The purpose of this assessment is to determine the suitability of utilising Moonwell for Overnight Finance’s yield strategies on Base blockchain — the new Ethereum L2 optimistic rollup deployed by Coinbase using Optimism’s OP Stack.
This assessment on Moonwell focuses on Moonwell — a money market platform based on Compound v2 and deployed across 3 different blockchains (Moonriver, Moonbeam and Base) — and the risks Overnight Finance assumes by using them in their ETS product.
- Moonwell’s deployment on Base employs a novel mechanism to execute DAO governance cross-chain using wormhole bridge.
- In addition to having an active DAO managing proposals, additional safeguards on Base chain was implemented — including a 24 hour timelock on the Temporal Governor contract to allow sufficient time for proposals to be inspected. Ownership of this contract was also transferred to a 3/5 SAFE multisig of known trusted external signers (Gauntlet, Warden Finance, Brandon Kase from 0(1) Labs, x0s0l from Solarbeam, Coolhorsegirl from Tally).
- All deployed contracts have been audited by Halborn Security since their inception. With a total of 6 extensive and expeditious audits (1 on their Safety Module, 2 on their Moonriver deployment, 2 on their Moonbeam deployment, and 1 on their Base deployment). The latest audit in July 2023 covers the newly deployed contracts on Base.
- Apart from the Unitroller/Comptroller and Multi-Reward Distributor contract, no other contract uses proxies. The ownership of the proxy admin contract is with the above-mentioned timelocked, multisig controlled Temporal Governor contract.
- Moonwell only uses trusted Chainlink oracles for their deployed assets and have remedied the possible initialisation exploit that affected Hundred Finance and other Compound V2 forks.
- 2 major past incidents of Moonwell were the result of using bridged 3rd party assets by Nomad on Moonbeam and Multichain on Moonriver that became unbacked when the bridges were exploited. Although a similar risk can be said to exist on Base and indeed all blockchains with bridged assets, it is notable that Base is an Ethereum L2 optimistic rollup based on Optimism’s OP Stack, and both the bridge and blockchain are owned by Coinbase.
- Team background and platform funding is excellent. The platform also employs two external risk managers in Gauntlet and Warden Finance.
- Documentation of the platform including audits, github, governance, and personnel are extensively detailed and public.
- Accordingly, Moonwell presents one of the lowest risk one can reasonably expect from any decentralised finance platform and receives a 1 out of 5 Risk Rating, where 1 is the lowest possible risk and 5 is the highest.
Overnight Finance partially generates higher yields on their platform assets (USD+, DAI+) by deploying Exchange-Traded Strategies (ETS) which leverages a collateralised debt position on a stablecoin to borrow a volatile asset through a money market platform. These assets are then deployed together with a stablecoin to AMM DEXs. This allows the strategy to hedge against price volatility and assume a pseudo-delta neutral position through automated price tracking and rebalancing.
Moonwell is a decentralised money market platform forked from the popular Compound v2 platform that began on Moonriver (an EVM on Kusama Network) before expanding to Moonbeam and finally Base chain. Moonwell current allows the borrowing and lending of USDbC, ETH and cbETH on their platform.
This assessment will on focus on Moonwell’s Base chain deployment and the possible risks that Overnight Finance will assume by using their platform for their ETS product. The assessment is split into 2 categories: Platform Background and Codebase.
Moonwell (Apollo) was first deployed on Moonriver on 12 February 2022 and reached $250M TVL in 2 weeks. They then expanded to Moonbeam as Moonwell (Artemis) achieving similar success capturing $150M TVL.
Founding Contributors of Moonwell ¹
- Lunar Labs
– Luke Youngblood (.trilemma) — Former Coinbase Sr. Staff Engineer & AWS Principal Engineer
– Eli Clendenin (majin_moonwell) — Community and Communications Lead
– x0s0l: Full Stack Developer and Solarbeam Co-founder
– DevPupo: Frontend Developer
– Kidliberty: Frontend Developer
- Gauntlet Network — On-chain Risk modelling, management and optimisation
- Warden Finance — Risk modelling and management
- Rome Blockchain Labs — Technical implementation
- VectorDAO — Collective of application designers and developers
- Halborn Security — Smart Contract Auditor and real-time monitoring
0xMaki (Sushiswap Co-founder), Brandon Kase (CTO at O(1) Labs), Justin Lee (Co-founder of nfr Ventures, formerly Coinbase Ventures) and Mason Borda (Tokensoft, Bitgo)
Moonwell raised $10M in their funding round from Arrington XRP Capital, Mirana Ventures, Lemniscap, Woodstock Fund, Robot Ventures, Signum Capital, C Squared Ventures, UOB Venture, nfr Ventures, Charterhouse Strategic Partners, FMFW.
In addition, they raised another $13M in a public ICO on Tokensoft.
Governance of Moonwell is done entirely though their DAO with most discussions taking place on their public forum (https://forum.moonwell.fi/) and discord (https://discord.gg/moonwellfi). They have 2 governance tokens: MFAM for Moonwell Apollo on Moonriver, and WELL for Moonwell Artemis on Moonbeam and Base. WELL tokens on Base are bridged by Portal Bridge built on Wormhole Protocol .DAO proposals require a simple majority as well as a set quorum to pass.
Since governance for the Base platform is conducted on Moonbeam, proposals will be delivered to the Temporal Governor contract by Portal Bridge. The contract is 24h-timelocked which allows ample time to inspect proposals before implementation. The owner of the contract was also transferred to a 3/5 SAFE multisig of external known trusted signers⁴:
- Gauntlet (https://www.gauntlet.xyz/)
- Warden Finance (https://www.warden.finance/)
- Brandon Kase from 0(1) Labs (https://twitter.com/bkase_)
- x0s0l from Solarbeam (https://twitter.com/x0s0l)
- Coolhorsegirl from Tally (https://twitter.com/coolhorsegirl2)
Risk Management and Economic Simulations ⁵
As founding contributors, Gauntlet and Warden Finance continue to provide extensive assistance to Moonwell in the form of financial modelling tools and economic simulations to assist in optimisation and risk management. Their contributions to the platform are regularly seen in governance proposals. With the most recent by Warden Finance to introduce DAI as a collateral to the Base deployment.⁶
Moonwell has also implemented what they call a Safety Module as an additional security layer in the event of an unforeseen shortfall (including smart contract exploits, liquidation and oracle failure).
This is in essence an insurance feature that allows users to stake their governance tokens (MFAM and WELL) in return for some rewards to help secure the platform.
Asset Risk Parameters
Only 3 assets are currently available for lending and borrowing. DAI will soon be introduced.⁶ Collateral and Reserve Factors are comparable (even slightly more conservative) to other money market platforms such as Aave, Compound, Silo Finance and Sonne.
Moonwell has been affected by 2 major incidents since their inception. The first of which was the Nomad bridge hack that drained the backing of major assets on Moonbeam blockchain in August 2022.⁸
The second incident occurred on their Moonriver deployment and was also bridged asset related — Multichain assets lost their backing when the bridge protocol was taken offline in July 2023 after bridge-assets were stolen.⁹
Both incidents were blockchain-wide events that would have been difficult if not impossible to avoid given that those were the main asset bridges of each affected blockchain. The quick response of the DAO (especially through Gauntlet proposals) is notable.¹⁰ ¹¹
Moonwell is a Compound v2 fork, the most common money market platform fork on EVM blockchains. There have been several additions since Moonwell v1 but each change has been audited by Halborn Security. The current iteration of Moonwell on Base chain is Moonwell v2 with new contracts to support cross-chain governance and rewards distribution — all of which were also audited by Halborn Security as recently as July 2023.¹²
Importantly, they have remedied the collateral initialisation exploit that affected numerous Compound v2 forks as well as verified that the solution worked with their own test unit.¹³ ¹⁴
Explorer Verification and Proxies
All platform contracts on Base are verified on Basescan.org, and all contracts with the exception of the Unitroller/Comptroller and MultiRewardsDistributor are not proxied. ᴬ
The proxy admins for both contracts were transferred to a custom 24 hour timelock contract (Temporal Governor). Ownership of this contract is currently held by the 3/5 SAFE multisig mentioned in the above section.⁴
Moonwell exclusively uses Chainlink oracles for their collaterals.¹⁵ This can be verified on the explorer with feeds used being the same ones publicly posted on Base Documents.¹⁶
In addition to the above, there is also an ImmuneFi bounty of $250K.⁵
In terms of Platform Background
- team history and relative lack of anonymity
- decentralisation of governance
- layered security measures
- access to funding
Moonwell presents a low risk to Overnight Finance. The major incidents were a blockchain-wide events that cannot be attributed to a failure of Moonwell’s. While a similar incident could conceivably occur on Base chain, it is notable that both the bridge and the blockchain are owned by Coinbase and that Base is also an Ethereum L2 optimistic rollup built on Optimism’s OP Stack. In this category, Moonwell receives a 1 out of 5 risk rating.
In terms of Codebase
- thoroughness of audits and choice of auditor
- verified contracts and limited use of proxies
- proper on-chain governance controls (timelock and multisig)
- use of trusted oracles
- inclusion of a bounty reward
Moonwell again presents a low risk to Overnight Finance. Contracts deployed even minor ones are audited and Halborn Security as a contributor also continues to monitor threats to Moonwell in real time. In this category, Moonwell receives a 1 out of 5 risk rating.
The total risk is the highest risk rating of either category and in this instance Moonwell receives the lowest total risk rating of 1 out of 5.
Contract Addresses ᴬ
- WELL (Moonbeam): 0x511aB53F793683763E5a8829738301368a2411E3
- WELL (Base): 0xff8adec2221f9f4d8dfbafa6b9a297d17603493d
- Base SAFE Multisig Wallet Address: 0x446342af4f3bcd374276891c6bb3411bf2f8779e
- Comptroller*: 0xfBb21d0380beE3312B33c4353c8936a0F13EF26C
- Temporal Governor*: 0x8b621804a7637b781e2BbD58e256a591F2dF7d51
- Multi-Reward Distributor*: 0xe9005b078701e2A0948D2EaC43010D35870Ad9d2
- Moonwell USDC: 0x703843C3379b52F9FF486c9f5892218d2a065cC8
- Moonwell WETH: 0x628ff693426583D9a7FB391E54366292F509D457
- Moonwell cbETH: 0x3bf93770f2d4a794c3d9EBEfBAeBAE2a8f09A5E5
- WETH Router*: 0x31CCFB038771d9bF486Ef7c7f3A9F91bE72124C4
- Chainlink Oracle: 0xEC942bE8A8114bFD0396A5052c36027f2cA6a9d0
*Contracts marked have been changed (whether slightly or not) or novel compared to the original Compound v2 codebase.
P.S. This article was written by our respected user. We thank the author for a detailed and useful analysis of the Moonwell project. Link to the author’s Medium is here .