Skip to content

risk: add Noon sUSN risk assessment (3.6/5.0 Elevated Risk)#67

Draft
spalen0 wants to merge 6 commits intomasterfrom
review/noon-susn
Draft

risk: add Noon sUSN risk assessment (3.6/5.0 Elevated Risk)#67
spalen0 wants to merge 6 commits intomasterfrom
review/noon-susn

Conversation

@spalen0
Copy link
Copy Markdown
Collaborator

@spalen0 spalen0 commented Mar 1, 2026
edited
Loading

Summary

  • Risk assessment report for Noon sUSN (Staked USN) on Ethereum
  • Final Score: 3.6/5.0 — Elevated Risk
  • All key data points verified on-chain via cast (exchange rate, total supply, multisig config, proxy ownership, MinterHandler parameters, oracle architecture)
  • Report updated with fresh on-chain data as of March 10, 2026

Score Breakdown

Category Score Weight Weighted
Audits & Historical 3.5 20% 0.70
Centralization & Control 4.0 30% 1.20
Funds Management 3.5 30% 1.05
Liquidity Risk 3.5 15% 0.525
Operational Risk 3.5 5% 0.175
Final Score 3.6

Key Findings

  • No timelock on 3-of-6 anonymous multisig — can instantly upgrade both USN and sUSN contracts
  • Off-chain custodial reserves — majority of USN backing held by custodians (Ceffu, Alpaca Securities, Fasanara)
  • 5-day withdrawal lockup — maxRedeem() returns 0, must use withdrawal handler with T+5 max redemption
  • Stork oracle — Morpho market uses Stork adapter (not native Chainlink) for USN/USD price; non-standard latestRoundData() timestamps
  • No bug bounty — no program on Immunefi, Sherlock, or Cantina
  • rescueToken() — vault owner can extract any ERC-20 tokens
  • ~$31M TVL, ~14 months public beta, BVI jurisdiction

Morpho Market Oracle Architecture (on-chain verified)

The oracle reads sUSN exchange rate directly from the vault contract (trustless), USN/USD from Stork ($1.00), and USDC/USD from Chainlink. Primary risk: if USN depegs but Stork still reports $1.00, oracle overvalues collateral.

Data refresh (March 10, 2026)

  • Exchange rate: 1.1680 USN/sUSN (up from 1.1659 — healthy appreciation)
  • TVL: ~$31M (up from $28M), shifted heavily to Ethereum ($27.9M)
  • DEX volume: ~$33K USN/day, ~$156 sUSN/day (extremely thin)
  • Morpho: ~$8.3M supply, ~$7.4M borrow, 89.6% utilization
  • USN price: $0.9997 (well-pegged)
  • All ownership/governance: unchanged
  • No new audits, no bug bounty, no timelock implemented
  • NOON governance token launched on KuCoin (March 5, 2026)
  • Added USN peg monitoring section (was missing)

Closes #66

Test plan

  • Review all score justifications against template rubrics — all 5 category scores validated against scoring rubrics; justifications are well-reasoned and consistent with comparable reports (Strata srUSDe 2.8, Resolv wstUSR)
  • Verify contract addresses are correct (Etherscan links) — all 12 contract addresses verified: core contracts (USN, sUSN, MinterHandlerV2), proxy admins, multisig, collateral wallets, and oracle feeds
  • Cross-check on-chain verified values — all values re-verified via cast on March 10, 2026: exchange rate, total supply/assets, ownership, MinterHandler params, multisig threshold/owners, ProxyAdmin owners, Morpho oracle price, Stork feed, Chainlink feed
  • Review monitoring section for completeness — added missing USN peg monitoring with alert thresholds; all other monitoring items (vault, governance, collateral, Morpho) are comprehensive with specific thresholds and frequencies

🤖 Generated with Claude Code

@spalen0 @claude
feat: add risk assessment report for Noon sUSN
9954920 
Risk assessment for Noon protocol's sUSN (Staked USN) token on Ethereum.
Final score: 3.6/5.0 (Elevated Risk). Key findings include no timelock
on 3-of-6 multisig, off-chain custodial reserves, 5-day withdrawal
lockup, and Stork oracle dependency.

Closes #66

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
risk-score Ready Ready Preview, Comment Mar 23, 2026 10:05pm

Request Review

@spalen0 @claude
fix: address review items for Noon sUSN report
526bd63 
- Remove multisig signer addresses (per skill.md guidelines)
- Add full Risk Tier table with final tier bolded
- Verify and annotate collateral wallet types on-chain:
  Collateral 1 (4-of-5 Safe), Collateral 2 (3-of-4 Safe),
  Collateral 3 (EOA - flagged as higher risk)
- Expand monitoring section: blacklist events, RBAC changes,
  withdrawal period changes, EOA collateral wallet alerts
- Fix placeholder deployment tx links
- Fix typo (redeplooys -> redeploys)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
spalen0 and others added 2 commits March 10, 2026 07:52
@spalen0
Merge remote-tracking branch 'origin/master' into review/noon-susn
1c42b7d
@spalen0 @claude
fix: update Noon sUSN report with fresh on-chain data (March 10, 2026)
5ffc0b0 
- Update all on-chain metrics: exchange rate 1.1680 (was 1.1659),
  TVL ~$31M (was ~$28M), chain distribution shifted to Ethereum
- Update DEX volume with accurate CoinGecko data (~$33K USN, ~$156 sUSN)
- Update Morpho market data, oracle values, Stork/Chainlink feed values
- Add USN peg monitoring section (was missing from monitoring)
- Update timeline references to ~14 months beta
- Verify all contract ownership unchanged (multisig 3-of-6)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@spalen0 @claude
fix: add recent developments from deep research to Noon sUSN report
6076451 
- Add NOON governance token launch on KuCoin (March 5, 2026) with
  veToken system details — does not change underlying multisig admin
- Add US GENIUS Act regulatory risk for BVI stablecoin issuers
- Add tBTC Bitcoin Yield Vault product expansion note
- Add Serenity Research link (paywalled analysis)
- Note NOON token in governance section

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@spalen0
Copy link
Copy Markdown
Collaborator Author

spalen0 commented Mar 16, 2026
edited
Loading

Review: Noon Team Responses (March 14 Google Sheets)

Noon provided responses to our risk assessment findings here:
https://docs.google.com/spreadsheets/d/1PW0sPbCdYBohsNtUOdFSrgwWrZshtkjwwjcb93l3abs/edit?usp=sharing

Planned Remediations (commitments, not yet verified on-chain)

  1. Timelock (items 1, 9): Adding 2-day timelock "by week's end" (~March 21); increase to 7 days at 100M TVL
  2. Open source code (item 7): Will make GitHub repo public "by early next week" (~March 21)
  3. rescueToken() restrictions (item 10): Will add restrictions preventing extraction of vault tokens or underlying assets
  4. Bug bounty (item 3): Can accelerate Immunefi proposal; planned for 50M TVL
  5. Blacklist timelock (item 13): Will add timelock; says blacklisting is required for regulatory compliance (sanctions lists)
  6. Oracle redundancy (item 12): Building redundant data pathway for Stork; notes oracle is reserve-based, not market-price-based

New Information to Investigate

  • Market maker liquidation agreement (item 6): Noon says a market maker can enter a liquidation agreement to handle the 5-day sUSN withdrawal lockup for Morpho. This is not in the report and is directly relevant to the Yearn use case — needs details
  • Off-chain reserves claim (item 2): Noon claims off-chain assets are "limited to Fasanara Private Credit position" only. This contradicts our report which documents Ceffu (CEX arb) and Alpaca Securities (T-Bills/CLOs) as also being off-chain custodial. Needs clarification
  • Protocol age: Noon says 17 months live (since Oct 2024), report says ~14 months (since public beta Jan 2025). Minor discrepancy — contracts deployed Oct 2024 but public beta launched Jan 2025

Items With No Remediation Offered

  • Anonymous multisig signers (item 4): No fix planned. Commitment to add known signers after >$100M TVL; open to Yearn as signer
  • Small/young protocol (item 5): "Limited remediation possible"
  • BVI jurisdiction (item 8): "Limited remediation possible"

Next Steps (updated March 23, 2026)

  • Verify on-chain whether timelock has been implemented (~March 21) — VERIFIED: Custom Timelock at 0xE5e412C212B4FBbF550A94e7BD5e83dB0B315A7F, 48h delay. Both ProxyAdmins now owned by timelock. Token contracts (USN, sUSN) still directly owned by multisig — operational functions NOT timelocked
  • Check if GitHub repo is now public — VERIFIED: Protocol-Core and Governance-Core public since March 18-19. CI includes Slither + Mythril. Test coverage 96-100%
  • Get details on the market maker liquidation agreement — VERIFIED: DCL Markets Ltd (DCLM) contractually obligated to buy sUSN at previous day's price (USDT/USDC) within 24h (+24h grace) if sUSN depegs >1%. Must execute even at a loss. BVI law, JAMS arbitration in London. 45-day termination notice
  • Clarify the off-chain reserves claim (Ceffu, Alpaca still custodial?) — INVESTIGATED: Ceffu funding rate arb paused 12+ months per team. Alpaca/Dinari tokenization claim NOT verified on-chain — no Dinari dShares or tokenized T-bill tokens in any collateral wallet. T-bills appear to remain off-chain at Alpaca Securities
  • Update report with team responses section and any verified changes — DONE: Report updated with all findings, scores reassessed
  • Scores should NOT change until commitments are verified on-chain — DONE: Timelock verified on-chain. Score changed from 3.6 → 3.4 (Elevated → Medium Risk)

Additional Findings During Reassessment

  • Unbacked minting via mintAndRebase(): Multisig can mint USN with zero collateral — no supply cap, no cooldown, no daily limit. setRebaseLimit() has no upper bound. Not behind timelock. Historical: 25 calls, ~178K USN minted, limit raised twice (30K → 40K → 50K)
  • 2 EOAs hold REBASE_MANAGER_ROLE on sUSN vault (0x173806...d699 deployer, 0xcc2447...b11f unknown) — should be revoked
  • Morpho market at 100% utilization (was 89.6%) — all supplied USDC is borrowed
  • rescueToken() restrictions: NOT yet implemented (still callable without timelock)
  • Bug bounty: NOT yet implemented
  • Blacklist timelock: NOT yet implemented
  • Oracle redundancy: NOT yet implemented

@spalen0 spalen0 marked this pull request as ready for review March 16, 2026 14:40
@spalen0 spalen0 marked this pull request as draft March 16, 2026 14:40
@spalen0 @claude
docs: reassess Noon sUSN with team feedback (3.6 → 3.4 Medium Risk)
85709da 
Reassessment incorporating team data from feedback spreadsheet:

Verified improvements:
- 48h timelock on proxy upgrades (0xE5e4...5A7F, on-chain verified)
- Source code now public (Protocol-Core + Governance-Core, Slither/Mythril CI)
- DCLM market maker liquidation backstop (24h execution on >1% depeg)
- Ceffu funding rate arb paused 12+ months

New findings:
- mintAndRebase() allows unbacked USN minting (no supply cap, no cooldown,
  no daily limit, rebaseLimit adjustable to uint256.max, not behind timelock)
- 2 EOAs still hold REBASE_MANAGER_ROLE on sUSN vault
- Alpaca/Dinari tokenization NOT verified on-chain
- Morpho market at 100% utilization (was 89.6%)
- Anonymous signers: no fix planned (commitment after >$100M TVL)

Score changes:
- Audits: 3.5 → 3.0 (public code, 17mo production)
- Centralization: 4.0 → 3.5 (timelock on proxy upgrades)
- Operational: 3.5 → 3.0 (public repos, CI)
- Final: 3.6 → 3.4 (Elevated → Medium Risk)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Risk Assessment: sUSN

1 participant

@spalen0