DeFiPunk'd

Ondo Finance

2 deployments · $3.9B aggregate TVL · RWA

Deployments

Each deployment is rated independently. Pick one to see its rating, risk analysis, and stage.
TVL $2.7B
Type RWA
Chains Ethereum, Stellar, Ripple, Sei, Solana +7
View on DeFiLlama ↗
Control — tentative red (3/3 models submitted) Ability to exit — tentative red Autonomy — tentative red Open Access — tentative red Verifiability — tentative orange Control Exit Autonomy Open Access Verifiable
Control criteria
Upgradeability Upgradeable Bug bounty immunefi.com Governance forum Docs docs.ondo.finance
About

Ondo Yield Assets include tokenized yield products such as OUSG and USDY. Users subscribe or redeem through manager contracts that mint or burn yield-bearing or rebasing tokens against accepted payment assets, with compliance, registry, oracle, and rate-limit modules wired into the flow.

Risk analysis

One card per dimension, sorted by severity. Only Verifiability and Autonomy carry automated signals in Phase 0. See methodology for scope.

Audit a dimension yourself · DEFI@home Contribute an LLM-run assessment — any model, any dimension. Three agreeing runs merge automatically into the public record.

DEFI@home is a distributed audit network modeled on SETI@home: instead of CPU cycles, it crowdsources LLM reasoning. Paste a slice prompt into Claude, ChatGPT, Gemini, or any browsing-capable model, and submit the JSON output as a pull request. The quorum bot merges it once ≥3 independent runs (from different models) reach the same grade — no single model, and no single contributor, can move the needle alone. How it works →

  • Address discovery 48 addresses on file · 1 run Submit run ↗
  • Verifiability ✓ 4/4 models agree AI-only weak orange — weak consensus margin Submit run ↗
  • Control 3/3 submitted Submit run ↗
  • Ability to exit ✓ 3/3 models agree AI-only weak red — weak consensus margin Submit run ↗
  • Autonomy ✓ 3/3 models agree AI-only weak red — weak consensus margin Submit run ↗
  • Open Access ✓ 3/3 models agree AI-only weak red — weak consensus margin Submit run ↗
  • Audit all 5 dimensions · one prompt Submit run ↗
  1. Verifiability tentative 4/4 models agree AI-only 3/4 with chat share link
    Core InstantManager + OUSG token exact-match verified with recent recognized audits; OndoIDRegistry implementation appears unverified
    Verdict

    Choosing orange because the InstantManager source is exact-match verified, multiple recognized-firm audits cover the current deployment generation (Spearbit Mar/May 2025, Halborn Feb 2025), and most peripheral contracts are verified — but the OndoIDRegistry's implementation 0x136f28d6…d05213 appears to lack a verified ABI source (per the defipunkd 'No verified ABI found' fall-through), which is a real V6 hole on a contract that decides who can mint/redeem. That mix is squarely the orange criterion 'some of the main contracts are verified' / 'proxy verified but implementation only partially verified', not red (since the core fund-handling code is verified) and not green (since one main contract's implementation isn't).

    Steelman argument
    Steelman argument Most contracts (OUSG token, OUSG_InstantManager, OndoOracle, USDY Blocklist, USDY proxy) are verified through to their implementations, multiple recent recognized-firm audits exist, and the only verifiability gap is a single proxy implementation — fits the orange criterion 'some main contracts verified' with a real but bounded gap.
    Evidence (8)
    V1
    OUSG_InstantManager (0x9335…2643a) is verified on Etherscan as 'Contract Source Code Verified (Exact Match)' — Contract Name: OUSG_InstantManager, Solidity 0.8.16, optimized, london EVM. Source visible in 47 files.
    V1
    OUSG token (0x1B19…ee92) is verified on Etherscan as a TransparentUpgradeableProxy and defipunkd's auto-resolver successfully merged its implementation ABI (0x1CEB44b6…f3Ff) — exposing MINTER_ROLE, BURNER_ROLE, PAUSER_ROLE, KYC_CONFIGURER_ROLE — which is only possible if the implementation is itself verified on a recognized source (Etherscan or Sourcify).
    V1
    OndoOracle (0x9Cad…b4094), USDY Blocklist (0xd8c8…B0a8), USDY token (0x96F6…985C — proxy), and the 1-of-2 Safe (0x99ca…1173 — SafeProxy → 0x4167…461a) are all verified on Etherscan/Sourcify per the defipunkd surfacer entries that returned non-empty ABI.
    V2
    Etherscan shows the verified source for OUSG_InstantManager uses BUSL-1.1 SPDX header attributed to Ondo Finance. The matching Ondo public repo for the new xManager architecture was not located via web search this run (the older OUSGInstantManager is in code-423n4/2024-03-ondo-finance; the new BaseRWAManager / xManager pattern does not have an obvious mirror in ondoprotocol/tokenized-funds or ondoprotocol/usdy). No commit SHA was pinned.
    V3
    Ondo's audit index at /audits lists multiple Ondo-Funds / USDY audits including March 2025 Spearbit (Cantina-hosted), May 2025 Spearbit (per the pinned audit_links), February 2025 Halborn, April 2024 Code4rena, April 2024 Cyfrin, September 2023 Code4rena, January 2023 Code4rena, August 2023 Zokyo. The March 2025 Spearbit PDF is present in the spearbit/portfolio repo. Audit coverage spans multiple deployment generations.
    V4
    Recognized firms with audits in the past 12 months relative to analysis_date: Spearbit (March 2025, May 2025) and Halborn (February 2025). Cyfrin (April 2024) and Code4rena (2023, 2024) provide earlier coverage. Spearbit and Halborn are listed in the slice's recognized-firms set.
    V5
    The current OUSG_InstantManager (0x9335…2643a) was deployed ~364 days before fetch (Mar 2025). The March 2025 and May 2025 Spearbit audits are temporally aligned to this deployment generation, but I did not open either PDF body this run, so I cannot confirm in-scope file list / commit pinning. No material drift signal was inspected.
    V6
    OndoIDRegistry (0xcf69…D97df) — a critical contract that gates every user action — is a verified TransparentUpgradeableProxy whose implementation is 0x136f28d6…d05213. defipunkd's read API responded with 'No verified ABI found for 0xcf6958D69d535FD03BD6Df3F4fe6CDcd127D97df on chainId 1 (etherscan + sourcify both failed)' for the merged proxy-aware ABI, which strongly suggests the implementation 0x136f28d6… is not verified on either Etherscan or Sourcify. Per the V1 rule 'A verified proxy with an unverified implementation is effectively unverified,' this is a V6 fail on a contract that determines admission to the protocol.
    Why is this consensus tentative?
    • weak consensus margin

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources claude-opus-4-7 url ↗ gpt-5.5-thinking url ↗ claude-sonnet-4-6 (autorun) no url grok-built-by-xai url ↗ View raw submissions ↗
  2. Control 3/3 models submitted
    Control cannot be graded: OUSG/USDY managers expose broad pause/configuration powers, but proxy admins, role holders, and execution delays were not fully recoverable.
    Tentative grades
    • gpt-5.5-thinking unknown
    • claude-opus-4-7 red
    • grok-built-by-xai orange

    No quorum yet — verdict and steelman hidden until ≥3 models agree.

    Evidence (19)
    C1
    The current OUSG InstantManager exposes AccessControl-style DEFAULT_ADMIN_ROLE, CONFIGURER_ROLE, PAUSER_ROLE, and ADMIN_SUBSCRIPTION_ROLE constants, but this run did not recover the accounts holding those roles.
    C1
    The current USDY InstantManager exposes the same AccessControl-style role constants and manager dependencies, but this run did not recover role members.
    C2
    The OUSG and USDY token addresses are TokenProxy contracts exposing changeAdmin, upgradeTo, and upgradeToAndCall, but admin() and implementation() reads reverted through the surfacer, so the proxy admin and implementation were not determined.
    C6
    The OUSG and USDY InstantManagers expose pauseRedeem and pauseSubscribe as write methods, while redeemPaused and subscribePaused were false at the pinned block.
    C7
    The OUSG and USDY InstantManagers expose configuration methods including setOndoOracle, setOndoCompliance, setOndoIDRegistry, setOndoRateLimiter, fee setters, token-router setters, and pauseRedeem; these are potentially T1/T2 surfaces, but holder and delay information was incomplete.
    C1
    OUSG_InstantManager (0x9335…2643a) is an AccessControlEnumerable contract with DEFAULT_ADMIN_ROLE (set oracle/compliance/IDRegistry/router/fees, accept tokens, unpause, retrieveTokens, grantRole), PAUSER_ROLE (pause subscribe/redeem with no time cap), CONFIGURER_ROLE (min deposit/redemption/RWA price), and ADMIN_SUBSCRIPTION_ROLE (mint OUSG to KYC'd recipients). DEFAULT_ADMIN_ROLE was granted in the constructor to a `_defaultAdmin` address passed by the deployer; the contract creator is 0x094Bee6b…0482882 (Ondo Finance EOA-style deployer).
    C1
    OUSG token (0x1B19…ee92) is a TransparentUpgradeableProxy → implementation 0x1CEB…f3Ff. Live state at block 25045915 shows MINTER_ROLE, BURNER_ROLE, PAUSER_ROLE, KYC_CONFIGURER_ROLE all defined and paused()=false. MINTER_ROLE holders can mint unbacked supply; PAUSER_ROLE holders can pause every transfer; KYC_CONFIGURER_ROLE can swap the kycRegistry (currently 0x56A5…463e7) to a registry under their control.
    C2
    OUSG token, USDY token (0x96F6…985C), OUSG_InstantManager, OndoIDRegistry (0xcf69…D97df) are all TransparentUpgradeableProxy. The EIP-1967 proxy admin slot on the OUSG token's constructor bytecode contains an address (concrete value masked behind admin-only `admin()` getter), and the proxy exposes `changeAdmin`, `upgradeTo`, `upgradeToAndCall` — proxy admin can replace any of these implementations with arbitrary bytecode. This is upgradeable in the strict sense; not 'mixed'.
    C3
    No timelock contract is present on any privileged path. Admin / pauser / configurer functions on OUSG_InstantManager, on the OUSG token, on OndoOracle, on USDY Blocklist execute immediately on the next block. The grading delay on the uncontested fast path is 0 seconds.
    C4
    USDY Blocklist (0xd8c8…B0a8) is Ownable2Step; owner is 0x99ca4f54…FD1173 — a Gnosis Safe v1.4.1 with threshold=1 and 2 owners (0xae82…5416, 0x72BB…9aFD). Any single signer of those two EOAs can call addToBlocklist(address[]) to freeze any USDY holder (USDY's transfer hook reverts when isBlocked returns true). This is a single-signature freeze key on a T1 path. Identity classification of the two signer EOAs is not on-chain — treated as insider by default for an Ondo-operated key.
    C5
    No on-chain Governor / GovernorBravo / OZ Governor / Aragon Voting contract was discovered for OUSG or USDY administration. The ONDO ERC-20 token (0xfABA…BE3) exists but Ondo's docs at /trust-and-security describe a traditional GP/LP fund structure (Ondo I LP, GP = Ondo I GP LLC, Investment Manager = Ondo Capital Management LLC) with no on-chain DAO vote in the upgrade path.
    C6
    Pause is split across PAUSER_ROLE on the InstantManager (gates subscribe / redeem) and PAUSER_ROLE on the OUSG token itself (gates ALL transfers including secondary). No documented time cap on either pause and no separate guardian role with a different actor than the main admin.
    C7
    Highest reachable T1 functions on the uncontested fast path: (a) the proxy admin can call upgradeToAndCall on the OUSG token / OUSG_InstantManager / USDY / OndoIDRegistry, replacing fund-handling logic with arbitrary code; (b) DEFAULT_ADMIN_ROLE on OUSG_InstantManager can call setOndoOracle to point at an attacker-controlled oracle and reprice subscriptions/redemptions; (c) MINTER_ROLE on the OUSG token can mint unbacked supply; (d) DEFAULT_ADMIN_ROLE on OUSG_InstantManager can call retrieveTokens(address,address,uint256) to sweep any ERC-20 balance the contract is currently holding; (e) the 1-of-2 Safe owning the USDY Blocklist can freeze any USDY address. All execute with 0-second delay. Ondo's own 2024-03 Code4rena scope acknowledged exactly this centralization.
    C1
    OUSG token (0x1B19C19393e2d034D8Ff31ff34c81252FcBbee92) is TransparentUpgradeableProxy; proxy admin is ProxyAdmin at 0xBA80Aa44cC25E85CC30359150dfB1C7D041CF6d5 whose owner()=0xAEd4caF2E535D964165B4392342F71bac77e8367 (Ondo Finance: Management Multisig, 4-of-7 Safe v1.3.0) per /api/contract/read and Etherscan. Evidence: https://defipunkd.com/api/contract/read?chainId=1&address=0xBA80Aa44cC25E85CC30359150dfB1C7D041CF6d5&method=owner ; https://etherscan.io/address/0x1B19C19393e2d034D8Ff31ff34c81252FcBbee92 ; https://etherscan.io/address/0xBA80Aa44cC25E85CC30359150dfB1C7D041CF6d5
    C2
    OUSG token upgradeable via Transparent proxy; ProxyAdmin owned by 4-of-7 multisig. InstantManager (0x93358db73B6cd4b98D89c8F5f230E81a95c2643a) not proxy but critical for subscribe/redeem. OUSG Holdings 1 multisig (0x72Be8C14B7564f7a61ba2f6B7E50D18DC1D4B63D) is 3-of-5 Safe v1.3.0. Evidence: https://defipunkd.com/api/safe/owners?chainId=1&address=0x72Be8C14B7564f7a61ba2f6B7E50D18DC1D4B63D ; https://defipunkd.com/api/safe/owners?chainId=1&address=0xAEd4caF2E535D964165B4392342F71bac77e8367 ; Etherscan proxy details.
    C3
    No on-chain timelock observed on ProxyAdmin upgrade path or InstantManager role actions (pauseSubscribe/pauseRedeem, set oracle/fees/compliance/router). ONDO Governor path has ~1-day timelock per public descriptions (unverified on-chain constants in this run). Upgrade/config/pause paths appear direct or role-gated without mandatory delay. Evidence URLs above + https://ondo.finance ; search results on Governor Bravo structure.
    C4
    Key multisigs: (1) Management Multisig 4-of-7 (owns ProxyAdmin, controls OUSG upgrades) -- one overlapping owner with (2) OUSG Holdings 1 multisig 3-of-5 (recipient/holdings). InstantManager DEFAULT_ADMIN_ROLE held by EOA 0x094bee6b74ec29d32869ae3140a659cac0482882 at deployment (roles: PAUSER_ROLE for pause redeem/subscribe; CONFIGURER_ROLE for oracle/fees/limits/compliance/router). No confirmed Security Council (≥7 signers, ≥51% threshold, ≥50% non-insider, public). Evidence: https://etherscan.io/address/0xAEd4caF2E535D964165B4392342F71bac77e8367 ; https://defipunkd.com/api/safe/owners?chainId=1&address=0xAEd4caF2E535D964165B4392342F71bac77e8367 ; Etherscan InstantManager roles + constructor admin.
    C6
    InstantManager exposes PAUSER_ROLE (pauseRedeem, pauseSubscribe, unpause) separate from DEFAULT_ADMIN. No explicit time cap or governance-only path confirmed for pause; role can be granted/revoked by DEFAULT_ADMIN holder. Evidence: Etherscan read of OUSG_InstantManager ABI and roles (PAUSER_ROLE, CONFIGURER_ROLE, ADMIN_SUBSCRIPTION_ROLE).
    C7
    Highest tier on fast path: T1 (pause redemptions/subscriptions on fund-exposure token; config oracle/fees/compliance that affect mint/redeem integrity; upgrade token implementation via multisig-controlled ProxyAdmin). T2 also reachable (fees, limits, accepted tokens). 4-of-7 multisig improves on EOA but lacks confirmed broad non-insider distribution or Security Council criteria. ONDO Governor path T3-ish but high thresholds + concentration noted publicly.
    Why is this slice uncertain?
    • only 3 of 3 model submissions on record — quorum requires ≥3 agreeing models
    • submitted models do not yet agree on a single grade

    A fresh independent run can establish (or overturn) a verdict.

    Run your own prompt Submit run ↗
    Sources gpt-5.5-thinking url ↗ claude-opus-4-7 url ↗ grok-built-by-xai url ↗ View raw submissions ↗
  3. Ability to exit tentative 3/3 models agree AI-only 3/3 with chat share link
    Redeem is permissioned, indefinitely pausable, and Ondo can revoke a user's KYC at any time to lock their balance
    Verdict

    Choosing red because the rubric's red criteria 'ANY actor (including governance) can pause CLAIMS of finalized exits indefinitely' and 'exit requires admin signature' are both satisfied directly: PAUSER_ROLE can pauseRedeem() with no time cap, and `_processRedemption` reverts when `ondoCompliance.checkIsCompliant` or `ondoIDRegistry.getRegisteredID` fails — both of which are admin-controlled and observed being written by an operator EOA (0x059bC3Db…ba1eB61a9) hourly. The protocol's own acknowledged behaviour is that a de-listed user's balance is locked, which is materially custodial.

    Steelman argument
    Steelman argument Three independent on-chain levers permanently lock a user's exit: (a) PAUSER_ROLE pauses redeem with no time cap; (b) DEFAULT_ADMIN_ROLE on the InstantManager can swap the OndoCompliance / OndoIDRegistry contracts; (c) the USDY Blocklist owner (a 1-of-2 Safe) can add the holder. Ondo's own 2024-03 Code4rena scope acknowledged 'If someone gets sanctioned … or removed from Ondo Finance's KYC Registry their funds are locked.'
    Evidence (7)
    E1
    User-facing exit functions on OUSG_InstantManager (0x9335…2643a): redeem(uint256,address,uint256) and redeemRebasingOUSG(uint256,address,uint256). No on-chain 'claim already-finalized exit' function — every redeem is a new request that pulls from the OndoTokenRouter at call time. USDY/rUSDY redeem flows go through USDY_InstantManager (0xa42613C2…). OUSG and USDY ERC-20 tokens additionally have their own pausable transfer surface — pause() / unpause() on the token contracts.
    E2
    redeem and redeemRebasingOUSG both run through BaseRWAManager._processRedemption, which is guarded by `whenRedeemNotPaused` (reverts if redeemPaused=true) AND requires `ondoCompliance.checkIsCompliant(rwaToken, _msgSender())` to succeed AND requires `ondoIDRegistry.getRegisteredID(rwaToken, _msgSender()) != bytes32(0)`. If a user is removed from the ID registry or marked non-compliant between subscribing and redeeming, their redeem will revert — their balance is locked on-chain.
    E3
    PAUSER_ROLE on OUSG_InstantManager calls pauseRedeem() with no on-chain time cap; only DEFAULT_ADMIN_ROLE can unpause via unpauseRedeem(). PAUSER_ROLE on the OUSG token (0x1B19…ee92) can pause() the token itself, blocking all transfers and effectively freezing redemption claims. State at block 25138750: redeemPaused=false; state at block 25045915: token paused=false.
    E4
    There is no separate fast-acting emergency-pause with a time cap distinct from the indefinite governance pause. The same PAUSER_ROLE can pause and stay paused until DEFAULT_ADMIN_ROLE chooses to unpause.
    E5
    Redemption queue mechanics: instant redemptions happen at call time, but if the OndoTokenRouter does not hold sufficient USDC/PYUSD at withdrawal time (since the underlying assets are off-chain at Coinbase Prime), the call reverts via OndoTokenRouter.withdrawToken. Minimum redemption is $4,999.99 USD (minimumRedemptionUSD=4999990000000000000000 / 1e18). An on-chain rate limiter (ondoRateLimiter at 0x98Db…003c) caps per-user and global redemption USD value per window — discovered as a sibling contract on the InstantManager surfacer but its limit values were not re-read this run.
    E6
    No permissionless escape-hatch / forced-exit / on-chain redemption guarantee in the deployed code. There is no function callable by an arbitrary user (or by the holder unconditionally) that bypasses the pause guard, the KYC check, or the rate limiter to claim against off-chain collateral. USDY additionally enforces an isBlocked check via the Blocklist (0xd8c81…B0a8) on every transfer; the Blocklist is owned by a 1-of-2 Safe (see control slice).
    E7
    Exit functions are directly callable on-chain via Etherscan write tab or any wallet — the redeem method is permissionless from a frontend perspective (no Ondo-domain frontend required). Etherscan history at the InstantManager shows repeated direct `Redeem` and `Subscribe` calls from many different EOAs, confirming users can interact without the official app. However, the on-chain ACL gates above (E2, E3) still apply.
    Why is this consensus tentative?
    • weak consensus margin

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources claude-opus-4-7 url ↗ gpt-5.5-thinking url ↗ grok-built-by-xai url ↗ View raw submissions ↗
  4. Autonomy tentative 3/3 models agree AI-only 3/3 with chat share link
    Principal sits with off-chain Coinbase Prime custodian and the OndoOracle price is admin-settable with no on-chain fallback — ~100% TVS at risk under those dependencies
    Verdict

    Choosing red because the protocol's stated architecture (per /trust-and-security) places ~all user principal in off-chain custody at Coinbase Prime / BlackRock / Fidelity / Franklin Templeton / WisdomTree, with no on-chain fallback giving holders direct claim over those reserves and no timelocked exit window before an admin-driven oracle/compliance swap — the rubric's red criterion 'failure of an external dependency CAN cause theft or loss of principal' is met directly. The orange steel-man rests on the *quality* of the off-chain counterparties; the rubric grades on the structural dependency, not on counterparty creditworthiness.

    Steelman argument
    Steelman argument Failure of the off-chain Coinbase Prime custodian, of BlackRock BUIDL, or of the Ondo legal entity directly results in loss of OUSG/USDY principal — the on-chain contracts cannot recover funds that sit in TradFi accounts they don't control — and the admin can hot-swap the price oracle to mis-redeem holders with no delay, so impacted TVS under the worst single-dependency failure is effectively ~100%.
    Evidence (10)
    A1
    Critical external on-chain reads from OUSG_InstantManager: (i) OndoOracle (0x9Cad…b4094) for the RWA price via getAssetPrice(rwaToken) and for accepted deposit-token prices; (ii) OndoTokenRouter (0x99B8…D7bC) for moving USDC/PYUSD in and out; (iii) OndoCompliance (0x156F…1002) and OndoIDRegistry (0xcf69…D97df) for permissioning. The OndoOracle itself contains write functions setHardcodedPrice / setTokenToAggregatorV3Oracle / setTokenToRWAOracle that allow admin roles to replace the price source for any token instantly.
    A1
    Critical OFF-chain dependency (documented at /trust-and-security): all OUSG user principal flows to the Coinbase Prime custodian account at 0xF67416a2…cf8856c, and the majority of the OUSG fund's assets are held off-chain at BlackRock (BUIDL), Fidelity, Franklin Templeton, WisdomTree — i.e., the on-chain ERC-20 is a receipt for an off-chain pool. USDY's USDC deposits flow to Coinbase Prime at 0xbDa73A0F…Edae28. If the custodian disappears or refuses to honour redemptions, the on-chain redeem path reverts at OndoTokenRouter.withdrawToken (no USDC to send) and the holder has no on-chain recourse.
    A2
    Off-chain reporter: the OndoOracle's RWA-oracle path for OUSG (legacy RateCheck oracle 0x0502…6abe was bounded to ±74 bps relative to BlackRock SHV ETF price moves, per the 2024-03 Code4rena scope). The CURRENT RWA oracle tied to the InstantManager was not re-read on-chain this run, but the architecture (admin can swap via setTokenToRWAOracle) makes the price source itself a privileged committee, not an independent feed.
    A3
    Cross-chain dependency: OUSG and USDY are bridged via Ondo Bridge LayerZero OFT Adapters (Ethereum 0xa6275…307D, Arbitrum/Mantle 0x0bE393DC…fbB41, Solana 7YNR…J2S3). Material TVL on Arbitrum/Mantle/Polygon/Plume/Sei/Sui/Aptos/Noble/Stellar copies of USDY rides on LayerZero's DVN+executor trust model. The Ethereum copy is the canonical mint/burn surface; the non-mainnet copies inherit LayerZero security on top of the off-chain custody risk.
    A4
    No nested-collateral / restaking chain — OUSG is a single-step receipt over off-chain treasuries; depth = 1 (USDC → receipt). rUSDY/rOUSG are rebasing wrappers but they don't add a new external trust party.
    A5
    Fork lineage: no notable fork — the xManager pattern is Ondo-authored. Skipped per A5 silent-check guidance.
    A6
    On-chain fallbacks present: (i) minimumRwaPrice (live value 110000000000000000000 = $110 with 18 decimals) — _getRwaPrice() reverts with RWAPriceTooLow if the oracle returns below this floor (a one-sided sanity check); (ii) OndoRateLimiter caps redemption throughput per window; (iii) accepted-tokens whitelist limits which ERC-20s can be deposited/redeemed. NOT PRESENT: a backup oracle, a circuit breaker that pauses on stale prices, an on-chain assertion that the off-chain custodian's balance is solvent, or a permissionless emergency exit against on-chain reserves only.
    A7
    Ondo Yield Assets is not its own L2/L3 — it deploys permissionlessly on third-party chains. Sequencer / DA risk on each chain (Arbitrum, Mantle, Polygon, Plume, Sei) is substrate per the rubric and not counted here.
    A8
    Off-chain operators in the steady-state path: (i) the OndoIDRegistry-writer EOA (0x059bC3Db…1eB61a9) must keep registering new KYC'd users for any new investor to onboard; (ii) the Ondo Capital Management team must keep posting RWA NAV updates to the oracle for the redemption price to stay current. Liveness failure of (i) blocks new subscriptions only (not existing exits); liveness failure of (ii) causes the redemption price to stagnate / go stale (impact is yield freeze, not principal loss, until the minimumRwaPrice floor or staleness check triggers).
    A9
    Governance-mutable external-dependency surface: DEFAULT_ADMIN_ROLE on OUSG_InstantManager can call setOndoOracle to swap the oracle wholesale, setOndoCompliance to swap the KYC checker, setOndoIDRegistry to swap the registry. The proxy admin can upgradeToAndCall the OUSG token to a malicious mint() implementation. All execute with 0 timelock — there is no exit window for users between the action and the effect.
    Why is this consensus tentative?
    • weak consensus margin

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources claude-opus-4-7 url ↗ gpt-5.5-thinking url ↗ grok-built-by-xai url ↗ View raw submissions ↗
  5. Open Access tentative 3/3 models agree AI-only 3/3 with chat share link
    On-chain ID-registry + compliance check is required at every subscribe/redeem; Ondo can revoke admission unilaterally
    Verdict

    Choosing red because the rubric's red criterion 'contract-level whitelist / KYC on user entry/exit' is satisfied verbatim — BaseRWAManager._processSubscription and _processRedemption revert UserNotRegistered when ondoIDRegistry.getRegisteredID returns bytes32(0), and that registry is exclusively written by Ondo. The 521 historical `Set User ID` transactions, all from a single Ondo-operated EOA, confirm this is the live admission gate. The orange steel-man would require the gate to be incidental to the official frontend; here the gate is in the deployed contract.

    Steelman argument
    Steelman argument The contract literally reverts every subscribe and redeem call from an address not in the OndoIDRegistry — there is no permissionless interaction path under any frontend, SDK, or aggregator, and the registry is written exclusively by Ondo's operator EOA.
    Evidence (7)
    A1
    OUSG_InstantManager._processSubscription / _processRedemption (verified source on Etherscan) both call `ondoCompliance.checkIsCompliant(rwaToken, _msgSender())` (which reverts ComplianceCheckFailed if not compliant) AND read `bytes32 userId = ondoIDRegistry.getRegisteredID(rwaToken, _msgSender())` then revert UserNotRegistered if `userId == bytes32(0)`. These are not modifier-style allowlists — they are state reads gated by a registry that Ondo writes to. Same pattern applies to USDY_InstantManager.
    A2
    Admission is conditioned on Ondo's operator EOA (0x059bC3Dbe522Da79B346643D420e927ba1eB61a9 observed making 20+ `Set User ID` calls in the 36 hours before fetch on OndoIDRegistry 0xcf69…D97df). Replacement procedure for that operator is on-chain (whoever holds the writer role on OndoIDRegistry can grant it elsewhere) but the *admission* of any new user depends on Ondo's off-chain KYC pipeline producing a userId for them — there is no permissionless route to register.
    A3
    Off-chain frontend (ondo.finance) is one path to interaction, but the InstantManager is callable directly via Etherscan write tab — the OUSG_InstantManager transaction history shows direct `Subscribe` and `Redeem` calls from many distinct EOAs (e.g. ENS-named rangwalla.eth, plus EOAs 0x0B07cCDd…66238, 0xA1b40f6b…33D60, 0xbd9676EA…fB03 in the 30 days before fetch). Frontend ToS was not extracted verbatim this run.
    A3b
    Independent access paths: (i) direct Etherscan write — confirmed by historical txs; (ii) USDY explicitly has a documented developer-integration guide at /developer-guides/usdy-instant-manager-integration intended for third-party protocols. So once a wallet is on the OndoIDRegistry, multiple paths exist. The gating is at the contract layer, not the publisher layer.
    A4
    USDY additionally enforces an on-chain blocklist via the Blocklist contract (0xd8c81…B0a8); the USDY transfer hook reads isBlocked(addr) for sender and receiver. The OUSG side uses the OndoIDRegistry as the positive-list (allowlist), not the blocklist pattern.
    A5
    Read access (balanceOf, totalSupply) is fully public — anyone can query OUSG/USDY balances. Write access (subscribe, redeem, transfer) is permissioned for both OUSG (via OndoIDRegistry+OndoCompliance) and USDY (via Blocklist + sanctions check).
    A6
    Ondo's /trust-and-security page states OUSG is sold under Reg D 506(c) to 'verified Accredited Investors as defined in Regulation D' and to 'Qualified Purchasers as defined in the 40 Act … customer due diligence for anti-money laundering, countering terrorist financing, and sanctions compliance'. USDY is offered under Reg S, only to 'non-US persons in transactions outside the US'. These are not just frontend ToS — they are the rationale for the contract-level KYC gates above.
    Why is this consensus tentative?
    • weak consensus margin

    A fresh independent run can strengthen (or overturn) the verdict.

    Run your own prompt Submit run ↗
    Sources claude-opus-4-7 url ↗ gpt-5.5-thinking url ↗ grok-built-by-xai url ↗ View raw submissions ↗

Stage

Preview of the Phase-3 maturity framework. DeFiPunk'd will adopt DeFiScan v2's stages verbatim; the section is rendered below in its intended shape so the structure is visible today.

Ondo Yield Assets has not yet been assessed under the DeFiScan v2 stage framework.
The walkaway test is the central criterion. Once stages land, protocols reach Stage 1 only if users can exit in the presence of malicious operators even when the emergency council disappears.
Scope of assessment
Stages are assessed per-protocol against DeFiScan v2's criteria: governance structure, upgradeability path, timelock durations, emergency-council scope, and the walkaway test. The analysis depends on onchain discovery (roles, owners, timelocks) and deeper review of deployed contracts — neither of which DeFiPunk'd automates at Phase 0.
Stage 0 requirements pending
Governance is largely off-chain, contracts are upgradeable with short or no timelock, and the protocol depends on a multisig or team with full discretion. At Phase 0 DeFiPunk'd does not automatically evaluate these; the assessment lands with crawler-based onchain discovery.
Stage 1 requirements pending
Users can exit or opt out on their own terms even if the team disappears. Upgrades run through a meaningful timelock with an emergency security council clearly scoped. The walkaway test is the headline criterion.
Stage 2 requirements pending
Protocol is fully permissionless and immutable, or upgrades require a supermajority of token holders with a long timelock and no emergency override. This is the terminal stage of the DeFiScan v2 framework.
Learn more about DeFiScan v2 stages →
Stages are an opinionated assessment of maturity, not a rating of security or safety. A protocol can sit at Stage 2 and still carry substantial technical or economic risk; the framework exists to incentivize decentralization, not to rank protocols.

Contract surface

Every contract in scope for this protocol — pooled from DeFiLlama's TVL adapter (mechanical) and DEFI@home discovery submissions (LLM-curated). Verified-source flags come from Etherscan + Sourcify; owner / multisig metadata is read on-chain when available. Reviewer audit context, not a slice score. A lending protocol's adapter set will list third-party collateral tokens alongside its own contracts; attribution is the grader's job.

  • 45addresses
  • 6verified source
  • 6proxies

TVL adapter pinned at 683d369. Sourcecode fetched 2026-05-06. Control fetched 2026-05-07.

arbitrumTokenProxy0x35e0…9a9dTVL + discproxytoken
Arbitrumother (Ondo Bridge Arbitrum OFT Adapter, LayerZero)0x0be3…bb41discoverybridge
BNB Chainadmin (GMTokenManager on BNB Chain)0x91f8…b299discovery
BNB Chainoracle (SyntheticSharesOracle on BNB Chain)0xf4fd…f15ediscoveryoracle
BNB Chainrouter (GMTokenLimitOrder on BNB Chain)0x96b5…5d48discoveryrouter
BNB Chaintoken (USDon on BNB Chain)0x1f89…dfe6discoverytoken
ethereumTokenProxy0x1b19…ee92TVL + discproxytoken
ethereumTokenProxy0x96f6…985cTVL + discproxytoken
ethereumTokenProxy0xe868…4c09TVL + discproxytoken
Ethereumadmin (CashManager legacy, deprecated Dec 2023)0x3501…618fdiscovery
Ethereumadmin (GMTokenManager)0x2c15…5c8cdiscovery
Ethereumadmin (KYCRegistry legacy, deprecated Apr 2025)0x7ce9…dc70discovery
Ethereumadmin (OndoIDRegistry)0xcf69…97dfdiscovery
Ethereumadmin (OUSG_InstantManager)0x9335…643adiscovery
Ethereumadmin (OUSGInstantManager legacy, deprecated Apr 2025)0x2826…6a43discovery
Ethereumadmin (OUSGManager legacy, deprecated Apr 2024)0xf16c…d5e8discovery
Ethereumadmin (USDonManager / PSM)0x05cc…d7e1discovery
Ethereumadmin (USDY Blocklist)0xd8c8…b0a8discovery
Ethereumadmin (USDY_InstantManager)0xa426…1f15discovery
Ethereumadmin (USDYManager legacy, deprecated)0x25a1…b97ediscovery
Ethereummultisig (OUSG Recipient / OUSG Holdings 1)0x72be…b63ddiscoverymultisig
Ethereumoracle (OndoOracle)0x9cad…4094discoveryoracle
Ethereumoracle (OUSG Oracle legacy, deprecated)0x0502…6abediscoveryoracle
Ethereumoracle (SyntheticSharesOracle for GM tokens)0x9bc3…1be6discoveryoracle
Ethereumoracle (USDY Redemption Price Oracle / RWADynamicOracle)0xa021…1de0discoveryoracle
Ethereumother (Ondo Bridge Ethereum OFT Adapter, LayerZero)0xa627…307ddiscoverybridge
Ethereumother (Ondo Finance Deployer EOA)0xe2d0…4bbediscoveryfactory
Ethereumrouter (GMTokenLimitOrder)0xf0bc…f451discoveryrouter
Ethereumtoken (ONDO governance token)0xfaba…9be3discoverygovernance
Ethereumtoken (rUSDY, rebasing USDY)0xaf37…b879discoverytoken
Ethereumtoken (USDon, GM proximate token)0xace8…19f1discoverytoken
Ethereumtreasury (Coinbase Prime custodian for OUSG)0xf674…856cdiscoverytreasury
Ethereumtreasury (Coinbase Prime custodian for USDY USDC deposits)0xbda7…ae28discoverytreasury
Ethereumvault (PYUSD Recipient for OUSG subscriptions)0x0317…bc2cdiscoveryvault
mantleTokenProxy0x5be2…c5a6TVL + discproxytoken
Mantleadmin (Blocklist on Mantle)0xdbd7…e5c6discovery
Mantleoracle (Redemption Price Oracle on Mantle)0xa96a…882fdiscoveryoracle
Mantleother (Ondo Bridge Mantle OFT Adapter, LayerZero)0x0be3…bb41discoverybridge
Mantletoken (mUSD, rebasing USDY on Mantle)0xab57…7cf3discoverytoken
Plume Mainnettoken (USDY on Plume)0xd2b6…88b2discoverytoken
plume_mainnetUSDY0xd2b6…88b2TVL
polygonTokenProxy0xba11…5811TVL + discproxytoken
Polygonadmin (CashManager for OUSG on Polygon)0x6b74…e945discovery
Polygonadmin (Registry for OUSG on Polygon)0x7cd8…9ac1discoveryfactory
seiUSDY0x54cd…e2a6TVL + disctoken

Protocol Info

Links

[defillama] Source: DeFiLlama [:] Source: DEFI@home quorum
Website
https://ondo.finance
Twitter
@OndoFinance
GitHub
ondoprotocol
Docs
https://docs.ondo.finance/

Security

[defillama] Source: DeFiLlama [:] Source: DEFI@home quorum
Audits
12 audits
Bug bounty
https://immunefi.com/bug-bounty/ondofinance/information/
Security contact
support@ondo.finance

Technical

[:] Source: DEFI@home quorum
Voting token
ONDO Ethereum: 0xfAbA6f8e4a5E8Ab82F62fe7C39859FA577269BE3
Deployed contracts
https://docs.ondo.finance/addresses
Upgradeability
Upgradeable

Provenance

[defillama] Source: DeFiLlama
Review status
listed
Updated
2026-06-01 11:27 UTC