this functionality will be made available soon. Frax's primary strategy, however, is for the protocol to manage liquidity through AMO activities, ensuring adequate liquidity for users to exit through liquidity pools at all times. During times when frxETH depegs from ETH to the downside, Frax's first strategy is to increase ETH withheld on deposits to help balance the liquidity. In cases of persistent imbalance, Frax would exit its validators and use that ETH to balance the pool. Because ETH withdrawals are unpredictable based on network demand and may involve a lengthy process, exiting validators is a last resort measure. ### 1.2.2 Architecture Diagram  Source: [Frax Finance Docs](https://docs.frax.finance/frax-ether/overview) ### 1.2.3 Key Components The on-chain system is composed of four contracts: - [frxETH](https://etherscan.io/address/0x5E8422345238F34275888049021821E8E08CAa1f): The stablecoin soft-pegged to ETH, minted 1:1 for every ETH within the system - [frxETHMinter](https://etherscan.io/address/0xbAFA44EFE7901E04E39Dad13167D089C559c1138): Mints frxETH in exchange for user ETH deposits and from staking rewards and adds ETH to a validator in 32 ETH chunks. - [sfrxETH Vault](https://etherscan.io/address/0xac3E018457B222d93114458476f3E3416Abbe38F): Mints sfrxETH in exchange for frxETH at the current exchange rate. The rate is updated weekly to reflect staking rewards earned. - [3-of-5 Treasury Multisig](https://etherscan.io/address/0x8306300ffd616049FD7e4b0354a64Da835c1A81C): Owner of the frxETH and frxETHMinter contracts that manages frxETH POL and converts staking rewards to frxETH for the benefit of sfrxETH holders. Certain operational actions are permissionless, although Frax uses bots to automate the operations. For instance, the sfrxETH:frxETH exchange rate and depositing ETH to eligible validators in 32 ETH chunks are permissionless actions in the sfrxETH contract and frxETHMinter contract, respectively. Other actions require special permissions granted to the Treasury multisig: - Assigning or removing validators along with withdrawal credentials, - Setting ratio of ETH deposits withheld and withdrawing withheld ETH to the Treasury, - Pausing the system, - Minting frxETH to the sfrxETH vault (or any arbitrary address), - Adding or removing other approved frxETH minter addresses, and - Setting a new Timelock address. The Timelock is set to Frax governance timelock, currently not in use, although the intention is for the system to transition authority to an on-chain DAO. # Section 2 Performance Analysis This section evaluates sfrxETH from a quantitative perspective. It analyzes token usage and competitive metrics, and accounts for subsidized economic activity. This section is divided into 3 sub-sections: - 2.1: Usage Metrics - 2.2: Competitive Analysis Metrics - 2.3: Subsidization of Economic Activity ## 2.1 Usage Metrics ### 2.1.1 Total Value Locked (TVL) Frax frxETH has ~236,128 ETH in TVL worth ~$443m (July 10, 2023). While some LSD competitors experienced withdrawals at the time of the Shapella upgrade in mid-April, frxETH saw increased growth. Growth has tapered off since late-May. <iframe width="640px" height="360px" src="https://defillama.com/chart/protocol/frax-ether?denomination=ETH&include_borrowed_in_tvl=true" title="DefiLlama" frameborder="0"></iframe> Source: [Frax Ether - DefiLlama](https://defillama.com/protocol/frax-ether) ### 2.1.2 Transaction Volume #### frxETH The 7-day average daily txs for frxETH is 89.86 txs, with a 7-day High of 102 txs and a 7-day Low of 74 txs (as of July 10th, 2023). There has been a marked growth in daily txs since January.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=network&chart=transactions) The 7-day average USD volume of frxETH is $5.44m with a 7-day high of $9.83m and a 7-day low of $3.1m (as of July 10th, 2023). Volumes are fairly volatile but have experienced an overall growth since mid-April.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=network&chart=transactions) #### sfrxETH The 7-day average daily txs for sfrxETH is 130.29 txs, with a 7-day high of 176 txs and a 7-day low of 55 txs (as of July 10th, 2023). There has been a sustained growth in daily txs since January.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/SFRXETH/deep-dive?group=network&chart=transactions) The 7-day average volume for sfrxETH is $3.6m, with a 7-day high of $7.9m and a 7-day low of $1.13m. The volumes of sfrxETH are more volatile than frxETH and generally lower overall. This is consistent with Frax's strategy to primarily incentivize frxETH for DEX trading.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/SFRXETH/deep-dive?group=network&chart=transactions) ### 2.1.3 DEX Trading Volume Historically, most frxETH trading volume has occurred on Curve. There are a number of frxETH-paired pools on Curve, but the majority of trading happens in the frxETH/ETH pool. The second most traded Curve pool is the frxETH/stETH pool. Trading activity has been increasing on Uniswap also in the frxETH/ETH pool.  Source: [Dex.guru](https://dex.guru/history/token/eth/0x5e8422345238f34275888049021821e8e08caa1f?amm=curve) | Date: 7/12/2023 ### 2.1.4 Average Transaction Size The average tx size experienced an increase around the time of the Shapella upgrade, which was also when frxETH experienced sharp growth in TVL.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=financials&chart=avgTrxSize) ### 2.1.5 Volume to Market Capitalization Ratio The volume to market cap ratio 30-day EMA shows the average daily volume as a percent of the overall marketcap. This indicates how much demand for trading activity frxETH has. It is currently 1%. This is quite high compared to competitors: stETH is ~.14% and cbETH ~.36%.  Source: [Coingecko - frxETH Historic Data](https://www.coingecko.com/en/coins/frax-ether/historical_data?start=2022-07-02&end=2023-07-02#panel) ### 2.1.6 LSD Token Velocity **frxETH velocity** The average daily velocity for frxETH for last 30 days is 2.81% with the range from 0.52% (min) to 12.95% (max).  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=network&chart=transactions) and [CoinGecko](https://www.coingecko.com/en/coins/frax-ether/historical_data?start=2023-05-14&end=2023-07-13#panel) | Date: 6/12/2023 - 7/11/2023 **sfrxETH velocity** The average daily velocity for sfrxETH for last 30 days is 2.56%, with range from 0.38% (min) to 9.53% (max).  Source: [IntoTheBlock](https://app.intotheblock.com/coin/SFRXETH/deep-dive?group=network&chart=transactions) and [CoinGecko](https://www.coingecko.com/en/coins/staked-frax-ether/historical_data?start=2023-05-14&end=2023-07-13#panel) | Date: 6/12/2023 - 7/11/2023 **frxETH and sfrxETH Velocity Compared**:  Source: [IntoTheBlock](https://app.intotheblock.com/) and [CoinGecko](https://www.coingecko.com/) | Date: 6/12/2023 - 7/11/2023 ### 2.1.7 Active Addresses/Users #### frxETH The chart below shows the addresses with a frxETH balance since inception in October '22. There are currently 565 addresses with a balance and a 30-day average of 543.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=network&chart=addressStats) The 30-day average of active addresses as a percentage of total addresses with a balance is 12.46%. There are currently around 61 daily active addresses.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=network&chart=addressStats) #### sfrxETH The chart below shows the addresses with a sfrxETH balance since inception in October '22. There are currently 1.86k addresses with a balance and a 30-day average of 1.81k.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/SFRXETH/deep-dive?group=network&chart=all) The 30-day average of active addresses as a percentage of total addresses with a balance is 5.77%. There are currently around 126 daily active addresses.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/SFRXETH/deep-dive?group=network&chart=all) ### 2.1.8 User Growth Rate Average weekly and monthly users have stayed fairly stable with a cyclic growth trend over the lifetime of frxETH.  Source: [Frax Ether - Key metrics | Dashboard | Token Terminal](https://tokenterminal.com/terminal/projects/frax-finance) ### 2.1.9 Integration with Other Protocols The majority of frxETH liquidity is in the Curve ETH/frxETH pool and other ETH-paired Curve pools. A small percentage is bridged to sidechains/L2s via FraxFerry or integrated into other DEX liquidity pools such as UniswapV3. The chart below excludes sfrxETH. Note that 64% of frxETH is deposited into the sfrxETH vault. 10.8% of frxETH categorized as "other" are either held in wallets, multisigs, or DeFi protocols with <$100k token liquidity. There are 75,025 frxETH in DeFi contracts (excluding sfrxETH) with token liquidity >$100k.  Source: [Etherscan - frxETH](https://etherscan.io/token/0x5e8422345238f34275888049021821e8e08caa1f#balances) | Date: 7/12/2023 26% of sfrxETH is deposited as collateral in FraxLend to borrow FRAX. 7.3% is in a balancer pool paired with other LSD assets (wstETH and rETH). 5.7% is used as collateral in crvUSD. The majority of sfrxETH is not integrated into DeFi, but rather held in EOA wallets or multisigs.  Source: [Etherscan](https://etherscan.io/token/0xac3e018457b222d93114458476f3e3416abbe38f#balances) | Date: 7/11/23 ## 2.2 Competitive Analysis Metrics ### 2.2.1 Market Share frxETH has 2.3% of the overall LSD marketshare as of July 11th, ranking it 4th by marketshare behind stETH, cbETH, and rETH.  Source: [DefiLlama](https://defillama.com/lsd) Since inception in October 2022, its marketshare has generally been in a strong growth trend with a slight reversion since mid-June:  Source: [DefiLlama](https://defillama.com/lsd) | Date: 7/11/2023 ### 2.2.2 Trading Volume Share in Total LSD Trading Volume The top 9 ETH staking derivatives are used for calculating the overall LSD trading volume (in the table below). frxETH has 7.92% and sfrxETH has 1.67% in LSD tokens sector total trading volume. Although s/frxETH has less marketshare than both rETH and cbETH, it outperforms rETH in volume and nearly matches cbETH. | Liquid Staking Derivative | Average Daily Volume for 30d period (07-06 to 06-07 2023 ) | | --- | --- | | Volume (stETH) | $16,069,769  | | Volume (wstETH) | $26,744,235  | | Volume (cbETH) | $6,437,501  | | Volume (wBETH) | $379,422  | | Volume (rETH) | $2,783,378  | | Volume (frxETH) | $4,623,302  | | Volume (sfrxETH) | $975,956  | | Volume (ankrETH) | $50,648  | | Volume (sETH2) | $293,695  | | Total | $58,357,911 - total ETH LSD tokens avg daily volume (30d) | Source: [CoinGecko](https://www.coingecko.com/en/categories/liquid-staking-tokens) ### 2.2.3 Protocol Staking Yield According to [DefiLlama](https://defillama.com/lsd), the current 30-day APY of sfrxETH vs. competitors is: - stETH: 3.88% - cbETH: 3.53% - rETH: 3.12% - sfrxETH: 5.08% - BETH: 4.33% Since inception, sfrxETH has outperformed all competitors on yield. This is due to the dual-token model along with a strategy Frax uses to manage liquidity through Curve gauge incentives. All staked ETH yield produced from frxETH holders gets distributed to sfrxETH holders. Frax is able to incentivize liquidity for frxETH in Curve due to its governance stake and AMO market making strategy. In other words, 1 sfrxETH consistently earns >1 ETH worth of staking rewards.  Source: [Frax Facts](https://facts.frax.finance/frxeth) ### 2.2.4 Slashing Rate Slashing events are generally rare and frxETH has a relatively short history (only live since October '22). In that time, Frax has not experienced a slashing event and has less loss from penalties as a percent of rewards earned than any main competitors. Frax regularly cites its validator performance on Rated.Network as evidence that they have a history of consistently outperforming all competitors on validator performance.  Source: [Rated.network](https://www.rated.network/?network=mainnet&view=pool&timeWindow=all&page=1) | 6/26/2023 ## 2.3 Subsidization of Economic Activity ### 2.3.1 Existence of an Incentive Program Curve/Convex has become an integral part of all design choices for FRAX. Curve combines liquidity with a novel incentive layer (the Curve gauge) to encourage liquidity provision. Convex is a layer above Curve that offers an opportunity to earn boosted CRV yields while also expanding control of veCRV governance power through the vlCVX meta-governance token. Once a user mints frxETH, they have a choice to either stake in the vault or provide liquidity. Vault rewards are paid in ETH, Curve LP rewards are in CRV,CVX, and FXS. The following chart shows the yield earned from sfrxETH (blue) vs frxETH deposited in Curve (orange). Market dynamics cause the relative yields to roughly correlate.  Source: [Frax Fact](https://facts.frax.finance/frxeth) Frax has almost 7% share in vlCVX which they use to vote on gauge weighting (weekly CRV incentives) to ensure healthy CRV emission for the choosen pools. It also regularly bribes other vlCVX voters for gauge weighting in its own FXS token. Bribes are typically considered a more efficient incentive strategy than incentivizing LPs directly because historically $1 worth of bribe incentives have resulted in >$1 worth of CRV+CVX emissions. A portion of the weekly bribes are recouped because Frax uses a strategy to manage protocol owned liquidity (POL) in various Curve pools. Therefore bribes to the pools, in part, are redistributed to Frax's own POL. For instance, the frxETH/ETH Curve pool is currently ~42% composed of Frax POL. The CRV rewards originating from the vlCVX votes towards the frxETH pools on curve can be considered a form of incentive program managed by Frax. To receive incentives, users must provide frxETH liquidity (ultimately acting as a redemption pool on curve). The sfrxETH holders benefit from the newly staked ETH that came from minting frxETH. Frax Finance additionally has its own gauge system that incentivizes staked positions of liquidity on Curve and Convex. FXS emission flow through this gauges as incentives. Currently Frax Finance streams FXS rewards to the Balancer frxETH-bb-a-WETH pool and Curve frxETH/ETH pool:  Source: [Frax Dapp - Staking](https://app.frax.finance/staking/overview) ### 2.3.2 Size of the Incentive Program in USD Incentives are a core strategy used by Frax to drive adoption and sustain liquid markets, although it plays both sides of the field by supplying incentives while also being the beneficiary of incentives (due to its POL market making activities). In the latest Votium round (Curve bribes) which is conducted in 2-week epochs, Frax incentivized various pools containing FRAX and frxETH with a total of $555k in its native FXS token. Bribe stats by round can be found on [Llama.airforce](https://llama.airforce/#/bribes/rounds/votium/cvx-crv/48). The Frax frxETH Treasury is also using emissions earned by its POL in the frxETH pool as bribe incentives. In the latest Votium round, it deposited 86,339.52 CRV, 1,346.88 CVX, and 5,085.12 FXS as incentives for the frxETH pool. As mentioned previously, Frax owns 42% of the pool liquidity, so it will recoup a share of the incentives. FXS emissions towards frxETH/ETH pool on Convex since April: | Cycle | From | To | Gauge weight | FXS Reward | | ----- | ---------- | ---------- | ------------ | ---------- | | c79 | 06/28/2023 | 07/05/2023 | 19.00% | 8,313.00 | | c78 | 06/21/2023 | 06/28/2023 | 18.72% | 8,191.00 | | c77 | 06/14/2023 | 06/21/2023 | 21.68% | 9,484.00 | | c76 | 06/07/2023 | 06/14/2023 | 21.59% | 9,445.00 | | c75 | 05/31/2023 | 06/07/2023 | 22.95% | 10,039.00 | | c74 | 05/24/2023 | 05/31/2023 | 22.86% | 10,000.00 | | c73 | 05/17/2023 | 05/24/2023 | 21.67% | 9,483.00 | | c72 | 05/10/2023 | 05/17/2023 | 21.62% | 9,458.00 | | c71 | 05/03/2023 | 05/10/2023 | 21.24% | 9,291.00 | | c70 | 04/26/2023 | 05/03/2023 | 21.16% | 9,259.00 | | c69 | 04/19/2023 | 04/26/2023 | 20.27% | 8,870.00 | | c68 | 04/12/2023 | 04/19/2023 | 20.27% | 8,867.00 | # Section 3 Market Risk This section addresses the ease of liquidation based on historical market conditions. It seeks to clarify (1) the Liquid Staking Basis & Volatility of sfrxETH, and (2) the liquidity profile of the collateral. Market risk refers to the potential for financial losses resulting from adverse changes in market conditions. This section is divided into 2 sub-sections: - 3.1: Volatility Analysis - 3.2: Liquidity Analysis ## 3.1 Volatility Analysis ### 3.1.1 Liquid Staking Basis (LSB) *Note: The “Liquid Staking Basis & Volatility Analysis” section is based on data provided by the CoinGecko Terminal API. The data was obtained from the Curve frxETH/ETH pool on Ethereum, representing the most liquid DEX on Ethereum. We used OHLCV (Open, High, Low, Close, Volume) daily data for the analysis.* The LSB (Liquid Staking Basis) represents the price difference between frxETH (liquid staking token) and its underlying asset, ETH. It measures the deviation of the frxETH price from the ETH price.  Source: [Coingecko Historical Data]((https://www.coingecko.com/en/coins/frax-ether/historical_data#panel)) The LSB values range from negative to positive, indicating periods when frxETH traded at a discount or premium relative to ETH. As seen from the chart, frxETH generally trades tightly around the price of ETH with increasing divergence in the past month. This divergence is very small, with the peak discount only reaching around .25%. **Absolute Liquid Staking Basis (LSB_abs)** The LSB_abs represents the absolute value of the LSB, indicating the magnitude of the price difference between frxETH and ETH without considering the direction (premium or discount).  The LSB_abs values represent the magnitude of the basis and indicate the extent of the price difference between frxETH and ETH. The magnitude of divergence from frxETH to the underlying asset ETH ranges from nearly on par to a maximum divergence briefly of .4%. ### 3.1.2 LSD Volatility **frxETH Volatility - 30 Days** The following chart shows the annualized 30-day average price volatility for frxETH. The 30-day high was 49.6% and the 30-day low was 37.1% as of July 11th.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=financials&chart=volatility) **frxETH Volatility - 60 Days** The following chart shows the annualized 60-day average price volatility for frxETH. The 30-day high was 50.13% and the 30-day low was 40.1% as of July 11th.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/FRXETH/deep-dive?group=financials&chart=volatility) ### 3.1.3 Yield Volatility sfrxETH staking rewards consist of two parts (like for any other LSD protocol): - **Rewards from Consensus Layer** (Block Proposal Reward, Attestation Reward, Sync Committee reward). Consensus layer rewards change based on the number of validators. The consensus layer rewards stay the same regardless of network traffic volume, so they are quite stable. - **Rewards from Execution Layer** (Txs priority tips and MEV tips). Execution layer rewards have high fluctuations because they are based on Ethereum network traffic volume. For example, when Ethereum network traffic increases, users pay higher priority tips and there is more opportunity for MEV executions.  Source: [Frax Facts](https://facts.frax.finance/frxeth) The Compass Staking Yield Reference Index Ethereum (STYETH) is a measure of the annualized daily ETH staking yield. The following chart shows the sfrxETH staking median APY compared with the STYETH:  Source: [DefiLlama](https://defillama.com/yields/pool/77020688-e1f9-443c-9388-e51ace15cc32) and [Compass STYETH index](https://www.compassft.com/indice/styeth/) ## 3.2 Liquidity Analysis ### 3.2.1 Supported DEXs and CEXs Both versions of Frax LSD tokens are supported only on DEXs. On Ethereum, liquidity is concentrated on 3 DEXs - Curve, Uniswap and Balancer. **frxETH**: The frxETH token has about 97% of its DEX liquidity in Curve finance in over [15 liquidity pools](https://curve.fi/#/ethereum/pools?filter=all). The ETH/frxETH pool represents by far the largest in terms of TVL ([~$163,218,680 TVL](https://etherscan.io/tokenholdings?a=0xa1f8a6807c402e4a15ef4eba36528a3fed24e577)).  Source: [Nansen](https://pro.nansen.ai/token-god-mode/exchanges?token_address=0x5e8422345238f34275888049021821e8e08caa1f) | Date: 7/6/2023 **sfrxETH**: sfrxETH on Curve.fi is used as collateral for minting crvUSD and therefore should not be calculated as liquidity intended exclusively for exchange (liquidity base). Although the Curve CDP protocol has AMM features (LLAMMA), they only apply to backstop bi-directional conversions.  Source: [Nansen](https://pro.nansen.ai/token-god-mode/exchanges?token_address=0xac3e018457b222d93114458476f3e3416abbe38f) | Date: 7/6/2023 ### 3.2.2 LSD Token Total On-chain Liquidity According to DexGuru data (on July 8th, 2023), frxETH total on-chain liquidity on Ethereum is [$75,444,639](https://dex.guru/liquidity/token/eth/0x5e8422345238f34275888049021821e8e08caa1f). Optimism liquidity: [$6,007](https://dex.guru/token/optimism/0x6806411765af15bddd26f8f544a34cc40cb9838b) Arbitrum liquidity: [$1,115,627](https://dex.guru/liquidity/token/arbitrum/0x178412e79c25968a32e89b11f63b33f733770c2a) Polygon: liquidity: [$2,001](https://dex.guru/liquidity/token/polygon/0xee327f889d5947c1dc1934bb208a1e792f953e96) BSC: [$2,873,056](https://dex.guru/liquidity/token/bsc/0x64048a7eecf3a2f1ba9e144aac3d7db6e58f555e) Polygon zkEVM: [$5,130](https://dex.guru/token/zkevm/0xcf7ecee185f19e2e970a301ee37f93536ed66179) ### 3.2.3 Liquidity Utilization Rate In the observed period of 30 days (from June 7 to July 6, 2023), frxETH has an average Liquidity Utilization rate of 8.29% (sfrxETH had only 2.47%). It als has higher min and max daily utilizations. frxETH's lowest day had a rate of 1.10% (sfrxETH had 0.01%) and its highest day had 36.37% (sfrxETH had 9.09%). In the observed period, sfrxETH had a higher Liquidity Utilization rate in 5 out of the 30 observed days. Daily frxETH Liquidity Utilization Rates for last 30 days:  Source: [DexGuru](https://dex.guru) and [Nansen](https://pro.nansen.ai/token-god-mode?token_address=0x5e8422345238f34275888049021821e8e08caa1f) Daily sfrxETH Liquidity Utilization Rates for last 30 days:  Source: [DexGuru](https://dex.guru) and [Nansen](https://pro.nansen.ai/token-god-mode?token_address=0xac3e018457b222d93114458476f3e3416abbe38f) ### 3.2.4 LSD Leverage Ratio sfrxETH is supported as collateral on FraxLend (Frax protocol CDP) and Curve LLAMMA CDP protocol. On FraxLend, sfrxETH has the highest utilization rate of 84.15% out of 15 collateral assets. Currently, 32.11m FRAX is borrowed against 38,248.98 sfrxETH, with 6.04m FRAX still available for borrowing.The utilization rate might even rise given the present interest rates, which for this level of utilization are 2.55% lender APY and a 2.99% APR cost for borrowers. The maximum LTV (Loan-to-Value) for sfrxETH is 75%, therefore, this position does not represent a significant risk. Additionally, CDP vaults are isolated.  Source: [Fraxlend](https://app.frax.finance/fraxlend/available-pairs) On Curve LLAMMA CDP protocol, sfrxETH currently has a 81.2% utilization rate from a borrow cap that is set to 10m crvUSD. The sfrxETH total collateral on Curve is 8,345.11 sfrxETH with 1.88m crvUSD available to borrow.  Source: [crvUSD Curve markets](https://crvusd.curve.fi/#/ethereum/markets) Unlike Fraxlend, which uses a fixed spread open liquidation model with a standard 10% liquidation premium, LLAMMA is an advanced AMM backstop with collateral distributed into "Price interval bands". Collateral distribution across "Price Bands" enables more detailed monitoring and provides better insights from a risk management perspective:  Source: [Curve sfrxETH Market](https://crvusd.curve.fi/#/ethereum/markets/sfrxeth/create) ### 3.2.5 Slippage frxETH liquidity creates 2.5% slippage on trade over 28,614 (~$54,366,600) frxETH to ETH:  Source: [Defi Llama - Slippage tool](https://defillama.com/liquidity) | Date: 7/7/2023 1inch estimates a 1% slippage for a swap size of 27,400 frxETH (~$51m). By contrast, cbETH would produce similar slippage with only a ~$18m swap. stETH would require a ~$300m swap, although the marketcap of stETH is over 32x that of frxETH. # Section 4 Technological Risk This section addresses the persistence of collateral properties from a technological perspective. It aims to convey, (1) where technological risk arises that can change the fundamental properties of the collateral (e.g. unresolved audit issues), and (2) do any composability/dependency requirements present potential issues (e.g. is a reliable pricefeed oracle available?). This section is divided into 3 sub-sections: - 4.1: Smart Contract Risk - 4.2: Product and Layer Composability - 4.3: Oracle Pricefeed Availability ## 4.1 Smart Contract Risk ### 4.1.1 Protocol Audits There has only been one audit of frxETH and sfrxETH by [code4rena](https://code4rena.com/reports/2022-09-frax) on 29th of November, 2022 (contest taking place from 22nd to 25th September). The frxETH code heavily borrows from Frax and FPI stablecoins. Both of these are battle tested and have gone through extensive audits. The C4 analysis discovered a total of 12 unique vulnerabilities. Two of these vulnerabilities were rated as HIGH severity, while the remaining 10 were rated as MEDIUM severity. The analysis also included 83 reports that identified issues with a LOW severity rating or that were non-critical. Additionally, there were 93 reports that recommended gas optimizations. All of the issues are linked back to their original findings. ### 4.1.2 Concerning Audit Signs The report stated 2 high risk vulnerabilities: - [Wrong accounting logic when it comes to syncing reward](https://github.com/code-423n4/2022-09-frax-findings/issues/15) Fixed at [996d528](https://github.com/FraxFinance/frxETH-public/commit/996d528b46d1b2a0ac2e5b8f6d2138ccab8e03f5) The vulnerability is related to prematurely updating the state of the xERC4626 contract without any transfer of asset taking place. Hence, in the next reward cycle, the calculation for the amount withdrawn will be inflated. This vulnerability does not require a malicious user or a targeted attack to happen. It can happen by normal user interactions with the vault, as shown in the proof of concept. - [Frontrunning by malicious validator](https://github.com/code-423n4/2022-09-frax-findings/issues/81) Not Fixed but acknowledged In this vulnerability we get to know that a malicious validator can frontrun transactions as no checking for valid validator pubkeys, signatures, etc are done here. They are assumed to be done off chain before they are added as **all the validators are owned by the protocol itself.** The report stated 10 medium risk vulnerabilities: - [Centralization risk: admin have privileges](https://github.com/code-423n4/2022-09-frax-findings/issues/107) Not Fixed Admin has a lot of power, admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw funds from frxETHMinter. **Issue has been acknowledged but not mitigated** as it has been claimed that **“The owner will most likely be a large multisig”** - [Rewards release delay could cause yields stolen and lost](https://github.com/code-423n4/2022-09-frax-findings/issues/110) Fixed at [1ec457c](https://github.com/FraxFinance/frxETH-public/commit/1ec457c7f5faed618971fb29b9bcc6d54453b093) The rewards accounting system had a flaw where vault shares in deposit() and redeem() cannot accurately track the spot yields generated by the staked asset. These yields are released in the next rewards cycle. This vulnerability allowed malicious users to exploit innocent users by strategically timing their deposit() and redeem() actions to steal the yields. - [frxETH can be depegged due to ETH staking balance slashing](https://github.com/code-423n4/2022-09-frax-findings/issues/113) Not Fixed but acknowledged frxETH contract doesn’t account for slashing of Ethereum when validators are penalized. Hence there could be a case where a validator might have less than 32 ETH. This issue was acknowledged and it was said that **the minting logic of frxETH will be updated when the feature of unstaking ethereum comes into existence**. The last time frxETH saw any commit was on January 25th of 2023. **No commits after the Shanghai upgrade**. - [removeValidator() and removeMinter() may fail due to exceeding gas limit](https://github.com/code-423n4/2022-09-frax-findings/issues/12) Not Fixed but acknowledged An unbounded loop loops over an array of minters/validators to find a particular one to remove. The warden claims that the gas limit might be exceeded when the array has a large length but it is assured that usually the number of members in the array will be low, which seems to be a valid reasoning. Moreover the sender can always send more gas. - [frxETHMinter.depositEther may run out of gas, leading to lost ETH](https://github.com/code-423n4/2022-09-frax-findings/issues/17) Fixed at [4156d3f](https://github.com/FraxFinance/frxETH-public/commit/4156d3f5f21e8d78cdd5de418566a2f16d626e4c) The frxETHMinter.depositEther function has a potential issue where it iterates over all possible deposits based on the current balance. However, when a large amount of ETH has been deposited into the contract or if the function has not been called for a long time, this loop can exceed the gas limit. Consequently, further calls to depositEther become impossible due to running out of gas. The likelihood of encountering this problem depends on the price of ETH, with higher prices requiring larger deposits to trigger the issue. However, even smaller deposits can cause problems at lower ETH prices. It is generally considered undesirable for a protocol's functionality to depend on the price of ETH. - [frxETHMinter: Non-conforming ERC20 tokens not recoverable](https://github.com/code-423n4/2022-09-frax-findings/issues/18) Not Fixed The contract includes a function called recoverERC20, which is intended to retrieve ERC20 tokens that were mistakenly sent to the contract. However, certain tokens do not return a value upon a successful transfer, causing the function call to fail and revert even if the transfer would have been successful. As a result, these tokens become permanently stuck in the contract and cannot be recovered. It has been said that this should not be considered as a risk as accidentally sent tokens are likely to be ETH, FRAX, frxETH, or sfrxETH, all of which are transfer compliant. Wardens have suggested using safeTransfer/safeERC20. - [`getNextValidator()` error could temporarily make `depositEther()` inoperable](https://github.com/code-423n4/2022-09-frax-findings/issues/219) Not Fixed The depositEther function is dependent on getNextValidator, which can give a validator address that already has 32 ETH. In response it has been said that an eye is being kept on free validators and there’s a decent sized buffer of them. - [Withheld ETH should not be sent back to the frxETHMinter contract itself](https://github.com/code-423n4/2022-09-frax-findings/issues/221) Not Fixed Reason being that the admin account will most probably be a multisig. - [`recoverEther` not updating `currentWithheldETH` breaks calculation of withheld amount for further deposits](https://github.com/code-423n4/2022-09-frax-findings/issues/346) Not Fixed The emergency exit function, recoverEther, enables the contract owner to retrieve ETH in the event of an issue. However, this function fails to update the currentWithheldETH variable. Consequently, when deposits resume after the emergency recovery, currentWithheldETH will have an offset and will not align with the withholdRatio. This has direct consequences: depositEther may not deposit the anticipated amount of ETH into the ETH 2.0 staking contract, and the amount of ETH moved to an external yield protocol using moveWithheldETH() will exceed the intended value. In response it was said that withholdRatio is not a strict rule at all, and can be updated by user, but recoverEth will likely be used when migrating to new contract, hence accounting won’t be important. - [sfrxETH: The volatile result of previewMint() may prevent mintWithSignature from working](https://github.com/code-423n4/2022-09-frax-findings/issues/35) Fixed at [793103a](https://github.com/FraxFinance/frxETH-public/commit/793103ad1b88d71cd1b1c40d55778af31817bd86) In the sfrxETH contracts, the previewMint() function's result is affected by the contract's state, leading to volatility in the value of "amount" parameter in the mintWithSignature function when "approveMax" is set to false. This inconsistency becomes problematic when using mintWithSignature, as it requires the user to sign for an accurate amount value. If the amount used in mintWithSignature differs from the result of previewMint, the mintWithSignature function will not function correctly. The remaining low risk issues are mostly gas optimizations, removing unused imports, lints and recommendations. ### 4.1.3 Bug Bounty Frax has their bounty program advertised in their [docs](https://docs.frax.finance/smart-contracts/miscellaneous#frax-bug-bounty). The bounty for discovering an exploit is set at the lesser of 10% of the total potential exploit or $10m. The bounty program includes all smart contracts deployed by Frax Deployer and specifically mentions frxETH being within scope of the bounty program. Bounty payouts will be provided either immediately or within a maximum of 5 days, taking into account timelock and mitigation processes. The bounty program follows a "no questions asked" policy, encouraging individuals to disclose incidents or promptly return funds without facing inquiries. ### 4.1.4 Immutability The smart contracts aren't upgradable nor do they have any proxies. ### 4.1.5 Developer Activity An initial code dump to the [frxETH GitHub repo](https://github.com/FraxFinance/frxETH-public/commits/master) occured on September 19th 2022. Afterwards multiple commits were made until January 25th, 2023. No further commits have been made since then. ### 4.1.6 SC Maturity The first contracts were deployed to mainnet on 6th of October, 2022. The first [transfer](https://etherscan.io/tx/0x1d2add7b30b4d411ef95b948af5b6a13a60ec91dadbcbd87b6da5da8bc16a91b) of frxETH took place on that day itself (with an amount of 0.001 frxETH). On 11th October 2022, 1 frxETH was staked for 1 sfrxETH in this [transaction](https://etherscan.io/tx/0xbf88046d7c09142ab075ba98a41a9f5df5fa64fe0806cbdb5e4c1689a9141e30). Although frxETH has a comparatively short history compared to competitors (stETH deployed 11/20, cbETH deployed 2/22), frxETH shares much of its code with FRAX and FPI. ### 4.1.7 Previous Incidents There have not been any incidents to date. ## 4.2 Product and Layer Composability ### 4.2.1 Dependencies These are the following dependencies of the protocol - `OperatorRegistry.sol` The system maintains a record of available validators to which batches of 32 ETH can be added. It includes several operations involving arrays. **To conserve gas, the validation checks for validity and array ordering are assumed to be performed off-chain before executing the transactions.** - `ERC4626.sol, xERC4626.sol` These contracts have already been audited several times ([XTRIBE Audit](https://code4rena.com/reports/2022-04-xtribe)). Although, [**there are known issues with `xERC4626.sol`**](https://github.com/FraxFinance/frxETH-public#xerc4626sol). The project uses a fork of fei-protocol's xERC2626. The only part that is different in the fork is the change in duration and added protection against donation attack. - `DepositContract.sol` Official Ethereum 2.0 deposit contract. - `Owned.sol` Created by synthetix.io - `ERC20Permit, ERC20Burnable, etc` Extensively audited by OpenZeppelin - [Multisig wallet](https://etherscan.io/address/0x8306300ffd616049FD7e4b0354a64Da835c1A81C) that is the owner of frxETH A 3/5 multisig wallet that owns frxETH ### 4.2.2 Withdrawal Processing It is currently not possible to withdraw staked ETH by burning frxETH (however sfrxETH can be redeemed for frxETH). The Frax team have said they will soon add functionality to allow users to directly redeem frxETH for ETH, although they believe inefficiencies around withdrawal processing make this a sub-optimal choice in most situations. Instead, Frax depends on frxETH liquidity in the Curve pool to support user redemptions. Its AMO operations allow the protocol to process user redemptions and maintain pool balance. It strategically manages pool balance. For example, during times of high redemption demand the multisig will increase ethWithholdRatio (example [tx](https://etherscan.io/tx/0x8bffc5ae0b1c11c854a07272be20c8f51da36374ee492b6e48db7fc5cf206f5b#eventlog), set ratio to 70% on 6/15/23) on ETH deposits and swap the ETH into Curve (example [tx](https://etherscan.io/tx/0x38ba6271d50470ad5675d273389e899133d7a064c056a1e025aa32296a1c07a5), swap ETH for frxETH in Curve pool). As a last resort, Frax team say they would exit validators to retrieve ETH and use that to balance the pool. As should be apparent, this unique strategy to depend primarily on active liquidity management to honor user redemptions requires the honest and responsible management of user funds by the 3-of-5 Treasury multisig. ## 4.3 Oracle Pricefeed Availability ### 4.3.1 Understanding the Oracle There is no direct Chainlink Oracle feed for frxETH, allegedly due to the lack of on-chain trading volume. The main oracle available is [`sfrxEthFraxOracle`](https://etherscan.io/address/0xB9af7723CfBd4469A7E8aa60B93428D648Bda99d#code), a contract deployed by the Frax team and used by the frxETH and FraxLend protocols. The liquidity for it is based on Frax's own protocol owned liquidity. The Frax custom oracle implementation was deployed on June 27th, 2023, so it is still new and its reliability cannot be confirmed. The oracle contracts have not yet been audited by an external firm. `sfrxEthFraxOracle` reports prices from 2 sources: 1. Uniswap V3 time-weighted average price (TWAP) of frxETH/FRAX (TWAP duration currently is 15 minutes), and the Chainlink [FRAX/USD Oracle](https://etherscan.io/address/0xB9E1E3A9feFf48998E45Fa90847ed4D467E8BcfD). 2. The exponential moving average (EMA) of the [frxETH/ETH Curve Pool](https://curve.fi/#/ethereum/pools/frxeth) (EMA time currently is 2 hours), and the [Chainlink ETH/USD Oracle](https://etherscan.io/address/0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419). This contract has various parameterizable settings; Oracle delay, min and max bounds for EMA, a deviation threshold between data sources, and `_isBadData` bool for stale or negative feed. Price data is processed through the [`sfrxEthEthDualOracle`](https://etherscan.io/address/0x1473F3e4d236CBBe3412b9f65B4c210756BE2C0E) which calls the oracle contract every 18 hours to update the data. There are bounds placed on both oracle sources requiring the frxETH/ETH rate to be between .7 and 1. Both Chainlink feeds will be considered stale if the delay between updates is greater than 65 minutes. A deviation of >3% between the Uniswap and Curve source triggers bad data. Data is pushed in rounds that Frax maintains on an 18 hour heartbeat, although the function call is permissionless. The data is considered stale if the delay is greater than 24 hours.  Diagram of the sfrxETH Frax Oracle (Llama Risk - July 2023) ### 4.3.2 Token Liquidity and Distribution Liquidity for Frax's liquid staking tokens, frxETH and sfrxETH, is primarily found on Decentralized Exchanges (DEXs), including Curve, Balancer, and Uniswap. Although both tokens possess substantial liquidity, frxETH is substantially more liquid than sfrxETH. This is thanks, in large part, to Frax's [dedicated program](https://gov.frax.finance/t/fip-182-frxethbp-wethr-program/2097) for incentivizing frxETH DEX liquidity. On the lending front, sfrxETH demonstrates high utilization rates on Fraxland and Curve LLAMMA protocols. The collateral risk is well-maintained, however, as the maximum Loan-to-Value (LTV) for sfrxETH is controlled at 75%, indicating a managed liquidity scenario. Despite these dynamics, the capital distribution of frxETH and sfrxETH across different chains is more limited than their counterparts, potentially limiting their resistance against market manipulation. ### 4.3.3 Attack Vectors **Curve EMA**: According to the Curve team, the Curve EMA is not suitable for use as an oracle since it can be manipulated over multiple blocks. If no trades occur in the pool for an extended period, the oracle data can become stale, leading to inaccurate price information. This is intended to be rectified in an upcoming pool implementation. **Uniswap V3 Dependency**: Relying heavily on Uniswap V3 for price feeds can be problematic as it uses the last traded prices. While Chainlink also uses the last traded price, it applies volume weighting across all liquidity venues, making it less susceptible to manipulation compared to any single DEX pool. The [Uniswap frxETH/FRAX pool](https://info.uniswap.org/#/pools/0x36c060cc4b088c830a561e959a679a58205d3f56) also has very low trading volume and liquidity (less than $2m TVL on July 7th). **Data Refresh Frequency**: The Chainlink oracle (ETH/USD) pushes price updates based on a 1-hour heartbeat or a price deviation of more than 1%. The Frax custom oracle pushes updates on a 18-hour heartbeat. This approach presents a risk as the update may not be triggered in a timely manner if rapid price changes occur. ### 4.3.4 Associated Vulnerabilities **Bad Debt Creation**: In the event of a successful price feed manipulation attack, one direct consequence could be the creation of bad debt within the protocol. Lending protocols depend on accurate price feeds to maintain appropriate collateralization ratios. If the price feed is manipulated to depict an inaccurate price, attackers could execute malicious actions, leading to the creation of bad debt. **Faulty Liquidation**: If an oracle is manipulated to drastically lower the price of a collateral asset within a lending protocol, it could trigger unjust liquidations of user positions. This scenario could result in significant financial losses for users and disrupt the normal operations of the protocol. # Section 5 Counterparty Risk This section addresses the persistence of sfrxETH’s properties from an ownership rights perspective (i.e. possession, use, transfer, exclusion, profiteering, control, legal claim). The reader should get a clear idea of (1) who can legitimately change properties of the collateral (e.g. minting additional units) and what their reputation is, (2) the extent that changes can be implemented and the effect on the collateral. This section is divided into 4 subsections: - 5.1: Governance - 5.2: Decentralization of the LSD - 5.3: Economic Performance - 5.4: Legal ## 5.1 Governance ### 5.1.1 Governance Scope Frax initially deployed a [governance contract](https://etherscan.io/address/0xd74034C6109A23B6c7657144cAcBbBB82BDCB00E) derived from Compound's governor alpha, utilizing FXS as the voting token. However, this on-chain voting engine has not been operational since December 2020, with the exception of setting the timelock address. Consequently, there exists an implicit trust assumption in Frax's core team to operate the protocol responsibly and to respect outcomes determined on Snapshot. The Core Team effectively has complete control over the Frax protocol and treasury. Currently, the [3-of-5 multisig](https://etherscan.io/address/0xB1748C79709f4Ba2Dd82834B8c82D4a505003f27) consists of Sam Kazemian, Travis Moore, Jason Huan, Justin Moore, and the Timelock contract (veFXS voters). The following parameters are set for the governor alpha contract, although the application of on-chain governance is purely theoretical: Users holding 1,000,000 FXS have the ability to propose changes to the protocol. Alternatively, users can combine votes to submit a proposal. Proposals undergo a 3-day voting period. If a majority (with a quorum of 4,000,000 FXS) supports the proposal, it goes to the [Timelock](https://etherscan.io/address/0x8412ebf45bAC1B340BbE8F318b928C466c4E39CA) for execution after a 2-day waiting period. **frxETH Governance** The [3-of-5 frxETH Treasury multisig](https://etherscan.io/address/0x8306300ffd616049FD7e4b0354a64Da835c1A81C) owns the [frxETHMinter](https://etherscan.io/token/0x5e8422345238f34275888049021821e8e08caa1f?a=0xbafa44efe7901e04e39dad13167d089c559c1138) and [frxETH token](https://etherscan.io/address/0x5E8422345238F34275888049021821E8E08CAa1f) contracts with core team/developers as the signers (Sam, Travis, Drake, Nader, & Justin). It is responsible for system operations, emergency backstop, and protocol funds management. The treasury multisig has ultimate authority over the management of funds deposited into frxETH, which is uses for both staking into ETH validators and liquidity management. As of July 11th, 2023, its is managing [$437m](https://debank.com/profile/0x8306300ffd616049FD7e4b0354a64Da835c1A81C) and also controls the POL on the Curve pool. The Frax team directly and publicly acknowledge the high level of trust in the current system, and have been planning to upgrade to on-chain governance at least as far back as [December 2021](https://cryptorisks.substack.com/p/asset-risk-assessment-frax-finance) when Llama Risk first began covering Frax. > ...we’ve been forthcoming about the fact that before frxGov and v2, the trust model of frxETH is that the msig is not malicious. It’s an assumption that has to be made for around 1-2 more months until deployment of the onchain governance. >Source: [Frax Finance Telegram - @SamKazemian](https://t.me/fraxfinance/274427) ### 5.1.2 Access Control Both the Timelock contract and the [frxETH Treasury multisig](https://etherscan.io/address/0x8306300ffd616049FD7e4b0354a64Da835c1A81C) have ownership privileges within the frxETH system. They are able to: - handle ETH deposited into the frxETHMinter, - pause the system in emergencies, - set a new owner or timelock address, - mint frxETH, - add or remove minter roles, and - manage eligible validators and validator credentials. The contracts are not upgradable. ### 5.1.3 Distribution of Governance Tokens FXS is a native token for the FRAX ecosystem and locked FXS (veFXS) acts as a governance voting power within the protocol. veFXS balance is determined by the duration for which a user locks the FXS token. The following image shows the amount of FXS tokens locked. Note the distribution might differ from the governance power as the following only shows the amount of FXS token locked and not the veFXS balance.  Source: [Dune Query](https://dune.com/queries/301894/574138) - @seba The following image shows the actual veFXS balance (after considering the multiplier) aka governance power distributed among the top lockers of FXS.  Source: [DefiWars](https://www.defiwars.xyz/wars/frax) Convex holds almost 27 million worth of veFXS balance netting almost 30% of the voting power. Convex itself is composed of many governance participants and weights its votes proportionally (it does not vote as a single bloc). ### 5.1.4 Proposals Frequency Frax's Snapshot proposals are notably frequent. Here are the 20 latest proposals, all of which have gone to vote in the past month: | Sr | Proposal | Start | | End | | Votes | Voters | Status | | -- | ------------------------------------------------------------------------------------------------------------- | --------- | ---------------- | --------- | ---------------- | ---------- | ------ | ------ | | 1 | [FIP - 260] Implement FRAX/DAI Gelato Uniswap pool ragequit function with 20% fee | 7/6/2023 | 1,688,682,240.00 | 7/11/2023 | 1,689,114,240.00 | 942,860 | 18 | active | | 2 | [FIP-259] Add msETH/frxETH to FXS gauge controller | 6/30/2023 | 1,688,135,040.00 | 7/5/2023 | 1,688,567,040.00 | 32,287,889 | 35 | closed | | 3 | [FIP-258] Flywheel Grant Amendments | 6/29/2023 | 1,688,056,500.00 | 7/4/2023 | 1,688,488,500.00 | 10,877,362 | 29 | closed | | 4 | [FIP - 257] Authorize frxETH Curve AMO for a new pair ( frxETH-stETH ) | 6/28/2023 | 1,687,910,700.00 | 7/3/2023 | 1,688,342,700.00 | 11,016,852 | 29 | closed | | 5 | [FIP - 40] [Revote] Funding Frax Core Development, Community Outreach, and Grants | 6/24/2023 | 1,687,645,500.00 | 6/29/2023 | 1,688,077,500.00 | 32,486,374 | 28 | closed | | 6 | [FIP -256] Optimizing FIP-77’s TWAMM Parameters | 6/24/2023 | 1,687,643,400.00 | 6/29/2023 | 1,688,075,400.00 | 32,551,580 | 22 | closed | | 7 | [FIP - 255] Set Fees at 50% for All Sunset Pairs on Fraxlend | 6/24/2023 | 1,687,641,600.00 | 6/29/2023 | 1,688,073,600.00 | 27,071,484 | 21 | closed | | 8 | [FIP- 254] Frax Ecosystem Educational Incentives Program Amendments | 6/24/2023 | 1,687,641,000.00 | 6/29/2023 | 1,688,073,000.00 | 13,568,076 | 26 | closed | | 9 | [FIP - 253] Add rETH/frxETH(StaFi protocol) to FXS gauge controller | 6/22/2023 | 1,687,477,800.00 | 6/27/2023 | 1,687,909,800.00 | 27,841,499 | 26 | closed | | 10 | [FIP - 252] Add the future FRAX/ETH pool on Swaap v2 to FXS gauge controller | 6/19/2023 | 1,687,210,038.00 | 6/24/2023 | 1,687,642,038.00 | 14,324,166 | 28 | closed | | 11 | [FIP - 251] Add ZUSD/FRAXBP to FXS gauge controller | 6/16/2023 | 1,686,933,691.00 | 6/21/2023 | 1,687,365,691.00 | 27,727,304 | 18 | closed | | 12 | [FIP - 250] Axelar <> Frax: Match $5k per month worth of bribes towards axlUSDC-FRAXBP Curve pool on Arbitrum | 6/16/2023 | 1,686,931,654.00 | 6/21/2023 | 1,687,363,654.00 | 27,727,594 | 18 | closed | | 13 | [FIP - 249] Axelar <> Frax: Add axlUSDC-FRAXBP Curve pool on Arbitrum to the FXS gauge controller | 6/16/2023 | 1,686,931,654.00 | 6/21/2023 | 1,687,363,654.00 | 27,727,643 | 18 | closed | | 14 | [FIP - 248] Add frxETH-CRV Curve Pool to FXS gauge controller | 6/12/2023 | 1,686,595,256.00 | 6/17/2023 | 1,687,027,256.00 | 12,887,992 | 22 | closed | | 15 | [FIP - 247] Add frxETH-alETH Curve Pool to FXS gauge controller | 6/12/2023 | 1,686,595,256.00 | 6/17/2023 | 1,687,027,256.00 | 12,885,876 | 19 | closed | | 16 | [FIP - 246] Add frxETH-ankrETH Curve Pool to FXS gauge controller | 6/12/2023 | 1,686,595,256.00 | 6/17/2023 | 1,687,027,256.00 | 12,909,929 | 20 | closed | | 17 | [FIP - 245] Add frxETH-CVX Curve Pool to FXS gauge controller | 6/12/2023 | 1,686,595,256.00 | 6/17/2023 | 1,687,027,256.00 | 8,742,697 | 15 | closed | | 18 | [FIP - 244] Add frxETH-sETH Curve Pool to FXS gauge controller | 6/12/2023 | 1,686,595,256.00 | 6/17/2023 | 1,687,027,256.00 | 7,410,897 | 13 | closed | | 19 | [FIP - 243] Add frxETH-cbETH Curve Pool to FXS gauge controller | 6/12/2023 | 1,686,595,256.00 | 6/17/2023 | 1,687,027,256.00 | 5,553,748 | 12 | closed | | 20 | [FIP - 242] Add frxETH-rETH Curve Pool to FXS gauge controller | 6/12/2023 | 1,686,595,256.00 | 6/17/2023 | 1,687,027,256.00 | 7,410,900 | 11 | closed | ### 5.1.5 Participation As per the above image/table, there are an average 21 voters and an average of 10.5 million veFXS votes without the participation of Convex and an average of 30 million veFXS votes when Convex votes. ### 5.1.6 Governance Attack Vectors As of now, all snapshot vote decisions are carried out by the multisig. With this underlying trust assumption, external governance manipulation is not possible. ## 5.2 Decentralization of the LSD ### 5.2.1 Number of Node Operators & Total Number of Validators At present, the Frax Core Team retains exclusive control over all 5872 Ethereum validator nodes under Frax's purview, operating with a 3-of-5 multisig.  Source: [Frax Facts](https://facts.frax.finance/frxeth) Information about Frax's validators can be found on the Frax Facts [Validators](https://facts.frax.finance/frxeth/validators) page and on the [Community Dune Dash](https://dune.com/struct3r/frax-frxeth). ### 5.2.2 Validator Enter/Exit (Churn) Historically, a total of 5,868 validators have joined, contributing to an activated staking value of 187,776 ETH. In the last 30 days, 1,080 validators have entered, injecting 34,560 ETH, while the past week has seen an addition of 109 validators with 3,488 ETH. There are currently 302 validators, representing 9,664 ETH, awaiting entry in the validator queue. Pending validators ballooned in mid-May from around 400 to a peak of 1,200. Frax increased the ethWithheldRatio in mid-June to 70% to divert ETH deposits from onboarding validators and toward liquidity management on Curve. Pending validators have since shrunk to around 300.  Source: [Frax Facts](https://facts.frax.finance/frxeth) ETH staking withdrawals went live with the Shanghai/Capella upgrade as of April 12, 2023, allowing validators to exit. Only 22 validators have exited, amounting to 704 ETH withdrawn. ### 5.2.3 Stakers per Validator As of July 11th, there are 2,362 sfrxETH holders and 5,884 validators. At 32 ETH per validator, there is an average of .401 stakers per validator. Source: [Etherscan](https://etherscan.io/token/0xac3E018457B222d93114458476f3E3416Abbe38F#balances) and [Frax Facts](https://facts.frax.finance/frxeth) ### 5.2.4 Stake Distribution Across Geographic Jurisdictions The geographic distribution of the validator nodes primarily concentrates in Western countries, with an explicit dominance in Europe. France hosts the majority, comprising 49.30% of the nodes. The second and third largest stakes are distributed in the USA with 33.67% and Germany at 17.03%. ### 5.2.5 Consensus client distribution frxETH is primarily powered by two node clients: Lighthouse (50.70%) and Prysm (49.30%). This trend aligns with the overall Ethereum network, where Prysm (38.58%) and Lighthouse (35.09%) also dominate. Source: [Frax Facts](https://facts.frax.finance/frxeth) | [Client Diversity](https://clientdiversity.org/) ## 5.3 Economic Performance ### 5.3.1 Revenue Source Revenue earned by stakers is sent to the [frxETH Treasury multsig](https://etherscan.io/address/0x8306300ffd616049FD7e4b0354a64Da835c1A81C) which is distributed to both sfrxETH holders and the [Frax 3-of-5 team multisig](https://etherscan.io/address/0xB1748C79709f4Ba2Dd82834B8c82D4a505003f27) by minting frxETH to each address. 10% of ETH staking yield is directed to the team multisig. 8% is being used currently to recapitalize FRAX and eventually will be revenue distributed to veFXS holders. 2% is used to cover potential slashing events/unforeseen penalties to cover frxETH deposits and effectively keep frxETH fully collateralized. Revenue depends on the ETH consensus layer rewards, the execution layer rewards (MEV and network usage), the amount of ETH staked on FRAX, the USD price of ETH, and interest earned for liquidity management. ### 5.3.2 Revenue Frax provides a real-time balance sheet showing assets managed by the Treasury multisig, ETH in the Minter awaiting deployment, ETH being staked by validators, and the total frxETH supply. This is a convenient tool to observe all financial activities in the system and confirm sufficient collateralization.  Source: [Frax Facts](https://facts.frax.finance/frxeth/balance-sheet) Frax Facts projects sfrxETH APR based on the weekly earnings and average daily income of the past 72 hours. On July 12th is is projecting 5.33%. It has an average income in the last 72 hours of 24.434 ETH/day from ETH staking rewards. The Convex LP position managed by the treasury is currently earning 4.25% on 31,021.57 ETH. This is earning the protocol ~3.61 ETH/day. The total annualized revenue at this time is 10,236 ETH (~$19m), although this figure is likely to be highly volatile based on the factors listed in section 5.3.1. ### 5.3.3 Net Profit Revenue earned from Frax liquidity management is being used as incentives to stimulate pool growth. If using the revenue estimated in the previous section and counting the 8% fee on staking rewards earmarked for veFXS holders as profit, the annual profit at this time would be 818.88 ETH (~$1.54m). However, protocol revenue is currently being used to recapitalize FRAX, so frxETH can be considered not profitable until FRAX has become fully recapitalized. As of July 9th, 2023, a total of 3,422 ETH has been earned by validators of which 10% is kept as fees.  Source: [Frax Facts](https://facts.frax.finance/frxeth) ## 5.4 Legal *See also our general [LSD Legal Framework Considerations](https://docs.google.com/document/d/e/2PACX-1vRQttlfMTK-kUzPAn_Rx0Mwt_K7pVYK-w27AbxU7iFxMqZctme2Sd_PAhpBHCmVMAUsA7B1KNhVTojH/pub)* ### 5.4.1 Legal Structure Frax Ether is a liquid ETH staking derivative offered through https://app.frax.finance/. The interface indicates governing terms available at https://app.frax.finance/terms. All Frax Finance Services are subject to these Terms including the liquid staking system comprising three primary components, Frax Ether (frxETH), Staked Frax Ether (sfrxETH), and the Frax ETH Minter. Frax is labeled therein as a “fractional-algorithmic stablecoin” protocol without specific reference to the issuing entity or platform operator. According to the information provided by the team working on Frax Finance, the Frax Protocol operates in a decentralized and open-source manner, without being linked to any legal entities such as a dev lab company or equivalent corporations. The software development is carried out openly by the developer community, not tied to any official institution or organization. The Frax Protocol is designed to function independently of traditional infrastructures. It is a self-sustaining protocol that can operate entirely without a user interface or specific web application. The frontend is also being hosted on IPFS accessible at https://xn--bba.to/ & https://frax.to/, thus eliminating centralization concerns, concentration of control in one person or take over from malicious third parties over it. All interactions with the Services, regardless of user registration status, are governed by the Terms. Frax Finance holds all the rights over the Service and any content produced by or related to Frax Finance. As a general rule users are given a non-exclusive, limited, non-transferable, and revocable license to utilize the Service in accordance with its functionalities. Broad applicability of the scope establishes a robust level of protection for Frax. Termination at will clause ensures Frax can prevent a user from accessing their Service whenever they deem necessary. Many DAOs decide to operate without any formal legal structure. While this doesn't inherently break any laws, it can lead to significant practical and potential legal implications for those involved in the DAO, particularly for those who play active roles in its operations. We won’t discuss practical features but will pay attention to potential enforcement actions. There's a significant risk assessed by the legal [academics](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4123737) that a profit-oriented DAO without a legal incorporation could be determined by a court to be an "unincorporated general partnership." This could potentially make DAO members responsible for any debts or legal issues that the DAO encounters. This theory, though, has numerous unresolved questions, such as whether merely owning tokens of a DAO would classify someone as a general partner, or if more active involvement, like participating in governance, is required to hold such liability. In the most extreme situation, a member of a DAO could be held liable for all the debts and legal issues faced by the DAO. ### 5.4.2 Licenses According to the [guidance](https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/June2023-Targeted-Update-VA-VASP.pdf.coredownload.pdf#page34) provided by the FATF, a DeFi application is not considered a Virtual Asset Service Provider (VASP) as per FATF's standards. This is because these standards don't apply to the underlying software or technology. However, individuals who are creators, owners, operators, or others who maintain control or wield substantial influence over the DeFi arrangements may fall under the FATF's definition of a VASP. This is possible even if those arrangements appear decentralized, as long as they are delivering or actively enabling VASP services. Such a categorization holds true even if other parties are involved in the service or if some parts of the process are automated. Owners or operators are often identifiable by their relationship to the activities being conducted. For instance, they might have control or considerable influence over assets or aspects of the service's protocol, or maintain an ongoing business relationship with users, even if this is executed via a smart contract or voting protocols in some cases. Expanded scope would include persons who hold administrative keys; persons involved in governance structures, including holders of governance tokens holders and/or DAO participants based on concentration of influence and ability to amend, update or otherwise substantively affect the DeFi protocol; managers of applications to interface with DeFi arrangements; persons involved in promoting the DeFi arrangement and/or releasing updates to the DeFi protocol; and profit/fee structures. Given the current regulatory landscape, it's crucial for Frax to remain vigilant about its operations. As it stands, the Frax protocol operates in the absence of legal incorporation and in an environment where DeFi regulations remain unclear. This means that Frax, as a decentralized protocol, is currently not operating under any specific Virtual Asset Service Provider (VASP) regime. While this presents a unique advantage in terms of flexibility and independence, it also poses significant regulatory risks. It is paramount for Frax to remain proactive in evaluating its functions, operations, and relationships to determine whether any part of its operations could be construed as providing or facilitating VASP services. This would be of high importance to follow best practices in regulatory compliance and be prepared for any possible changes in regulatory standards in the future. ### 5.4.3 Enforcement Actions As of the date of this document's latest revision, we can affirm that there are no known enforcement actions or regulatory sanctions in place against Frax Finance or persons associated with the project. ### 5.4.4 Sanctions Many DeFi protocol terms clearly specify their restrictions in relation to individuals or entities subject to economic sanctions. They expressly prohibit access to their services by those who are the target of any sanctions administered by recognized authorities like the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the United Nations Security Council, the European Union, or Her Majesty’s Treasury. It is also common practice to restrict access to services by individuals or entities located in certain countries that are subject to international sanctions. Frax's terms of use do not include explicit restrictions of access to its services by sanctioned persons or residents of sanctioned countries. While this may not necessarily indicate a lack of compliance, the absence of such clauses might create ambiguity and potential enforcement risk. Without clear prohibitions, Frax may unintentionally provide services to sanctioned persons or entities, which could expose Frax to unnecessary legal and regulatory risks. Frax team assured us that, to the best of their knowledge, no sanctioned addresses have ever connected to their front-end servers. This doesn't give us a complete picture of the measures implemented to ensure compliance with sanctions obligations. Importantly, they have not disclosed whether they have implemented specific software solutions or automated checks to detect and prevent access from sanctioned addresses or regions. It is therefore uncertain how they monitor or verify the non-engagement of sanctioned addresses. ### 5.4.5 Liability Risk A variety of disclaimers significantly insulate Frax Finance from various forms of liability. - A segment absolving Frax Finance from any liability due to inaccurate, inappropriate, or objectionable content within the service. - No Fiduciary Relationship or Advice: Frax Finance does not offer investment, financial, or trading advice. By emphasizing that users are solely responsible for their own investment decisions and any losses therefrom, Frax Finance disassociates itself from any liability arising from user actions. - A clause requiring the user to protect (indemnify) and hold Frax Finance harmless against any claims, actions, investigations, demands, suits, costs, expenses, and damages related to their use of Frax Finance Services. If a user breaches the terms or violates any law or rights of third parties, this indemnification clause can act as a powerful shield for Frax Finance against potential lawsuits and damages. - Disclaimer of Warranties: This implies that Frax Finance provides its services and materials "as is" and "as available", without any guarantee of their accuracy, completeness, reliability, currentness, or freedom from errors or harmful components. Any loss or damage arising out of inaccuracies, defects, omissions, errors, delays, interruptions, maintenance, unauthorized actions, or other exceptions are not Frax Finance's responsibility. However, it's important to note that the disclaimer of implied warranties may not apply where prohibited by applicable law in certain jurisdictions. - Disclaimer of Damages and Limitation of Liability: This segment absolves Frax Finance and its affiliates from any liability for incidental, indirect, special, punitive, consequential or similar damages arising from the use of its services or any other product, service, or other items it provides. Frax Finance's liability, if any, is limited to the amount of fees paid by the user to Frax Finance under the terms in the twelve-month period immediately preceding the event giving rise to the claim for liability. This last provision sets a clear limit to potential financial liability. It's important to note that enforceability of terms, respectively applicability of liability limitations may vary based on jurisdiction and the specific circumstances of each case. Mandatory individual [arbitration clause](https://app.frax.finance/terms#:~:text=PLEASE%20READ%20THESE,OR%20CLASS%20ACTIONS) means that any dispute between a user and Frax Finance must be resolved by individual arbitration, and not by a court or jury trial. This process is mandatory, meaning it's a prerequisite to using the services offered by Frax Finance. The Terms require that any dispute with Frax Finance must be resolved on an individual basis via arbitration, not through court proceedings, jury trials, or class action lawsuits. It is notable that the arbitration clause does not specify a choice of arbitration body or governing law. This absence may be seen as a deficiency in the clause. Without clear information on the chosen arbitration institution or the legal framework under which arbitration would take place, ambiguity arises. This may lead to further disputes over the arbitration process itself, such as where the arbitration will occur, what rules will apply, how the arbitrator will be selected, and the law under which the dispute will be adjudicated. ### 5.4.6 Adverse Media Check Adverse media screening shows no allegations that report on any involvement of Frax Finance, its associates or related entities in activities such as money-laundering, corruption, sanctions exposure, threat financing, or any other forms of unlawful activity. Our check-up did not return any matches suggestive of Frax being involved in criminal activities. # Section 6: Risk Management This section will summarize the findings of the report by highlighting the most significant risk factors in each of the three risk categories: Market Risk, Technology Risk, and Counterparty Risk. ### 6.1.1 Market Risk **LIQUIDITY: Does the LSD have a liquid market that can facilitate liquidations in all foreseeable market events?** frxETH can be considered not only an ETH liquid staking token but also a liquidity management protocol, thus setting it apart from its competitors. This gives Frax a unique advantage to grow and sustain its liquidity depth through its AMO activities in the Curve frxETH/ETH pool and other liquidity venues. Although the total frxETH marketshare is fairly low (2.31%), its available on-chain liquidity makes up a large proportion of its marketcap. Whereas stETH has ~$425m on-chain liquidity on $14.39b in TVL (3% of TVL), Frax has ~$75m on-chain liquidity on $448m TVL (>16% of TVL). Despite frxETH having 5% of the TVL compared to stETH, it has 25% the liquidity depth (a $50m frxETH>ETH swap produces 1% slippage compared to $300m stETH>ETH swap). Available liquidity is dependent on Frax's ability to incentivize its frxETH pools, but the protocol model is highly focused on ensuring deep liquidity. **VOLATILITY: Has the LSD had any significant depeg event (post merge)?** As with frxETH liquidity, the Frax liquidity management focus has kept frxETH remarkably on peg, especially compared to competitors such as stETH and cbETH. Users should be aware that price stability comes as a cost of trusting the Frax team to responsibly manage liquidity. As a recent example, the Curve pool became somewhat imbalanced in mid-June. In response, the frxETH Treasury increased the ETH withheld on frxETH deposits to 70%. This allowed the treasury to divert user deposits toward balancing the pool. It is possible that redemption demand becomes excessive enough that Frax must exit validators to balance the pool. This process can be time consuming, especially if network-wide withdrawal demand is high. The responsibility of maintaining price stability is therefore the burden of the frxETH treasury and Frax team as operators of the frxETH validators, and it is possible that poor management could result in increased volatility. ### 6.1.2 Technology Risk **SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?** There has only been one audit of frxETH and sfrxETH by [code4rena](https://code4rena.com/reports/2022-09-frax) on 29th of November, 2022 (contest taking place from 22nd to 25th September). The frxETH code heavily borrows from Frax and FPI stablecoins. Both of these are battle tested and have gone through extensive audits. **DEPENDENCIES: Does the analysis of dependencies (e.g. oracles) suggest any cause for concern?** There is no Chainlink pricefeed available for frxETH at this time, although the Frax team has said they are working to introduce one. For now, the two pricefeed options are a UniswapV3 frxETH/FRAX TWAP oracle and a Curve frxETH/ETH EMA oracle. Curve is currently recommending third parties to not integrate the EMA oracle, as it can be manipulable over multiple blocks, especially in low-volume pools. Curve is working to move to a new pool implementation that ameliorates this concern. For now, there is not a pricefeed solution that can be considered highly reliable, although there appear to be active efforts to rectify this. ### 6.1.3 Counterparty Risk **CENTRALIZATION: Are there any significant centralization vectors that could rug users?** The 3-of-5 frxETH Treasury multisig is responsible for protocol operations and funds management. All user funds are managed by this multisig and by ETH staking validators operated by the Frax team. The total value managed by the Frax team (which can potentially be rugged) is currently [$437m](https://debank.com/profile/0x8306300ffd616049FD7e4b0354a64Da835c1A81C). While Frax has expressed an intention to upgrade funds management to an on-chain DAO governed by veFXS tokenholders, including having open sourced code for the upgrade, they have so far not begun the governance upgrade process. It is unknown when the upgrade will take place. Llama Risk began covering Frax in 12/21, and at that time the upgrade was planned for Q2 '22. The roadmap for the upgrade has since been delayed at least a year. Frax has also announced plans for a frxETH v2 that would behave as a collateralized lending market that diversifies the frxETH node operator set. The timeline for this upgrade is unknown. **LEGAL: Does the legal analysis of the protocol suggest any cause for concern?** Frax operates as a DAO with no legal entity. It is possible a DAO could be considered an “unincorporated general partnership” with uncertain consequences. In the most extreme case, a member of the DAO could be held liable for all the debts and legal issues faced by the DAO. Frax has not had any enforcement actions against it, although due to factors such as the centralization of operations and funds management along with questionable sanctions compliance, Frax may be exposed to regulatory risk. Individuals who are creators, owners, operators, or others who maintain control or wield substantial influence over the Frax protocol may fall under the FATF’s definition of a VASP ("Virtual Asset Service Provider") and would be required to comply with regulatory guidelines. Frax does not appear to track addresses for sanctions compliance, nor does its terms of use include explicit restrictions of access to its services by sanctioned persons or residents of sanctioned countries. While this may not necessarily indicate a lack of compliance, the absence of such clauses might create ambiguity and potential enforcement risk. ### 6.1.4 Risk Rating Based on the risks identified for each category, the following chart summarizes a risk rating for wstETH as collateral. The rating for each category is ranked from excellent, good, ok, and poor. - We rank sfrxETH as **excellent on liquidity** because relative to its marketcap, frxETH has very deep market depth that provides strong assurances of liquidity in nearly all foreseeable market circumstances. - We rank sfrxETH as **excellent on volatility** because Frax places a strong emphasis on maintaining price stability through its Curve pool integration that creates a stronger assurance than competitors. - We rank sfrxETH as **good on smart contract** because it has undergone one audit but contracts have only been on mainnet since October '22 and therefore are still somewhat immature. - We rank sfrxETH as **ok on dependencies** because there is no highly reliable price feed available currently. However, Frax is actively working on a Chainlink feed and Curve is actively working to improve its EMA oracle. - We rank sfrxETH as **ok on decentralization** because there is a significant trust assumption in the Frax team to responsibly and honestly manage ~$437m worth of user funds. The team has a roadmap to decentralize, although they have a history of postponing decentralization efforts. - We rank sfrxETH as **ok on legal** because it is susceptible to enforcement action due to centralization of core managing functions in the hands of a few team members, and yet it has not formed any legal entity or implemented any sanctions compliance measures. <!--  --> <iframe src='https://flo.uri.sh/visualisation/14951150/embed' title='Interactive or visual content' class='flourish-embed-iframe' frameborder='0' scrolling='no' style='width:100%;height:600px;' sandbox='allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation'></iframe><div style='width:100%!;margin-top:4px!important;text-align:right!important;'><a class='flourish-credit' href='https://public.flourish.studio/visualisation/14951150/?utm_source=embed&utm_campaign=visualisation/14951150' target='_top' style='text-decoration:none!important'><img alt='Made with Flourish' src='https://public.flourish.studio/resources/made_with_flourish.svg' style='width:105px!important;height:16px!important;border:none!important;margin:0!important;'> </a></div> Our overall assessment is that sfrxETH performs well on market risk factors (liquidity and volatility) and poor on counterparty risk factors (decentralization and legal) relative to competitors wstETH and cbETH. We scored sfrxETH lower on dependencies because it does not have a highly reliable pricefeed at this time, although this is likely a problem that will be resolved in the near term. The clear advantage of sfrxETH is the focus Frax places on ensuring deep liquidity through its liquidity management operations. This should allow it to immediately process withdrawal demand in most market scenarios through the managed Curve pool, and otherwise provide users with an assurance that Frax will restore the balance in uncommon situations involving significant liquidations and/or withdrawal demand. Care should be taken to limit exposure to sfrxETH for the primary reasons: - There is no highly reliable pricefeed for frxETH at this time. - There is significant counterparty risk due to a high level of centralization in frxETH contract operations, validator operations, and funds management. Both of the primary concerns are points that the Frax team has publicly stated they are working to resolve, including announcements of a [frxETH v2](https://medium.com/coinmonks/introducing-frxeth-v2-the-evolution-of-decentralized-lending-markets-and-stablecoins-142b52b5f81e) involving a decentralized node operator set and open sourcing the [GitHub repo](https://github.com/FraxFinance/frax-governance) for decentralized governance. Assuming both upgrades are successful, sfrxETH may become the most desirable LSD from a risk perspective. Until then, there is substantial counterparty risk and it is recommended to limit protocol exposure to sfrxETH as a collateral asset.