Avalon Finance
About
Avalon Finance is a Bitcoin-focused DeFi lending protocol and financial center offering Bitcoin Liquid Staking Derivatives (LSD) lending, a Bitcoin-backed stablecoin (USDa), and structured yield products. The platform provides both decentralized lending with isolated pools for Bitcoin LSDs and hybrid CeDeFi solutions that bridge decentralized and institutional finance. It targets Bitcoin holders seeking to unlock liquidity and generate yield while retaining ownership of their Bitcoin assets.
Where Does Yield Come From?
Yield is generated through several interconnected sources.
DeFi Lending: Users can deposit tokenized Bitcoin (like WBTC, SolvBTC, BTCB, LBTC) into separate, isolated lending pools. They earn a variable yield from borrowers who pay interest on their loans.
USDa Stablecoin Ecosystem: Holders of the platform’s stablecoin, USDa, can stake it in special yield-generation vaults. The yield here is supported by USDa's fixed borrowing rate and by revenue earned from lending activities involving USDa.
Super Earn strategies combine three main approaches:
- On-Chain Yield: earning from lending, providing liquidity to trading pairs, and collecting protocol incentives.
- Delta-Neutral strategies: using techniques like basis trading (profiting from price differences between spot and futures markets), funding rate arbitrage, and capturing spreads across different exchanges—all designed to be relatively insulated from broad market moves.
- Real-World Asset (RWA) yield: earning from institutional-grade private loans backed by real assets, arranged through regulated partnerships.
The platform’s hybrid model bridges decentralized finance with traditional institutional lenders. This connection creates additional yield opportunities from both on-chain and off-chain sources, while keeping risks separate through isolated pool mechanisms.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Salus Security09-04-2024 |
| The audit found no critical or high-severity vulnerabilities, with the single medium-risk issue already resolved and other low/informational findings acknowledged, indicating a relatively secure codebase with minor recommendations for Chainlink compatibility and dependency monitoring. |
Salus Security24-09-2024 - 18-10-2024 |
| The audit found no critical or high-severity vulnerabilities, with the medium centralization risk and low dependency risk both acknowledged by the team, indicating the USDA platform underwent security review with identified risks documented for mitigation. |
Salus14-10-2024 - 17-10-2024 |
| The audit uncovered moderate security concerns including centralization risks and a potential DOS vulnerability, with no critical or high-severity findings; the team has addressed or acknowledged all reported issues. |
Salus Security11-12-2024 |
| The audit found no critical or high-severity vulnerabilities, with only medium centralization risks and minor code quality issues identified, suggesting the governance token implementation has a reasonable security posture pending the recommended mitigations. |
SlowMist21-10-2024 - 22-10-2024 |
| The audit found no critical vulnerabilities, with all identified issues addressed or acknowledged, though the project's medium risk rating reflects pending deployment and permission transfer to governance controls. |
SlowMist24-12-2024 - 26-12-2024 |
| The audit found no security vulnerabilities across all tested categories, resulting in a clean pass, though the role-based permission system requires careful multi-sig and timelock implementation as indicated by the project team. |
SlowMist16-12-2024 - 17-12-2024 |
| The audit found no critical or high-risk vulnerabilities, with only medium and low-severity issues that were either acknowledged for mitigation or already fixed, indicating a relatively secure codebase with appropriate administrative controls planned. |
BlockSec11-10-2024 |
| The audit found one high-risk and one medium-risk vulnerability, both of which were fixed by the team, indicating responsive remediation but revealing initial oversights in collateral validation and precision handling. |
BlockSec22-10-2024 |
| BlockSec's audit found one high-severity issue alongside medium and low findings, all of which were addressed in subsequent versions, though centralization risks remain inherent to the protocol's administrative functions. |
BlockSec30-10-2024 |
| The audit uncovered one high-severity vulnerability in the borrowing limits alongside several medium and low issues, all of which were reportedly fixed, leaving residual centralization risks as noted. Overall security posture appears improved but relies on proper administrative key management. |
BlockSec10-12-2024 |
| The audit identified no security vulnerabilities in the Avalon Token implementation, though it notes centralization risks from privileged roles and the absence of actual governance functionality. |
BlockSec20-01-2025 |
| The audit found only one low-severity issue which the project team confirmed as intentional design, indicating the USDA Minter contracts have relatively minimal security concerns in the audited scope. |
Legal
Registration jurisdiction
British Virgin Islands
Status and notes
Operating entity referred to as "Avalon Labs" in documentation. Terms and Conditions (last updated July 17, 2025) specify BVI law as governing law. Privacy Policy available. Website footer includes copyright notice "Copyright© Avalon Labs - 2026. All Rights Reserved" and states that Avalon Labs does not control, operate, or manage the protocol. Content restrictions apply to U.S. Persons, Mainland China, Hong Kong, Singapore residents, and persons in jurisdictions where cryptocurrency is prohibited.