Apr 17, 2025
This is an archive of our post on Aave governance forum. Read the full thread here.
Summary
As this ARFC onboards 3 assets at once, LlamaRisk has conducted 3 separate asset reviews. Each is detailed in full below.
WMNT
LlamaRisk supports listing WMNT on Aave. MNT—the token wrapped by WMNT—serves as Mantle’s gas and governance tokens. Its L1 contract is controlled by a 6‑of‑13 multisig that can mint up to 2% of supply annually and transfer ownership without a timelock. The base token has an OpenZeppelin audit, yet the wMNT wrapper diverges from canonical WETH, is unaudited, and lacks bug‑bounty coverage.
Liquidity is constrained. A single $2.5 M swap moves price about 10%, far shallower than other L2 gas‑token markets, and nearly all depth sits in two USDe pools (Merchant Moe and Agni) funded almost entirely by Mantle Treasury. Although withdrawals require a DAO vote, this concentration could still trigger a sudden liquidity shock and hinder liquidations.
Given these access‑control, contract, and liquidity risks, WMNT should launch with low supply and borrow caps, tight liquidation settings, and periodic reviews that scale exposure only as Mantle decentralizes and market depth improves.
mETH and cmETH
LlamaRisk recommends postponing the onboarding of mETH and cmETH until Mantle’s liquidity and overall maturity improve. A 200 mETH swap moves the price by more than 5%, while 150 cmETH results in about 20%; most depth sits in a single Merchant Moe pool, and one address supplies nearly 80% of cmETH liquidity. Although Ethereum mainnet holds roughly three times more volume, that liquidity would still need to be bridged before it could backstop Mantle‑side liquidations.
Both tokens are governed by custom, un‑timelocked 6‑of‑13 multisigs whose relationship to the largely unused COOK governance token remains opaque. mETH has five audits and a $500K Immunefi bounty, but cmETH lacks a bounty and adds extra restaking complexity through PositionManagers, EigenLayer, Karak, Symbiotic, and off‑chain reward handlers.
Until on‑chain depth expands significantly and governance protections mature, listing these assets would expose Aave to outsized market and counterparty risk.
Detailed assessments
MNT Review
1. Asset Fundamental Characteristics
1.1 Asset
wMNT is an ERC20-compatible representation of the native MNT token at address 0x78c1b0C915c4FAA5FffA6CAbf0219DA63d7f4cb8. This contract was deployed in July 2023, close to when the network went live. This asset similarly wraps the native MNT token to how WETH wraps ETH, allowing it to be used in smart contracts. MNT is the native token of the Mantle network, which is used to pay for gas on the L2. In this way, it, too, is analogous to ETH on Mainnet. This network-specific native asset class and the wrapper are widely onboarded across Aave instances.
1.2 Architecture
Users may wrap MNT or unwrap WMNT at any time 1:1 and zero cost. This makes the wrapped asset essentially analogous to MNT. MNT is the native gas token of the Mantle network and is used to vote in Mantle governance.
1.3 Tokenomics
This asset is a 1:1 wrapper of $MNT, so it inherits its tokenomics. The $MNT token started as $BIT, which was migrated to $MNT on the launch of the Mantle network. Half of $ MNT’s 6,219,316,794 supply is circulating, with the other half held in Mantle DAO’s treasury.
1.3.1 Token Holder Concentration
Source: WMNT Token Holder Distribution, MantleScan, April 11th, 2025
WMNT is highly concentrated, with four addresses controlling almost 80% of the supply. When looking at these holders, these large holders are smart contracts. The leading holder is a Merchant Moe liquidity pool, the second largest is an AGNI pool, and the third largest is a Lendle lending pool. This reduces the risk somewhat, as these large holders are not owned by individual EOAs that may exit in size rapidly.
2. Market Risk
2.1 Liquidity
Source: wMNT-USDT swap, Odos, April 11th, 2025
Neither WMNT nor MNT is highly liquid, with a $2.5M trade resulting in almost 10% price impact. This presents a risk to Aave and results in a constrained supply cap recommendation.
2.1.1 Liquidity Venue Concentration
As detailed above, much liquidity is held on either Agni or Merchant Moe. Most of this route is equally balanced between the two DEXs and routed largely through USDe. This presents risks regarding whether USDe liquidity should dry up or whether these DEXs should suffer an incident under which they no longer function. This asset’s generally low liquidity level presents a risk to Aave.
2.1.2 DEX LP Concentration
WMNT LP concentration is very high, with the majority supplied by just two EOAs across the two main pools. This concentration poses a significant risk, as a sudden withdrawal by either entity could trigger a liquidity shortfall. Below is the breakdown (as of April 17, 2025):
Merchant Moe USDe/WMNT ($7.7M TVL): 100% of the pool’s liquidity is supplied by an EOA. Mantle’s treasury controls this EOA.
Agni Finance USDe/WMNT ($5.7M TVL): The top liquidity provider is another EOA, holding 99.99% of the pool’s liquidity. Mantle’s treasury also controls this address.
The nature of these addresses (DAO treasury) means that liquidity is unlikely to be pulled, but given that it is theoretically possible that it may risk is still present. This liquidity would likely only be removed after a lengthy DAO approval process, giving Aave sufficient time to adjust markets accordingly.
2.2 Volatility
Source: Mantle Token, Coingecko, April 11th, 2025
Mantle and WMNT experience an elevated level of volatility, with large swings within a relatively tight $1.50 to $0.25 range being documented. Large intraday price increases and drops are displayed, indicating high volatility.
2.3 Exchanges
Source: Mantle Token, Coingecko, April 11th, 2025
Mantle is available on a wide number of Asia-based centralized exchanges. It enjoys significant volume.
2.4 Growth
Source: Mantle Token, Coingecko, April 11th, 2025
Mantle’s market capitalization has maintained a ±$2B valuation for its duration, with some volatility in between. It is a direct function of the token’s price, as new tokens are not being introduced through inflation.
WMNT has an onchain market capitalization of 22.5M MNT, which has been slowly increasing as Mantle’s DeFi network continues to mature.
3. Technological Risk
3.1 Smart Contract Risk
No smart contract audits are documented for WMNT. There are substantial contract differences between WETH and WMNT. Smart contract risk is, therefore, difficult to verify, meaning it is moderate on the MNT contract on ETH L1, the OpenZeppelin audited deployment, which found only low severity issues. This lowers smart contract risk.
3.2 Bug Bounty Program
No bug bounty program for WMNT or MNT is detailed.
3.3 Price Feed Risk
An MNT/USD Chainlink feed is available. It is a market price feed. Since WMNT and MNT are 1:1 redeemable at all times for free, this is a suitable oracle for this use case.
3.4 Dependency Risk
The wrapper contract for this asset is the sole dependency introduced by adding WMNT. MNT is a core pillar of the Mantle network, so its use as collateral on Aave presents a limited incremental risk to the protocol. If Aave is deployed on Mantle, it already assumes significant dependency on the network and, therefore, the MNT token. The incremental dependency risk posed by MNT itself is, therefore, low.
4. Counterparty Risk
4.1 Governance & Regulatory Risk
MNT is both the native gas token of Mantle Network and the governance token of the Mantle DAO. The overall governance framework is described in MIP‑31, yet practical participation is still light, with major decisions to date centering on high‑profile proposals such as the Enhanced Index Fund in MIP‑32.
Despite having a published structure, the documentation does not delineate which subjects must be decided by token‑holders and which remain at the discretion of the core team. Nor is there a well‑defined mechanism for token‑holders to originate and shepherd new proposals through the process. This lack of clarity leaves room for unexpected policy shifts or governance deadlock. Either scenario could impair the perceived utility and, therefore, the market value of MNT—and, by extension, WMNT—introducing collateral risk to Aave if the token is abruptly repriced.
The legal analysis conducted as part of Aave v3’s initial deployment review ([ARFC] Deploy Aave v3 on Mantle - #3 by LlamaRisk) is still valid. To strengthen our regulatory assessment, we have requested from Mantle any legal opinions, non‑action letters, or comparable confirmations regarding MNT, mETH, and cmETH. Once these materials are received, our team will evaluate them and circulate the findings to all relevant stakeholders.
4.2 Access Control Risk
The WMNT contract does not employ access controls. The MNT mainnet token contract (where the token was deployed) employs access controls on critical token parameters.
4.2.1 Contract Modification Options
The MNT contract owner may modify the following functions:
Contract ownership
Token supply via minting additional tokens within a yearly mint cap (hardcoded to <2% of existing supply)
These are significant potential changes that may result in the value of an individual token being repriced rapidly should they be utilized without due process and clear communication.
4.2.2 Timelock Duration and Function
No timelock is documented on the MNT contract. This presents risk given the above change capacities - especially upgradeability.
4.2.3 Multisig Threshold / Signer identity
The MNT contract is owned by a 6/13 Safe with the following signers:
Given the large number of signers with a non-majority threshold and the lack of timelock on a contract with significant modification options, it is fair to say that MNT (not WMNT) has significant access control risk.
mETH Review
1. Asset Fundamental Characteristics
1.1 Asset
Mantle ETH (mETH) is a liquid-staked Ether token. It is an ERC20 compliant token deployed in October 2023 with an onchain market cap of ±367,300 ETH. It was deployed natively on mainnet, with stakers receiving a receipt token for the ETH staked on the L1. It was then migrated to Mantle network. This token is non-rebasing, meaning the number of tokens a holder keeps in an address will not increase. Instead, it will increase in value as it entitles a holder to a fixed share of the ETH staked through Mantle validators.
1.2 Architecture
Source: mETH Architecture, mETH Docs
Users send or receive ETH / mETH to a staking contract, which programmatically transfers the ETH to the Ethereum Beacon chain to be distributed to node operators. A ConsensusLayer Receive and an ExecutionLayer Receiver contract aggregate revenue generated by the staked ETH and pass it to the Staking Contract. This increases the value of the ETH held in the staking contract, thereby increasing the exchange rate. Of note are security roles included in the diagram, such as the pausers, guardians, and Mantle Security Roles.
1.3 Tokenomics
As a non-rebasing token, Aave protocol should face no risk from onboarding this type of token. The vault to which users own shares increases in a predictable way similar to that of stETH or RETH, who have successfully onboarded to the mainnet core.
mETH is controlled by governance token COOK with a current circulating supply of 960,000,000 of 5,000,000,000. Currently, there is no visibility on mETH governance processes, making the utility of COOK difficult to verify. Uncertainty is introduced without clarity on what aspects of this LST COOK may change and how those changes are made.
1.3.1 Token Holder Concentration
Source: mETH holders, MantleScan, April 14th, 2025
Mantle ETH is relatively distributed should you ignore two holders controlling more than 50% of the supply. The largest holder is a ByBit CEX address, and the second largest holder is also an address controlled by ByBit. ByBit is unlikely to own all of this mETH, meaning ownership is more fragmented than this chart may indicate.
2. Market Risk
2.1 Liquidity
Source: mETH to USDe, Odos Router, April 15th, 2025
mETH liquidity is extremely limited, with a 200 mETH swap resulting in more than 5% price impact.
2.1.1 Liquidity Venue Concentration
This liquidity is relatively fragmented, with the majority of the mETH swapped through the Merchant Moe mETH-WETH pool, which has $580K TVL.
Source: mETH/WETH, Merchant Moe, April 17, 2025
This liquidity situation is hampered by pool balance, which decreases trading efficiency and, therefore, incentives to provide liquidity.
Source: mETH DEX pools, GeckoTerminal, April 17, 2025
Leading pools include Agni ($200K 24H volume), Merchant Moe ($325K 24H volume), and Cleopatra ($52K 24H volume).
2.1.2 DEX LP Concentration
Source: mETH/cmETH Merchant Moe pool concentration, Debank, April 17 2025
DEX liquidity on the mETH/WETH pool is very distributed, with the largest users supplying no greater than 12% of the pool. This reduces risk, as all liquidity is unlikely to be removed and cause a liquidity shortfall event. This is unlikely to jeopardize the profitable liquidation of Aave in its current state.
2.2 Volatility
Source: mETH/wETH, DexScreener, April 17 2025
mETH has continued to appreciate in a predictable fashion relative to the price of ETH, which is expected. A brief, significant depeg event was noted in late February 2025, where the asset fell to a ratio of 1.02 mETH per WETH, though this was quickly arbitraged.
This degree of irregular volatility presents some degree of risk to the protocol, especially should leverage looping be one of the primary use cases of this asset.
2.3 Exchanges
Source: Coingecko Exchanges, Coingecko, April 15 2025
mETH is traded on ByBit and a variety of Mantle-specific decentralized exchanges
2.4 Growth
Source: mETH Protocol, Mantle-xyz via Dune, April 15, 2025
The amount of mETH is decreasing, especially on the Mantle network. Roughly 40,000 mETH are currently on the network, down from a peak of ±160,000.
3. Technological Risk
3.1 Smart Contract Risk
Mantle ETH has been audited multiple times.
Hexens (August 2023) found 3 high, 6 medium, and 5 low severity issues
Hexens (September 2023) found 3 high and 4 low severity issues
MixBytes (November 2023) found 3 high and 4 medium severity issues
Secure3 (October 2023) found 1 critical, 20 medium, and 12 low severity issues
Secure3 (October 2023) found 2 critical, 3 medium, and 6 low severity issues
Verilog (November 2023) found 2 low severity issues
The number of these audits and the slight decrease in the frequency of detected issues indicates a serious approach to smart contract security, which helps mitigate risk.
3.2 Bug Bounty Program
mETH is covered by a $500K bug bounty program. This lowers smart contract risk.
3.3 Price Feed Risk
While Chainlink feeds currently operate on this network, mETH does not yet have a price feed solution. Querying the value of 1 mETH on the L2 is complicated as the staking vault is on the ETH mainnet, and the actual ETH itself is on the Beacon chain. The mainnet mETH contract does not have a ratio function to call. The mETH Oracle contract has a function "latestRecord "that may be called to price the asset.
The relative complexity of the setup across different networks results in a system not without risk.
3.4 Dependency Risk
This architecture presents few incremental dependencies that Aave is not already exposed to given it is live on Mantle and has onboarded many LSTs.
Key incremental risks introduced focus on the security roles (more in section 4) and the node operators selected by Mantle. Their continued compliance is important, so dependency risk is high when onboarding this asset.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
mETH is governed by the governance token COOK, which is deployed to the mainnet. It is not evident that COOK has been used in a vote at this time, calling into question its utility as a governance token. With unclear governance procedures come uncertainties, which in turn produces risk. With no clarity on how governance functions for this asset, it is difficult to evaluate governance risk.
The documentation mentions Guardians but declines to elaborate on their roles or capacities. This puts significant control into the hands of the mETH team and places large dependencies on their continued competence and compliance. This risk is mitigated by limited contract modification options (see next section), but the limited transparency and lack of clear framework results in risk.
4.2 Access Control Risk
mETH access control configurations are complex and unique in structure. Their unclear layout is nonstandard, which may result in reviewers missing potential vulnerabilities. This increases risk in an area that ideally has none.
4.2.1 Contract Modification Options
Mantle has produced a high-quality document that outlines different modification options and explains their relevance.
This mETH contract owner may:
Upgrade the contract of mETH on L1 and L2
Change ownership of the contract
Modify Oracle roles
Pause the contract
Modify the stake operators
Unstake the ETH
These are significant permissions that present a high risk.
4.2.2 Timelock Duration and Function
A timelock is documented. Unfortunately, it is not in use with the "getMinDelay " function set to 0. This does nothing to decrease the level of risk, which is considerable.
4.2.3 Multisig Threshold / Signer Identity
mETH ownership multisig signers are listed in Mantle documentation. This page is of excellent quality, and other projects would do well to emulate it.
Two multisigs control the most critical of roles:
MSEC Council 1 - a 6/13 Safe with one proposer.
MSEC Council 2 - a 6/13 Safe (which is unverified on Mantle, limiting transparency into ownership).
MSEC Council 1 is responsible for upgrading the oracle, owning the pause contracts, controlling the staking operation, and upgrading the L1 mETH token. MSEC Council 2 is responsible for upgrading mETH on L2.
The mainnet MSEC Council 1 consists of the following signers:
cmETH Review
1. Asset Fundamental Characteristics
1.1 Asset
cmETH is Mantle Restaked ETH. It is an ERC20-compliant restaked ETH token deployed in August 2024. It was deployed natively on the mainnet network, with stakers returning a receipt token for the mETH restaked on the L1. It was then migrated to the Mantle network.
Yield is reportedly generated in the following ways:
Yield from ETH Proof-of-Stake validation (provided via the underlying $mETH)
Yield from restaking protocols (e.g., EigenLayer, Symbiotic, Karak, etc.)
Yield from Actively Validated Services (AVS)
$COOK rewards (multiple seasons)
Other technology partner rewards
Yield from L2 dApps and Protocol Integrations
This token is non-rebasing, meaning the number of tokens a holder keeps in an address will not increase. Instead, it will increase in value as it entitles a holder to a fixed share of the ETH staked through Mantle validators.
This is a familiar asset to the Aave network and presents a limited incremental risk to the protocol. Restaked assets are often high-risk assets and should be parameterized accordingly.
1.2 Architecture
Source: Architecture, cmETH documentation
Users move from mETH to cmETH either through a DEX or a restaking contract on the mainnet. cmETH uses Veda’s BoringVault architecture, similar to EtherFi. After sending mETH to this vault, it is then allocated to a PositionManager, who restake the mETH for various uses.
In exchange, they receive not only native ETH staking yield but also yield generated by the PositionManager’s selected revenue strategies. This architecture introduces significant dependencies that the PositionManager selects. The limited visibility of these strategies results in architectural risk.
1.3 Tokenomics
cmETH is paired 1:1 with mETH, meaning users must collect rewards independently (as opposed to how ETH rewards are streamed to a vault that mETH holders are entitled to a share of). This straightforward accounting structure results in limited tokenomic risk.
cmETH, like mETH, is controlled by $COOK. Currently, there is no visibility on mETH governance processes, making the utility of COOK difficult to verify. Uncertainty is introduced without clarity on what aspects of this LST COOK may change and how those changes are made. This, in turn, introduces risk.
1.3.1 Token Holder Concentration
Source: cmETH token holder distribution, Mantlescan, April 16, 2025
On the Mantle, cmETH is moderately distributed. Large holders include rewards distributors, Staking contracts, and ByBit exchange addresses.
This level of fragmentation results in limited incremental risk.
2. Market Risk
2.1 Liquidity
Source: cmETH to USDe swap, Odos, 16 April, 2025
cmETH is extremely illiquid. A 150 cmETH to USDe trade results in a 20% price impact. This presents a significant risk to liquidators attempting to cover the liquidity deficit.
Source: cmETH / USDe tick distribution, Merchant Moe, April 16, 2025
This is despite the cmETH pool having $8M of TVL. Unfortunately, the LP positions are out of range so that no trades may be facilitated.
2.1.1 Liquidity Venue Concentration
Source: cmETH DEX pools, GeckoTerminal, April 17, 2025
This routing is relatively distributed, with Merchant Moe V2.2 facilitating most of the trade. Agni also facilitates a smaller percentage, with other minor DEXs helping out.
Interestingly, an FBTC / cmETH pool on Merchant Moe has a relatively high $82K 24H volume for unlike assets, which are (re)staked.
The lack of volume outside of Merchant Moe presents a risk, resulting in dependency on a single, smart contract suite.
2.1.2 DEX LP Concentration
Source: mETH/cmETH Merchant Moe pool concentration, Debank, April 17 2025
DEX liquidity on the cmETH/mETH pool is somewhat concentrated, with one address supplying 78% of liquidity. This presents a risk, as it may be removed and cause a liquidity shortfall event, jeopardizing the profitable liquidation of Aave.
2.2 Volatility
Source: cmETH/mETH, DexScreener, April 17, 2025
cmETH is currently pegged to the price of mETH on the most liquid network-specific trading pool. Minimal depeg events (greater than 0.1%) are documented between the two assets, indicating low volatility risk.
2.3 Exchanges
Source: cmETH Exchanges, coingecko, April 16, 2025
cmETH is traded exclusively on DEXs and Bybit.
2.4 Growth
/S1RVHwp0kl.png)
Source: cmETH Market Cap, coingecko, April 16, 2025
cmETH is currently experiencing a market capitalization shrinkage, roughly in line with ETH’s after a significant rise and fall in mid-December 2024.
3. Technological Risk
3.1 Smart Contract Risk
cmETH has five audits publicly available:
Verilog (October 2024) found 2 medium and 2 low severity issues
QuantStamp (September 2024) found 1 medium and 3 low-severity issues
BlockSec (October 2024) found no potential issues
Secure3 (September 2024) found 1 medium issue
Hexens (August 2024) found 1 high, 2 medium, and 2 low severity issues.
This number of audits helps to reduce smart contract risk.
3.2 Bug Bounty Program
cmETH is not covered by a bug bounty program. Related repositories are private, which results in high risk. This is elevated given the amount of different contracts cmETH restakes the mETH into to generate yield.
3.3 Price Feed Risk
There is no Chainlink feed for cmETH; only the fundamental rate is available.
3.4 Dependency Risk
As a restaking protocol, cmETH introduces the following incremental dependencies:
The PositionManager contract and the various selected restaking strategies (currently using Karak, Symbiotic, Eigen Validator A41, and Eigen Validator P2P) - notably, neither Karak nor Symbiotic restaked assets are currently onboarded to Aave.
The RewardHandler relies on off-chain computing, which allows users to claim rewards generated through Merkle Trees that must be regularly posted.
The operators in the LRT systems that choose which AVSs to secure and run the risk of slashing (shortly) should they irresponsibly allocate the assets.
Source: cmeETH PositionManager, cmMETH docs
There are significant dependency risk assumptions introduced with limited visibility on the framework with which underlying mETH is being allocated.
4. Counterparty Risk
4.1 Governance and Regulatory Risk
cmETH, just like mETH, is governed by the governance token COOK, which is deployed to mainnet. It is not evident that COOK has been used in a vote at this time, calling into question its utility as a governance token. With unclear governance procedures come uncertainties, which in turn produces risk. With no clarity on how governance functions for this asset, it is difficult to evaluate governance risk. It is reasonable to presume all cmETH is managed by the Mantle team, placing significant counterparty risk on the asset.
4.2 Access Control Risk
As with mETH, cmETH’s access control configurations are complex and unique in structure. Their unclear layout is nonstandard, which may result in reviewers missing potential vulnerabilities. This increases risk in an area that ideally has none.
4.2.1 Contract Modification Options
cmETH roles and modification abilities are listed.
Key changes that may be made include:
Any aspect of the restaking vault, including strategies the mETH is allocated to
The L1 and L2 cmETH contracts itself, including the owner and delegator
The L1-L2 messaging contracts, including pauser, owners, upgraders, managers, and so on
This introduces the potential for any changes across various cmETH core functionalities. This presents a significant risk.
4.2.2 Timelock Duration and Function
cmETH does not document a visible timelock, and even if it did, it may be set to 0, as with mETH. With this in mind, it is reasonable to say that cmETH’s considerable access control regime is delayed by a timelock. There is mention of an MLSPTimelockL1 , but this is not visible on block explorers.
4.2.3 Multisig Threshold / Signer identity
Core functionalities are largely similar to mETH, with the following roles:
Two multisigs control the most critical of roles:
MSEC Council 1 - a 6/13 Safe with one proposer.
MSEC Council 2 - a 6/13 Safe (which is unverified on Mantle, limiting transparency into ownership).
MSEC Council 1 is responsible for upgrading the oracle, owning the pause contracts, controlling the staking operation, and upgrading the L1 cmETH token. MSEC Council 2 is responsible for upgrading cmETH on L2.
The mainnet MSEC Council 1 consists of the following signers:
Source: cmeETH Security roles, Mantle docs
For the strategies used in restaking, both Veda and Mantle individuals manage the allocations. This is in conjunction with a variety of smart contracts. This careful mapping indicates a responsible attitude to access control ownership but introduces risk through the incremental surface area.
Note: This assessment follows the LLR-Aave Framework, a comprehensive methodology for asset onboarding and parameterization in Aave V3. This framework is continuously updated and available here.
Aave V3 Specific Parameters MNT
Parameters will be presented jointly with @ChaosLabs.
Price feed Recommendation
For WMNT, we recommend using the Chainlink MNT/USD market feed.
Disclaimer
This review was independently prepared by LlamaRisk, a community-led decentralized organization funded in part by the Aave DAO. LlamaRisk is not directly affiliated with the protocol(s) reviewed in this assessment and did not receive any compensation from the protocol(s) or their affiliated entities for this work.
The information provided should not be construed as legal, financial, tax, or professional advice.