Flash Depth Data

Search Extension

An in-depth explanation of the RWA DeFi protocol Tangible.

2023-05-14 10:11

Read this article in 64 Minutes

Tangible introduces a novel use case for RWA and an innovative stablecoin with intrinsic rewards and rebalancing mechanism.

Original Title: "Risk Assessment: Tangible (USDR)"

Original Author: LLAMARISK

Translated by: Kxp, BlockBeats

Summary

This report will investigate the risks associated with the USDR stablecoin issued by Tangible. The team submitted a proposal in March 2023 to add CRV incentives to the USDR/am3CRV pool on Polygon. The proposal was successfully passed by DAO vote on March 30, 2023.

· Tangible is building an entry and trading platform for real world assets (RWA). Physical assets such as gold bars, watches, or real estate (RE) are tokenized (i.e. minted) to become tangible NFTs (TNFTs).

· This agreement provides a market for the issuance and trading of TNFTs. The legal entity behind this project (Tangible Labs) facilitates the real-world purchase and custody of these commodities. It collaborates with multiple service providers (suppliers, custodians) in different jurisdictions. However, most of its business is concentrated in the United Kingdom.

· In the context of real estate, Tangible creates SPVs to acquire and manage properties. These are legal entities specifically established for this purpose. They have listed over 14 properties in the UK.

· The Token TNGBL of this agreement is used to incentivize the use of Tangible's products and provide income shares for those who lock the Token. In return, the stakers will receive so-called 3.3+ NFTs representing their position. TNGBL is currently not a governance Token (but may become one).

· Tangible has also issued a stablecoin called Real USD (USDR). It is anchored to the US dollar and is over-collateralized with RE TNFTs, DAI, and TNGBL (its native token). USDR has intrinsic yield generated by RE TNFTs, which is transferred to its holders through daily adjustments. Currently, the yield is about 8%, with an additional 10% subsidized through TNGBL airdrops.

· Stablecoins are native to Polygon and currently have 176 holders. USDR is not a trustless or decentralized stablecoin. It relies on its own RWA gateway service and team management.

· Due to its support by RWA collateral, USDR relies on centralized processes (RE entrance) and real-world custody. It also applies elements of a hybrid algorithmic stablecoin (automatic collateral management and TNGBL as collateral).

· There are some benefits and risks to using RE as collateral. Although its attractive yield and price stability are very appealing, its valuation and liquidation may become problematic. The current setup may also lead to conflicts of interest, as Tangible is the sole issuer of the collateral that supports its stablecoin.

This project is ambitious, covering multiple aspects of DeFi and RWA tokenization to create a novel solution. However, on a technical level, it seems quite complex, introducing many centralized components and potential single points of failure. The protocol and its stability strategy have not yet been "battle-tested" and rely entirely on the founding team. Custody and management are still centralized on-chain and off-chain, with most of the collateral being illiquid (RWA) or endogenous (TNGBL), and the regulatory status of the product is unclear. Therefore, Tangible poses a particularly high risk to users.

Introduction

Tangible is a tokenized asset marketplace, stablecoin issuer, and import/export service for real-world assets (RWAs). Tangible's marketplace enables the initial purchase and secondary trading of tokenized physical assets such as wine, real estate, watches, or gold bars. When purchasing goods on Tangible, buyers receive the product in the form of TNFT, or tangible NFT, which is minted as a token at the time of purchase. These TNFTs represent ownership of the physical asset.

The physical items can be obtained through one of Tangible's partner suppliers and stored in their storage facilities. Each product type requires separate storage facilities. TNFT owners are responsible for paying storage fees. For example, the storage fee for gold bars is 1% per year.

During redemption, Tangible collaborates with logistics companies to ensure the safe transportation of physical items. The transportation costs must be paid by the person redeeming TNFT and will be calculated based on the actual situation.

In short, Tangible allows for the conversion of real-world assets into TNFT, which can be used for redemption of physical items. Their documentation provides an overview of the process to explain how it works (see the image below).

1. Users purchase goods on Tangible's marketplace. Smart contracts handle the prices of the goods and related storage fees.

2. TNFT is minted and sent to the user's wallet.

3. Meanwhile, Tangible has completed the purchase of physical goods through its partner suppliers.

4. The purchased goods are stored in Tangible's insurance warehouse after delivery.

In addition to forging new TNFTs through the primary store, Tangible has also established a secondary market to facilitate the trading of existing TNFTs. In this case, buyers send USDR in exchange for TNFTs to be transferred to their wallets. Tangible charges a 2.5% market fee for each transaction, of which 33.3% is used to purchase and destroy TNGBL, and the remaining 66.6% is distributed to TNGBL holders (3.3 + NFT holders).

However, for sellers who need immediate liquidity, secondary market sales may become an issue. The current system requires users to wait for buyers willing to pay the price for the goods. The team is researching a solution to achieve faster settlement (not yet online).

Product Category

There are four tokenized product categories on the platform, including gold, wine, watches, and real estate. For each category, Tangible collaborates with the following international suppliers:

For the trading and storage of gold bars, Tangible uses the services of PX Precinox in Switzerland. For wine, they collaborate with Bordeaux Index based in London, and for watches, they partner with BQ Watches based in the UK.

In the real estate industry, Tangible has created native special purpose entities (SPVs). These are legal entities established for each property. SPVs manage properties by finding tenants, collecting rent, or managing maintenance. All properties are leased, and rental income is paid to TNFT holders in the form of USDC.

Each property located in the UK has its own UK SPV. This is because real estate cannot be directly tokenized. However, legal entities can be. TNFT holders of real estate have beneficial ownership of the SPV, which gives them beneficial ownership of the property. However, the legal ownership of both is still held by the tangible legal entity (i.e. BTS TNFT Limited registered in the UK. Tangible has also registered a similarly named entity in the British Virgin Islands).

Fragmented TNFT

Tangible Fractions is a fragment of a complete TNFT. This allows large projects (such as real estate) to be divided into more affordable parts. This way, multiple owners can share the risks and rewards of the investment. To create fragmented TNFTs, the complete TNFT is locked in a smart contract insurance vault and then split into several fragmented TNFTs. Only by collecting all individual fragments can the original TNFT be redeemed.

TNGBL Token

Tangible's Token TNGBL has three main functions: as a reward token (incentivizing the use of the market and subsidizing USDR earnings), with a dividend mechanism (incentivizing the locking of TNGBL), and finally, it serves as support for USDR (i.e. it can be used to mint USDR). So far, it has no governance rights.

The maximum supply of TNGBL is limited to 33M. The initial allocation plan promises to allocate the majority to DAO and the community (70.8%). The remaining portion is mainly reserved for the team, investors, advisors, and Tangible Labs. Another 1.25% will be sold through PeakDeFi's IDO in April 2022. However, there is no distribution schedule or any information on how "DAO shares" will enter circulation.

Although the official upper limit is 33M, theoretically more TNGBL can be minted. An evaluation of the Token contract by GoPlusLabs indicates:

· Change Balance - The contract owner has the right to modify the token balance of other addresses, which may result in asset loss.

· Casting Functionality - Contracts may include additional issuance functionality, which can generate more tokens.

· Unknown Owner Identity - Token uses role-based access control, and tracking the transfer of various roles may be difficult.

As mentioned above, TNGBL holders can obtain a portion of the platform's revenue by locking their tokens. The longer the lock-up period, the higher the reward multiplier. The multiplier reward allows stakers to receive additional TNGBL. When locking TNGBL, users will receive a so-called 3.3+ NFT, representing the locked position, with the longest lock-up period being four years. However, unlike other mature veTokenomic designs, Tangible's 3.3+ NFT does not grant lock-up holders any governance rights or influence on the reward schedule.

Tangible has also established a 3.3+ NFT market, allowing users to exit early without unlocking TNGBL. 33.3% of the market fee is used for TNGBL buyback and burn. The remaining 66.6% can be claimed by 3.3+ NFT holders. Rewards are paid in USDR and depend on the amount of locked TNGBL and the multiplier. 3.3+ NFTs are also awarded as incentives to early platform users. For example, by purchasing gold bars and minting golden TNFTs, users could receive a 3.3+ NFT as a reward. This incentive is no longer in effect.

When this article was written, 99% of TNGBL's supply was held by the top five addresses on Polygon. The largest holder is the PassiveIncomeNFT contract, which holds 81.7% of all TNGBL. This means that the vast majority of circulating supply is locked in 3.3+ NFTs. Currently, there are 7,401 addresses holding these 3.3+ Passive Income (PI) NFTs. The largest of these is Tangible:Deployer EOA, which holds 10%. This is because this address minted and distributed NFTs to IDO participants.

Real USD（USDR）

USDR is a stablecoin that is native to redirect, generates revenue, and is over-collateralized, pegged to the US dollar. It is issued on Polygon and currently has 186 holders. The stablecoin issued by Tangible is supported by a combination of ERC-20 Token, LP Token, and tokenized real estate TNFT. Using tokenized real estate TNFT as collateral enables two novel features.

1. Internal Yield - According to Tangible, their real estate has an annual rental yield of 8% to 10%. This yield is paid to USDR holders in the form of daily rebalancing (i.e. the amount of USDR in the wallet will automatically increase). To increase the yield for early users, Tangible currently sponsors USDR with daily airdrops of TNGBL, increasing the yield by approximately 10%.

2. Explore new asset classes - Stablecoins are typically backed by highly volatile crypto assets or other stablecoins. Real estate, on the other hand, has a relatively low volatility and a long-term track record of sustained appreciation. In other words, the collateral value supporting USDR should steadily increase over time.

These TNFTs have the disadvantage of relative illiquidity associated with the real estate market. Unlike currency or securities, real estate cannot be sold within minutes. In addition, real estate may still depreciate. Therefore, a good liquidation mechanism is needed, and preventive measures should be taken to maintain the excess mortgage of USDR. Tangible has some methods to maintain a collateral ratio (CR) of over 100%:

· If the CR of USDR falls below 100%, half of the rental income will be reserved in the USDR collateral pool. Therefore, daily rebalancing will reduce by 50%. In other words, USDR holders will earn less interest until the CR returns to 100%.

· The USDR-supported vault always holds a diversified portfolio of liquid assets for quick settlement (such as DAI, all protocol liquidity, and TNGBL).

· If all DAI and other reserve funds are depleted, the real estate TNFT will be liquidated. In this case, users will receive pDAI instead of real DAI. pDAI is an IOU Token that represents a claim to real DAI, which can be redeemed once the liquidation is executed.

· The benefit of RE returns is that they are not highly correlated with asset price volatility. Even if property values decline, rental income will not change in the short to medium term.

Cast USDR

USDR can be minted using TNGBL or DAI at a 1:1 ratio. To access the minting function, users can visit Tangible's website. The USDR contract is deployed on Polygon and based on Open Zeppelin smart contract.

When casting USDR, DAI or TNGBL is sent to the USDRTreasury reserve as collateral to support USDR. However, the amount of USDR that can be cast using TNGBL is limited. According to the documentation, this cannot exceed 10% of the total amount of USDR cast, minus the amount of USDR redeemed. This reduces the risk associated with TNGBL volatility and prevents potential death spiral events.

Tangible also plans to mint USDR from system profits. This occurs when the assets in the USDR insurance fund exceed a 100% collateralization ratio. In this case, the system uses profits to mint new USDR and purchase more real estate TNFT. For example, if the price of TNGBL rises, new USDR will be minted to purchase TNFT and take collateral away from TNGBL and into income-generating real estate.

The team also expressed its intention to fully automate this process in the future. Although this process demonstrates a willingness to maximize capital efficiency, the team has left a collateral buffer to reduce risk (details to be discussed later).

Redeem USDR

USDR can be exchanged 1:1 for DAI at any time. Using the redemption function will incur a fee of 0.25%. According to Tangible, this fee is configurable and will be slightly higher than Curve's fee, so exchanging is encouraged rather than redeeming.

If all the DAI in the insurance vault are redeemed, users who wish to redeem USDR will receive pDAI (promised DAI) - a synthetic IOU token representing a claim to real DAI. Then, the insurance vault will begin the liquidation process of its TNFT. Users will be able to exchange pDAI 1:1 for DAI once the real estate TNFT is sold for more DAI.

After all real estate is liquidated, users can ultimately redeem TNGBL. As a precautionary measure for 100% redemption demand, there is an insurance fund consisting of diversified insurance vaults, ensuring that 1 USDR can always be exchanged for 1 dollar worth of DAI.

Tangible also plans to utilize the liquidity owned by the protocol (POL). The protocol currently holds the majority of shares in the Curve metapool (USDR-am3CRV). Therefore, setting a redemption fee higher than the Curve exchange fee makes sense, as it can incentivize users to exchange USDR using the Curve metapool instead of emptying the insurance pool.

Generally speaking, the redemption amount of USDR is limited by the amount of DAI in its treasury (as well as indirectly by the amount of other stablecoins in the Curve pool). However, this only applies to immediate redemption. Users who are willing to wait can rely on the TNFT liquidation mechanism to obtain pDAI instead of DAI.

USDR Collateral Structure

As mentioned above, USDR is supported by different types of collateral. Currently, there are five categories, each with a flexible share structure.

According to their documentation, the collateral structure is shown in the following figure:

The actual mortgage structure currently differs greatly from the above goals.

The following figure shows the current mortgage structure. The real estate share is only 43.24%, which needs more growth to reach 50-80%. On the other hand, TNGBL's share exceeds 15%, which is a difference of 5% from the proposed allocation. According to the team, this is due to TNGBL's recent price appreciation.

[Note: The share reported in the figure corresponds to the outstanding USDR (21.1 million US dollars). Compared to the overall collateral price (24.1 million US dollars), real estate accounts for only 37.8%.]

The supported system can be verified at the following address:

· USDRTreasury - includes DAI, TNGBL, RE NFT and USDR. USDR is minted based on revenue and temporarily stored until new real estate is listed on the market. It is then converted into real estate.

· LiquidityManager - Contains Convex shares of cvxUSDR3CRV-f and USDR/am3CRV Curve LPs.

· Insurance Fund-Polygon——Insurance fund on Polygon

· Insurance Fund-Optimism——Optimism on Insurance Fund

· Insurance Fund-Ethereum——Insurance fund on Ethereum

Most insurance funds are reserved on Polygon. Assets include USDC20/TNGBL80 balancer LP, locked USDC/TETU LP, locked CVX, USDC, locked VELO and OP. Although insurance funds are designed to protect users from the impact of TNGBL death spiral (i.e. ensuring users are fully compensated in the event of 100% redemption demand), almost half of the insurance fund value comes from TNGBL. About $420,000 worth of assets are locked, with only about $27,000 being liquid and external (not exposed to TNGBL).

It is worth noting that the proportion of liquidity owned by the protocol is quite large. Owning liquidity in the protocol benefits increasing liquidity, creating revenue streams for the treasury, and providing another way to exchange USDR (besides redemption). However, it is recommended to distinguish the liquidity owned by the protocol from the collateral minted by users (such as DAI or TNFT). USDR minted through automatic POL strategies is more similar to available reserves than circulating supply. Reserves rely on LPs in the Curve pool to provide funding for the counterparty assets, and excessive reliance on POL strategies indicates lower organic demand for the core product. Tangible currently owns about 42% of the Curve pool, indicating relatively low organic demand for liquidity provision (although the new Curve gauge is likely to attract more external LPs).

Tokenization of real estate as collateral

Real estate is the main type of collateral for USDR. As mentioned earlier, there are several advantages to using real estate. It has inherent income, low price volatility, income is not affected by price, and has a strong appreciation history.

Tangible plans to use real estate as the primary collateral, with 80% of USDR backed by real estate. This raises some key questions:

· How to define the true value (market value) of real estate?

· What methods are used to evaluate real estate?

· Considering the risks associated with using real estate as the primary collateral, is 100% CR the optimal parameter for USDR?

· Should USDR have a built-in risk management and clearing system?

· How reliable is the inflow and liquidation process of real estate?

· What is the impact of regulatory conditions on tokenized real estate?

This article cannot answer all of these questions. However, there are some drawbacks to using real estate as collateral. Firstly, it makes the calculation of the collateral value more complex. Determining the true value of these properties is not an easy task. Some websites offer services to estimate market prices. For example, zoopla.co.uk is one of them. Tangible suggests using hometrack.com to find house prices. However, these are only estimates as the true price can only be determined after the real estate is sold.

The second obstacle is to verify whether TNFT represents the commitment of SPV and whether SPV owns the property. It is not important to mint TNFT without actually purchasing the property. Therefore, Tangible provides an opportunity to access all official documents of each property (example property).

Tangible has implemented a fingerprint oracle solution to price its RWAs TNFT. The fingerprint oracle uses a unique ID assigned to each product (product_id = a string representing a unique item). This way, Tangible can map each item to the market price provided by its supplier. Before casting TNFT, fingerprints are assigned to products and Token IDs are mapped to fingerprints after casting. This solution was chosen because it is suitable for the limited block size of the Polygon sidechain.

The team claims to be working with Chainlink and third-party auditors to integrate reserve proof (independent verification of property ownership and appropriate documents supporting NFTs) and price feeds from hometrack.com (later expanded to aggregate pricing data providers). The team believes that this integration will be completed in mid-May.

Currently, Tangible is trusted to conduct collateral valuation. Although Tangible has expressed its intention to involve independent third parties and reduce central dependence on the team, this remains to be seen.

Ownership and Purchase Proof - Example

Tangible provides a list of 14 properties that support USDR. Let's take a look at an example of an apartment located in Gillingham (see image below). This is one of the properties that supports USDR. All relevant documents can be accessed through Dropbox file sharing.

According to the list on the website and on-chain records, the corresponding TNFT belongs to the USDR Treasury. The project is listed on Polygon and can be identified by its ID number (340282366920938463463374607431768211474).

However, this is only part of the on-chain proof that the USDR Treasury owns the corresponding TNFT. Tangible also provided eight documents for the purchase proof, including an appraisal report that proves the market price of the apartment is 470,000 pounds (approximately 580,000 US dollars). In addition, there is a sales agreement that provides the agreed sales price, a completion statement confirming the purchase of the property for 413,000 pounds (including stamp duty and other fees), a Property Management Agreement (PMA), and an insurance policy.

In addition, file sharing includes a company registration certificate for an SPV named TNFT PROP 12 LTD. This can also be confirmed by checking the official company registration office in the UK. A transfer document confirms that the Chatham Waters property in Gillingham has been transferred to the corresponding LTD (SPV).

Obviously, according to the legal documents provided for each property listed on Tangible's RE section of the platform, Tangible's subsidiary SPV established in the UK has executed the purchase and sale agreement. Consistent with Tangible's business model and LO statement, each SPV is expected to obtain and hold the legal and actual ownership of the property.

Assuming all files are correct, this will complete the proof of ownership. According to Tangible's documentation, legal ownership still belongs to the Token issuer Tangible. However, actual ownership belongs to the Token holders. This setup is similar to Circle's USDC.

In short, the process of verifying real estate prices and ownership is quite cumbersome and not scalable. Users of Tangible or USDR must trust the project or go through the verification process for each TNFT that supports USDR. This process needs improvement and a better way to increase transparency. Tangible mentioned working with Chainlink to directly provide market prices for its real estate from independent sources. However, this has not yet been implemented and has raised other issues (which will be discussed in more detail in the next section).

Risk Vector

Smart Contract Risk

This protocol has deployed over 60 unique smart contracts (List1 and List2) with cross-chain implementation and many important offline components. Smart contracts related to USDR have passed three stages of CyberScope audit:

1. Preliminary Audit (November 24, 2022)

2. Correction Phase 1 (December 15, 2022)

3. Correction Phase 2 (January 17, 2023)

[Note: The audit report of CyberScope incorrectly labeled the release date as January 2022 instead of 2023. The team has been notified and acknowledged the mistake.]

The audit did not identify any significant vulnerabilities or high-risk issues. A total of 19 issues were identified (2 moderate, 17 minor, and 0 critical). However, it did make several recommendations for improving the code or architecture. Here are some examples:

1. Administrator Configuration - Many contracts rely on the configuration of the administrator, such as for fund allocation (such as bond plans, subsidiaries, and incentive functions) and direct state operations. In other words, the protocol relies on the interaction between people and their contracts. Tangible: The Deployer EOA can set privileged roles within the system, thereby having the ability to affect user funds.

2. Decimal Architecture - There is no decimal specification mechanism in contracts. This leads to excessive decimal specifications in contracts, creating unnecessary dependencies between contracts, and hard-coding values that may change. An example of this in an audit is shown below:

3. Contract Role Architecture - Each contract contains its own access layer. Contracts use several roles, such as BURNER, MINTER, CONTROLLER, TRACKER, ROUTER_POLICY, etc. The DEFAULT_ADMIN_ROLE controls some of the most critical functions and has been granted to Tangible DAO's 4-of-5 multisig.

Auditors pointed out that there may be conflicts between the administrator role and the general architecture (address, contract). They suggest using a multi-signature wallet as an additional layer of security.

On the basis of the previous point, people are generally concerned about access control issues. Our research found that almost every contract has some form of administrator access, so these contracts are not immutable. Although most contracts use multi-signature, the existence of a large number of contracts also opens up potential attack vectors. Especially the deployment account (Deployer EOA) of Tangible has enormous power in the system. It is DEFAULT_ADMIN_ROLE and can set roles for any address. Although the team often transfers administrative control to 4-of-5 multi-signature, it must be noted that the new administrator must revoke the Deployer's administrator role in each deployed contract. This manual process increases the risk of human error, which may affect the security of user funds.

In short, no serious issues were found during the audit. However, despite the lack of issues found, the current setup still needs to be approached with caution. Tangible's 60+ contracts are not immutable, and many of them rely on manual interaction (admin roles). These roles are difficult to track and have not been implemented in a uniform manner. The number of contracts and the current setup add additional complexity, essentially opening unnecessary risk vectors and making human error more likely. Additionally, these contracts are susceptible to compromised access. These issues are exacerbated by the project's lack of decentralized components (such as a governance module) and a bug bounty program.

On-chain custody risk

As mentioned above, the Tangible platform and USDR smart contract involve a role-based access control system, owned by a few multi-signature wallets (granted by Deployer EOA). Therefore, the hosting risk lies in the hands of Tangible: Deployer and these signers. They essentially control the entire project, making it a fully centralized project.

From the most relevant wallet signers, all wallets contain the same three EOA. Below is a summary of all signers:

· Tangible Labs multi-signature (2-of-3). This wallet controls the USDR collateral vault and the minting of all TNFTs (including real estate):

- Signer 1 (460 days - high activity; ENS tag -> tangiblelabs.eth)

- Signer 2 (558 days - Medium activity)

- Signer 3 (428 days - low activity)

Tangible DAO multi-signature (4-of-5) wallet has management authority in most system contracts:

- Signer 1 (460 days - high activity; ENS tag -> tangiblelabs.eth)

- Signer 2 (558 days - Medium activity)

- Signer 3 (428 days - Low activity)

- Signer 4 (306 days - inactive)

- Signer 5 (306 days - inactive)

USDR Vault Manager Multi-Signature (2-of-5). The wallet manages assets in USDRTreasury:

- The same five signers (Tangible DAO Msg) as the aforementioned wallet.

The first three signers are the same in all three wallets. The other two signers who completed the 4-of-5 and 2-of-5 multisignatures are inactive, indicating that all multisignatures may be controlled by the three addresses.

Another example is the Market Fee Distributor. This contract is used to allocate 66.6% of the fees and exchange the remaining 33.3% on Uniswap to purchase and burn TNGBL. The contract is controlled by a single EOA. The same is true for 3.3+ NFTs: Tangible: Deployer controls 78% of them. Additionally, the Bribe Manager is the same EOA on all chains.

In other words, all assets hosted by Tangible's smart contract are highly trusted. The control of a significant amount of funds in the system should be an automated/callable public function. The collateral in the USDR treasury can also be accessed by Tangible Labs' multi-signature wallet, as can almost all smart contracts. Our conclusion is that the current custody setup carries a high level of risk, trust, and potential for error.

Chain Off (RWA) Custodial Risk

As previously mentioned, using real estate as collateral for stablecoins has some advantages, but there are also risks involved. The main risks are as follows:

· Off-chain custody - Using real estate as collateral requires trust in the custody of legal ownership within the SPV. The SPV and blockchain equivalent are controlled by Tangible Custody LTD.

· Legitimacy and Regulatory Compliance - Due to the lack of regulatory guidance, it is currently unclear whether the current setup meets regulatory requirements. This can apply to most crypto projects, but it is particularly important in this case as it has real-world implications, including for tenants and local communities.

· Conflict of Interest - The issuance of USDR stablecoin by the same company that controls the import and export of RWA supporting the stablecoin may lead to a conflict of interest. It also adds a single point of failure and raises scalability issues.

· Real Estate Appraisal - Evaluating the mortgage value of RE is a complex process. Support provided by websites such as Hometrack or Zoopla is a good starting point, but these are only estimates. They cannot predict the liquidation value. In addition, Hometrack requires payment to use, limiting accessibility (the cost per valuation is 20 pounds). On the other hand, Zoopla can be used for free.

Oracle Risk

When you see an example, the risks related to the previous two points become apparent. Using the same property as in the previous section, Zoopla estimates the price to be between 370k-390k pounds (457k-482k US dollars). This is an estimate for a property similar to the Gillingham apartment mentioned above. In contrast, Tangible values the Gillingham property at 529k US dollars. A difference of 9-15%. This allows for the issuance of more USDR that is not fully supported in stress tests. According to the team, their valuation also includes other funds held in the RE reserve (such as 5% maintenance costs, 2% vacancy costs, 2% management costs, etc.). Nevertheless, this example highlights the conflict of interest that arises when the same protocol issues stablecoins and supports its collateral. Naturally, Tangible has an incentive to overestimate.

Additionally, there is a TNGBL price feedback mechanism that limits the amount of USDR that can be minted from TNGBL. The USDRExchanger contract enforces the USD value of TNGBL that can be deposited by querying the TNGBLPriceOracle. The TNGBL price oracle is updated through multi-signature transactions and uses the TNGBL/DAI pool on UniV3 as a secondary price feedback, only accepted when it is below the team's primary value. This prevents market manipulation by setting an upper limit on the settlement price of TNGBL, but further highlights the system's dependence on active management by the Tangible team.

In short, Tangible uses a custom Oracle solution that allows them to understand the prices of the commodities they trade. The Curve Gauge Proposal also provides some details: "We currently have our own real estate oracle, but we are working with Chainlink to integrate and reflect real property valuations from third-party Hometrack.com on the real-time chain, so that the inventory value and mortgage ratio are up-to-date, which also allows us to profit and mint in a timely manner."

The collaboration with Chainlink and independent auditors will be a significant improvement. This will eliminate concerns about tangible conflicts of interest. However, relying solely on Hometrack as the sole price authority will shift reliability issues to another single entity. While this is certainly an improvement, it cannot guarantee reliable settlement prices for oracle references.

Regulatory Risk

The real estate NFT may be classified as a security token and may require registration with the Financial Conduct Authority (FCA) in the UK. In the absence of clear regulatory guidance, an official legal opinion (LO) regarding this business model will serve as proof of compliance for tokenization. We have requested access to the LO statement from the team, and they have shared this document with us. The document was audited by Llama Risk legal advisors, and after following their guidelines and being confirmed by Tangible, we have been assured that its operation is exempt from FCA registration.

As the regulatory clarity for projects offering real estate NFT and other asset-backed securities remains a challenge, it is crucial to ensure access to high-quality legal guidance. The Tangible team currently seeks legal advice on a weekly basis and has announced plans to establish an internal legal and compliance team starting in June.

Users should note that, according to the Tangible Terms of Service, TNFT Limited excludes liability for damages and limits the amount of contracts, infringement, misrepresentation, or return to £1,000.

Llama Risk's legal advisor believes that as a bridge between RWA and on-chain transactions, Tangible, which digitizes and sells real estate to retail investors, should ensure a sufficient level of customer protection as an honest and trustworthy merchant. The terms of service here provide the minimum level of protection.

Decoupling Risk

Since its inception, USDR has remained relatively stable. The only notable deviation occurred over the weekend of March 11/12, 2023, when USDC also lost its peg. USDR is partially backed by DAI (approximately 25%), which is itself primarily backed by USDC (approximately 63%). Tangible described the event in its measurement proposal: "On Saturday morning UTC, DAI reserves decreased as people began to panic. We expected people to start redeeming pDAI, and on Monday morning UTC, we would need to create a DAI-pDAI liquidity pool for those who wanted to exit their positions quickly. However, this was not necessary as we were able to restore the peg without the need for protocol issuance of pDAI. Nevertheless, this risk still exists and is the single biggest drawback of stablecoins backed by tokenized real estate."

However, when it comes to the stability of USDR, the price mostly revolves around the standard of 1 US dollar. It also quickly recovered from the detachment from the anchor in mid-March (see the figure below).

The following stability mechanisms are used to maintain the anchoring status of USDR:

· First of all, in order to prevent anchoring, USDR can be exchanged for DAI, which supports it. Currently, about 25% of collateral is priced in DAI.

· Secondly, USDR is supported by the liquidity owned by the protocol, consisting of the USDR Curve pool. The combination of these two measures provides a certain amount of liquidity for trading or exchanging USDR.

· Then, Tangible established an insurance fund. At the time of writing, the total amount of the insurance fund is approximately $1,100,000 (9.2% of the USDR collateral). However, the Polygon-based multisig mainly consists of 20/80 USDC/TNGBL LP Tokens. In other words, the insurance fund is mainly composed of more TNGBL.

· As mentioned earlier, Tangible also plans to implement pDAI (i.e. committed DAI). In the event of a bank run, where Tangible has to sell its RE TNFT to compensate USDR holders, pDAI will be used. In this case, pDAI can be exchanged instead of DAI. Once enough real estate is liquidated, pDAI holders can exchange it for real DAI.

TNGBL as collateral

Tangible's goal is to use 5-10% of its own TNGBL Token as collateral to mint TNGBL worth $1, which makes USDR a partially algorithmic stablecoin and raises concerns about its reliability in adverse market conditions. Although Tangible limits the amount of USDR that can be minted from TNGBL, it currently accounts for 14% of the total collateral.

Using certain types of partially internal collateral may lead to concerning and potentially unsustainable strategies. For example, bribe managers regularly deposit TNGBL to mint USDR for their incentive plans. This gives Tangible the power to mint unsecured stablecoins, which has triggered emergency action on Mochi's USDM. Tangible may mint USDR with TNGBL and exchange it for DAI or sell it into their Curve pool for USDC/USDT/DAI. The team recently started providing incentives for their USDR/am3CRV pool on Warden Quest, with a total deposit of $225,000. Most of the funds come from the Binance wallet, with some coming from the flow of funds from TNGBL -> USDR -> DAI (Curve pool).

Analysis of TNGBL's deposits in USDRTreasury shows that most of the USDR minting comes from team deposits, primarily from their bribery wallet (used to incentivize increased USDR liquidity through bribes) and government wallet (purchasing government tokens, including CVX and VELO, to increase incentives for the USDR pool). The treasury transfers shown below include most of the deposits from these two team wallets. Overall, out of the 1,106,514 TNGBL in the treasury contract, 1,023,854 (>92%) have been confirmed as team deposits.

This strategy allows Tangible to actively expand by providing incentives for the USDR/am3CRV pool (and other liquidity venues), provided that the price of TNGBL remains stable. If the price of TNGBL drops significantly, there may be insufficient collateral for USDR. As mentioned in the previous sections, TNGBL is the last reserve asset that can be redeemed after all DAI and RE have been redeemed. The insurance fund is mainly composed of the USDC/TNGBL Balancer pool, but this will largely be ineffective in emergency situations. The ability of TNGBL to repay USDR represents a significant risk.

wUSDR

USDR can be used on different blockchains, which also requires consideration of exchange rate stability. In order to use its stablecoin outside of Polygon, Tangible created wrapped USDR (wUSDR).

Real US dollars can be wrapped into wUSDR through Tangible's website. The wrapping process is completed on Polygon. Then, it can be transferred to BSC, Optimism, Ethereum, and Arbitrum using Multichain's router. wUSDR holders can then provide liquidity and farm on different DEXs and yield aggregators in these ecosystems. For example, Beefy and Velodrome on Optimism, Thena on BSC, and Balancer and Aura on Ethereum. The farm on Arbitrum is currently not yet open.

In order to be compatible with Multichain's router as a "cross-chain asset", wUSDR has implemented Multichain's extended smart contract Anyswapv6ERC20.sol. This creates a better user experience when transferring wUSDR to the aforementioned chain. However, as we previously emphasized in our report on Multichain, this grants Multichain's MPC control over the minting and burning functions of wUSDR. Therefore, this adds an additional dependency and risk element for USDR and wUSDR.

In addition, there is a significant difference between wUSDR and USDR. The wrapped version of this token does not undergo rebase operations, but instead experiences a price increase during rent distribution. Therefore, there is a price difference between wUSDR and USDR (see the figure below).

Due to the continuous price increase, these liquidity pools are not "pure stable pools" and cannot be considered as contributing meaningfully to the USDR fixed mechanism. Instead, this adds complexity to an already quite complex project. It is worth noting that there is a high degree of concentration among wUSDR Token holders. On all chains outside of Polygon, almost all wUSDR Tokens are stored in the aforementioned DEXs (see the figure below).

In short, Tangible has established several mechanisms that support the USDR anchor. They have envisioned a promising approach (pDAI) to ensure that USDR holders can redeem USDR for equivalent items at any time. However, most measures are still new and untested, and some are completely centralized (such as real estate clearing). It is worth questioning whether USDR can maintain its fixed exchange rate, especially in the case of bank runs. In addition, the project introduces additional complexity and potential weaknesses through its wUSDR Token and multi-chain integration. These factors are not conducive to the security of USDR exchange rate stability. Nevertheless, USDR has proven to be quite stable so far (since October 2022) and has successfully passed its first decoupling.

Llama Risk Assessment Standard

1. Can a single entity deceive its users?

Yes, Tangible may overlook asset liquidation or fail to fulfill redemption obligations. It also acts as an oracle for pricing its own RWA. Most of the protocol's funds, including its inventory, insurance fund, and collateral held in smart contract custody, can be accessed through multi-signature control by the team. Additionally, there is no time lock.

The team has publicly disclosed their identities and has experience in establishing Web3 startups, which adds to their credibility. However, the high level of system complexity and centralized access control raises concerns.

2. If the team disappears, can the project continue?

No, the team controls the supervision of all contracts, assets, and all RWA. If the team disappears, the DAO cannot exercise its liquidation rights over its RWA. In addition, no one can update contracts, allocate fees, or access any other assets held in the insurance pool. Therefore, tangible regulated real estate or any other RWA is unlikely to be accessible to anyone outside the team.

The team mentioned a plan to collaborate with other RE issuers to reduce their dependence on their own LLC. This remains to be seen.

3. Does this protocol rely on CRV or other incentives to maintain its anchoring?

After obtaining the Curve standard, the market value of USDR has reached 11.5 million US dollars. USDR has also remained relatively stable. Only during the USDC unlocking period did unlocking occur, while most stablecoins experience some issues over a weekend. USDR quickly recovered and remained stable.

However, USDR relies on POL in the Curve pool to provide sufficient liquidity and minimize redemptions directly through the protocol. This may create a dependence on Curve pool incentives to avoid liquidity crises, which could become a crutch for the system in the event of bankruptcy risk.

4. Has the audit revealed any concerning signs?

There were no significant issues found during the first audit. However, there has only been one audit to date. The second audit is currently underway and this report is being written. It is worth noting that there is currently no active bug bounty program and Tangible is generally still a young project.

There are some architectural inconsistencies and excessive manual and privileged functions. Currently, Tangible is more like a company than a protocol, which may lead to human errors or poor system management. Given the complexity of the system, a single audit and lack of bug bounty program are not sufficient to provide strong security guarantees.

Conclusion

Tangible is a very ambitious and rapidly developing project. It introduces novel use cases for RWA and an innovative stablecoin with intrinsic rewards and rebalancing mechanisms. The concepts of RWA trading and real estate collateral are novel and well thought out. However, the team's level of centralized control presents conflicts of interest as they are both the issuer of RE TNFT and the custodian of underlying assets. Additionally, there is significant room for improvement in the actual implementation of the project. Tangible prioritizes growth and rapid rollout of new features over decentralization and sustainability of existing infrastructure.

The entire setup of smart contract access control, RWA custody, governance, and collateral structure is not sufficient to ensure security and requires complete trust in the entity behind the platform. Additionally, it is very complex both technically and conceptually, and requires improvement in project transparency (such as ownership and custody of RWA, pricing of RWA, cross-chain wUSDR implementation, roadmap, access permissions, administrator roles, and hidden owners, etc.).

Although we applaud the ambition of this project, we believe it is too reliant on the core team. Users are completely dependent on the team's honesty and responsible management. In order to meet the requirements of Curve's rules, Tangible should implement a plan to transfer its RWA price oracle and reserve proof to independent auditing agencies and oracle providers. TNGBL should also be removed as collateral as it increases the risk of USDR. Until these changes occur, we believe Curve should not incentivize the USDR/am3CRV pool.