This research was spearheaded by @evmknows.
Useful links
Relation to Curve
A gauge proposal was submitted in February 2023 for the agEUR/EUROe pool on Ethereum. The pool seeks to combine fiat on/off-ramp capability (EUROe) with a permissionless euro token which has a number of DeFi integrations and arbitrage routes (agEUR). The proposal has not yet gone to a vote.
Abstract
For readers interested in the regulatory details of e-money, Llama Risk has previously released an asset risk assessment of Monerium EURe and its compliance with e-money regulations.
TLDR of our findings:
EUROe is a custodial stablecoin issued by Membrane Finance under the e-money regime.
Membrane Finance is an authorized electronic money institution in Finland.
Membrane Finance is prepared for upcoming Markets in Crypto Assets Regulation (MiCA) requirements.
Reserves for EUROe are held at Bank Frick Liechtenstein and Osuuspankki Finland.
EUROe's smart contracts have undergone two audits by PeckShield and Runtime Verification.
The operational security measures for EUROe are on par with industry standards.
EUROe / Membrane Finance
EUROe is a MiCA-compliant, custodial stablecoin issued by Membrane Finance, a subsidiary of the blockchain development organization Equilibrium Group. It officially launched to Ethereum mainnet on February 1st, 2023, and has since been deployed to Polygon, Arbitrum, Avalanche, and a handful of testnets. As of writing, about 1.64m EUROe is issued across four chains: ETH Mainnet (982,777 EUROe), Arbitrum (96,873 EUROe), Polygon (560,235 EUROe), and Avalanche (25 EUROe).
EUROe is issued under the e-money regime, a standard regulatory framework recognized in the EU. It is regulated by the Finnish Financial Supervisory Authority (FIN-FSA) where the status of Membrane Finance Oy can be verified. Furthermore, EUROe is fully MiCA-compliant in preparation for the new regulations coming into effect by the summer of 2024.
Membrane Finance is currently only onboarding institutions to directly mint and burn EUROe, although anyone can permissionlessly acquire and use EUROe from secondary markets. These channels include DeFi, brokers, OTC, or centralized exchanges. This decision was made to reduce the cost and security risk of storing large amounts of customer KYC data and reduce the cost of processing mint/redemption requests.
Issuance Overview
Membrane is the sole issuer of EUROe. A "Client" of Membrane is an institution that has an account with Membrane and has undergone a due-diligence process including Know-Your-Business (KYB), Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Know-Your-Customer (KYC) reviews where applicable. An "end-user" is defined as anyone who uses EUROe without having an account with the issuer. The flowchart below shows the mint/burn process applicable to whitelisted Clients of Membrane:
The mint and burn mechanism works similarly to those of other centralized stablecoins, with the distinction that the corporate clients may utilize a personal IBAN.
Mint/burn operations are handled by the EUROe MINTER_ROLE and BURNER_ROLE, and can be monitored through the assigned address on each respective chain (Ethereum, Polygon, Arbitrum, and Avalanche). The following chart shows the mint/burn events across all chains over time:
Several Ethereum-based burn events coincide with a mint of equivalent value, which is likely a bridge operation facilitated by Membrane (60,000 EUROe to Polygon on March 20th, 60,000 EUROe to Arbitrum on April 14th, and 10,848 EUROe to Arbitrum on April 25th). According to the Pricing page, bridge operations (in addition to mint/burn operations) are a free service offered by Membrane.
A small number of addresses have been responsible for the majority of EUROe minting to date. ~95% of circulating EUROe has been minted to 3 addresses. The following chart color-codes addresses by chain (Gray = Ethereum, Purple = Polygon, Blue = Arbitrum).
Reserves Management
In compliance with the European e-money regulations, the reserves backing e-money must be carefully managed by an Electronic Money Institution (EMI). Key requirements include maintaining a minimum capital of €350,000 or a 2% buffer based on average outstanding e-money (whichever is greater), segregating the EMI's own funds from the reserves, and safeguarding the reserves by investing in secure, low-risk assets.
The reserves can be held in a segregated bank account or invested into secure, low-risk assets such as debt securities issued or guaranteed by central governments, central banks, international organizations, multilateral development banks, or regional or local authorities within the Member States. In addition, investment in debt securities issued by AAA to A-rated financial institutions or corporates is also permissible. Furthermore, they can be covered by an insurance policy or some other comparable guarantee, providing an additional layer of security.
As an alternative, the EMI can invest in Undertakings for Collective Investment in Transferable Securities (UCITS) funds that solely invest in the assets specified above. These funds, managed by entities like BlackRock, offer a means of "outsourcing" the operations of reserve management. For a more detailed overview of the reserve requirements imposed on e-money issuers, please refer to the e-money section of our Monerium EURe review.
Membrane provides monthly attestations of its reserve backing on its website and also commits to being reviewed by a third party on a quarterly basis. As per their docs, they claim to be planning to implement "the publication of on-chain proof of reserves data as soon as feasible". As per the latest reserve attestation the reserves are held in cash at two different banks domiciled in the European Economic Area, Bank Frick (Liechtenstein) and Osuuspankki (Finland).
Regulatory & Legal
Membrane Finance is an authorized electronic money institution, granted authorization to issue electronic money according to Finnish legislation implementing Directive 2009/110/EC. Membrane Finance Oy provides its services online but its registered office is at Meritullinkatu 1, 00170 Helsinki, Finland (trade register No. 3236886-2). The company is supervised by the Finnish Financial Supervisory Authority (FIN-FSA).
As per the Legal Framework on Safety of Customer Funds document provided by Membrane, customers are legally protected under Finnish law in the following ways:
EUROe reserves are legally considered customer funds - Section 26 of the Payment Institution Act of Finland (297/2010).
Customer funds cannot be commingled and must be safeguarded under applicable legislation - Section 26 of the Payment Institution Act of Finland (297/2010).
In case of Membrane bankruptcy, customer funds are protected - Chapter 5, Section 6 of the Bankruptcy Act of Finland (120/2004) and Chapter 4, Section 9 of the Enforcement Code of Finland (705/2007).
In case of Membrane's custodial bank bankruptcy, customer funds are protected - Chapter 5, Section 6 of the Bankruptcy Act of Finland (120/2004) and Chapter 4, Section 9 of the Enforcement Code of Finland (705/2007).
Investments into low-risk and liquid securities shall be considered property of customers in case of bankruptcy - General rule associated with previously mentioned regulations.
Each Membrane customer is entitled to a maximum of EUR 100,000 deposit guarantee per custodial bank - Governed by the EU Deposit Guarantee Scheme Directive.
Notably, the only time customer funds would not be protected under the aforementioned regulations is during the bankruptcy of Membrane or its custodial bank(s) when either has committed a crime or acted in gross negligence in safeguarding customer funds, or if regulators in the relevant jurisdictions were to suddenly and unpredictably alter the legislation and established practices.
Additional regulatory requirements (Markets in Crypto Assets Regulation - MiCA) are currently in the works which would impose further obligations on fiat-referenced tokens (e-money tokens). According to MiCA, such tokens should not only adhere to the EMD but also adhere to requirements such as diligent marketing, disclosure of risks, prohibition of interest, and more. Currently, MiCA is not yet in force, however, it is expected to come into effect in mid-2024 when it will be implemented by the member states of the EU. In this regard, Membrane is prepared to be compliant with future regulations by issuing their euro stablecoin under the EMD.
Like other custodial stablecoins, Membrane Finance must comply with laws and regulations, and hence, reserves the right to block individual EOAs or contracts. As per their Access Denial Policy, Membrane will not deny access to Accounts except for when:
Receiving a request to do so from a competent government body, authority, or supervisory agency;
Receiving a request to do so from the owner & controller of an address, given sufficient proof; or
Membrane deems denying access necessary to comply with a law, regulation, or legal order from a recognized Finnish or EU authority.
Security & Control Mechanisms
Membrane employs an array of control mechanisms to maintain its operations, enforce security, and respond to emergencies. These mechanisms are dictated by a series of defined roles, each granted different access levels to the EUROe stablecoin smart contracts. Key roles include the PROXYOWNER_ROLE, responsible for contract upgrades; the BLOCKLISTER_ROLE, which can assign and remove the BLOCKED_ROLE to any address (effectively a blacklist); and the MINTER_ROLE, the sole role with minting privileges. Emergency roles such as PAUSER_ROLE and UNPAUSER_ROLE exist for critical situations, and a DEFAULT_ADMIN_ROLE oversees all other roles.
Role holder addresses of the respective role for each chain can be found here.
EUROe's smart contracts are managed in-house with security protocols to restrict unauthorized access to critical roles. As part of those security measures, Membrane utilizes Multi-Party Computation (MPC) technology enabled by Fireblocks. As a result, the privileged roles appear on-chain as EOA accounts.
The contracts are designed to be upgradeable for potential enhancements and modifications. While there are no timelocks at the smart contract level for quick adaptability, EUROe may use timelocks within its internal operations for added security (we are unable to verify this).
Emergency procedures are outlined, with BLOCKED_ROLE assignment being the most common response to emergencies or black swan events. The extreme measure of pausing the EUROe stablecoin is reserved for imminent threats. Governance of EUROe is held entirely by Membrane Finance, with no on-chain governance or voting mechanisms present at this stage.
External Dependencies
For operational efficiency, Membrane utilizes MPC for contract interactions. Since this service is provided by an external party with the MP computations being done off-chain there is no way to publicly verify and evaluate the robustness of this system. However, it is widely known that Fireblocks belongs to the set of the biggest infrastructure providers in the crypto industry. Fireblocks implement multiple layers of security, with regular penetration testing conducted by third-party firms, ComSec and NCC Group, to identify and eliminate vulnerabilities. In addition, Fireblocks has received SOC 2 Type II Certification from Ernst & Young.
Smart Contract Audits
The EUROe Stablecoin smart contracts have been audited twice. The first audit, conducted by PeckShield in July 2022, identified one medium and one informational finding, both of which were addressed. The contracts were then updated and renamed from "eEURO Token" to "EUROe Stablecoin." The second audit, by Runtime Verification in December 2022, resulted in one high severity and four informational findings, all of which were addressed as well.
The full audit reports can be found on PeckShield's GitHub and Runtime Verification's GitHub. A detailed rundown of commits and addressed findings can be found here.
Conclusion
In conclusion, Membrane Finance operates under a robust regulatory framework, adhering to Finnish legislation, and is prepared for the impending MiCA requirements. The company demonstrates transparency in its reserve management, with reserves held in two established banks within the EEA. The operational security measures are also on par with those of current incumbents.
The fact that EUROe is currently not available for retail clients does not pose much of an issue when it comes to assessing the risk of pool squatting. As long as EUROe is paired with another freely available asset with sufficient liquidity and balance, squatting is virtually impossible. Furthermore, it can be assumed that the presence of multiple (Membrane onboarded) market makers, or competition to be more precise, will naturally prevent this.
From a more general point of view, we believe that incentivizing EUROe pools could be a good step to enrich and diversify Euro liquidity across DeFi.
