Cap
About
Cap is a stablecoin protocol providing credible financial guarantees through two primary products: cUSD, a dollar-denominated stablecoin backed by blue-chip stablecoins like USDC and USDT, and stcUSD, a yield-bearing stablecoin that enables users to earn rewards. The protocol operates as a three-sided marketplace designed to run autonomously via economic incentives, outsourcing yield generation to a diverse layer of institutional operators including banks, HFT firms, and market makers.
Where Does Yield Come From?
Yield for stcUSD holders comes from two main sources: idle reserve yield and operator borrowing strategies.
Idle reserve yield: When capital in the vault is not being borrowed, it is automatically put to work in yield-generating activities. These include earning interest from U.S. Treasury bills and lending to crypto markets through established platforms like Aave and Morpho. The rewards are set automatically based on current market rates.
Operator borrowing strategies: Approved operators can borrow liquidity from Cap's reserves to run their own strategies. To qualify, they must beat a dynamic hurdle rate. This hurdle rate is calculated from market benchmarks and how much of the reserves are already in use—it rises quickly if reserves become too busy. Operators also need to get overcollateralized backing from restakers, who provide collateral from shared security networks.
How yield is shared: When an operator earns more than the hurdle rate, the profit is split three ways:
- The hurdle rate portion goes to stcUSD holders.
- A pre-agreed rate goes to the restakers who provided collateral.
- Any remaining profit stays with the operator.
All borrowing is overcollateralized, meaning operators put up more value than they borrow. If the collateral value drops too low or an operator fails to repay, a slashing mechanism takes effect. Slashed funds from restakers are sold back to the reserve through Dutch auctions, helping keep the cUSD stablecoin fully backed.
Fees: The protocol charges dynamic mint and burn fees that change based on how assets are allocated, plus fixed fees for redeeming tokens proportionally.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Certora15-09-2025 - 22-09-2025 |
| The audit uncovered several medium and low severity issues in Cap's EigenLayer integration, all of which were promptly fixed except for one acknowledged edge-case revert with minimal practical impact. |
Sherlock03-09-2025 |
| The audit uncovered several high and medium severity vulnerabilities in liquidation mechanics, collateral slashing, and reward distribution that required fixes before deployment. While concerning, these issues were identified during the audit phase and addressed through code updates. |
Recon04-07-2025 |
| The audit uncovered several logic bugs and edge cases in health calculations and state management, with the team addressing or acknowledging findings before launch. While no critical vulnerabilities were found, the medium-severity issues required fixes to prevent incorrect health assessments and potential system reverts. |
Electisec04-03-2025 - 06-03-2025 |
| The audit found no critical, high, or medium vulnerabilities, with only low-severity issues promptly addressed, indicating a relatively secure pre-mainnet vault implementation suitable for its intended testnet campaign. |
Spearbit14-04-2025 - 02-05-2025 |
| The audit revealed multiple critical accounting and interest rate vulnerabilities that were all successfully remediated before launch, resulting in a comprehensively reviewed protocol with no outstanding high-severity issues at deployment. |
Trail of Bits03-03-2025 - 28-03-2025 |
| The audit revealed multiple high-severity vulnerabilities in oracle pricing, collateral management, and auction mechanisms that could lead to fund loss or protocol insolvency if exploited. Trail of Bits recommends remediation before deployment and an additional security review due to systemic issues and likely undiscovered high-severity findings. |
Zellic17-02-2025 - 07-03-2025 |
| The audit identified one critical vulnerability that could have led to significant fund loss, along with several high and medium severity issues, all of which were addressed by the CAP team before deployment. The resolved findings demonstrate appropriate security diligence, though the presence of a critical borrowing calculation error highlights the importance of thorough validation logic testing. |
Spearbit27-11-2025 |
| This limited-scope PR review discovered no security issues in the examined changes, indicating the specific code modifications were reviewed and found to be secure within the audit's constraints. |
Legal
Legal form
Covered Agents S.A. (corporation)
Registration jurisdiction
Republic of Panama
Status and notes
Platform operated by Covered Agents S.A., a corporation incorporated under the laws of Panama. Terms of Use (last revised March 26, 2025) and Privacy Policy (last revised March 26, 2025) available in official documentation. Terms and Conditions page last updated June 2, 2025.