defi.money
About
defi.money is a decentralized stablecoin protocol based on Curve Finance's crvUSD architecture, featuring "Automated Loan Protection" that uses an AMM system to protect collateral from liquidation during price volatility. The protocol is natively cross-chain, deployed on multiple EVM chains and L2s, with simplified UX via ZAPs for one-click borrowing. It offers $MONEY as a USD-denominated stablecoin that can be minted using diverse collateral types including altcoins, LP tokens, and tokenized RWAs.
Where Does Yield Come From?
In defi.money, the main way to earn yield is through sMONEY. This is a token that holds the MONEY stablecoin and earns interest over time.
sMONEY works like a savings account: you start with 1 sMONEY being worth 1 MONEY. As interest adds up, the value of each sMONEY token slowly increases compared to MONEY. You don't get extra tokens; each sMONEY you hold becomes worth more MONEY when you eventually exchange it back.
The interest comes from protocol revenue – fees that the protocol collects from its lending and borrowing activities.
How the revenue is shared with sMONEY holders depends on the price of MONEY itself:
- When MONEY trades below its $1 target (its "peg"), a larger portion of the fees is given to sMONEY holders.
- This is designed to encourage people to buy and lock up MONEY, which helps push the price back toward $1.
The fees that make up this revenue come from two main places:
- Interest from borrowers: People who take out loans (called collateralized debt positions, or CDPs) pay interest and fees on those loans.
- Automated Loan Protection fees: This is the system that helps protect collateral from being liquidated during price swings. It generates fees when loans enter certain ranges and collateral needs to be converted.
If you want to convert your sMONEY back into regular MONEY, there is a 7-day cooldown period. Starting this process locks your funds for a week. If you try to start another conversion during an active cooldown, the timer resets to 7 days.
The system that manages how these fees are collected and distributed (the Fee Module) is currently under development, according to the project's official information.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
ChainSecurity16-05-2024 - 12-06-2024 |
| ChainSecurity found the DFM Core codebase to provide a good level of security, with all identified issues resolved during the audit process, though governance retains significant trusted authority in the system design. |
MixBytes29-04-2024 - 14-06-2024 |
| The audit revealed several concerning medium-severity issues with hooks and debt calculations that were subsequently fixed, resulting in a generally secure codebase with acknowledged risks around oracle manipulation and sequencer downtime requiring ongoing monitoring. |
BailSec01-06-2024 |
| The audit identified several high-severity issues that were resolved before deployment, though some medium-severity design limitations remain acknowledged by the team as acceptable trade-offs for the protocol's intended use case. |
BailSec01-06-2024 |
| The audit uncovered critical oracle integration issues that could cause price-fetching DoS for up to 20 minutes, but all high-severity findings were resolved before deployment, leaving only acknowledged low-risk design choices. |
BailSec01-09-2024 |
| The audit uncovered several critical design flaws in the fee module that could lead to fund drainage and protocol dysfunction, but most were resolved before deployment. Residual medium and low risks remain in areas like bonus circumvention and governance privileges. |
BailSec01-07-2024 |
| The audit uncovered several medium-to-high severity issues that were all resolved, including a critical safeApprove DoS vulnerability and MEV griefing risks, leaving the LeverageZap contract with acknowledged informational risks around flash loan fees and slippage. |
| The audit found no critical or high-severity vulnerabilities, with the medium issue being context-dependent on integrator handling and low-risk issues related to edge cases and documentation; overall, the SwapZap implementation appears reasonably secure with acknowledged minor improvements. | |
ChainSecurity16-05-2024 - 12-06-2024 |
| The audit identified and resolved one medium severity issue related to hook accounting, along with numerous low-severity and informational findings, concluding that the codebase provides a good level of security for this Curve LLAMMA-based stablecoin system. |
MixBytes29-04-2024 - 14-06-2024 |
| The audit found no critical vulnerabilities but identified several medium and high severity issues that were largely addressed during the engagement, indicating a responsive security posture though some design considerations around hooks and oracles remain. |
BailSec01-06-2024 |
| The audit uncovered several critical logic flaws in the staking contract's epoch handling and weight calculations, all of which were resolved before deployment, resulting in a secured implementation for its intended use case. |
BailSec01-06-2024 |
| The audit revealed critical oracle integration flaws that could disrupt price feeds for up to 20 minutes, but all identified issues were resolved before deployment, ensuring robust Chainlink EMA functionality. |
BailSec01-09-2024 |
| The audit identified several critical design flaws including fund draining vulnerabilities and relayer underfunding risks, though most were reportedly resolved prior to deployment. Residual medium and low-severity issues remain around bonus mechanics, access controls, and edge-case handling that require careful monitoring. |
BailSec01-07-2024 |
| The audit found no critical or high severity issues, with all low-risk vulnerabilities resolved and informational items acknowledged, indicating a relatively secure implementation with minor documentation improvements needed. |
Legal
Status and notes
Protocol sunsetting as of May 7, 2025 per official announcement. No operating legal entity, jurisdiction, or registration disclosed in official sources (website, documentation, blog, GitHub). Smart contracts licensed from Curve.Fi but no defi.money entity information found.