M0
About
M0 is a shared infrastructure platform that enables businesses to launch their own branded, programmable stablecoins (called "extensions") and financial institutions to power stablecoin issuance. Built on an open standard, stablecoins on M0 are interoperable with shared liquidity, allowing builders to customize access control, compliance, branding, and yield distribution while regulated issuers manage reserves and mint the underlying $M building block. The platform targets fintech companies and apps wanting sovereign stablecoins, as well as regulated financial institutions seeking to offer issuance services using M0's issuance stack.
Where Does Yield Come From?
Yield in the M0 protocol comes from a three-party system: Minters (issuers), Earners (approved $M holders), and the protocol treasury — all coordinated by smart contracts that update continuously.
Minters are approved entities that deposit safe collateral (like short-term government T-bills) and mint $M stablecoins. They owe interest on everything they've issued, at a rate set by governance (the "Minter Rate," which compounds continuously but is capped at 400% APR).
Earners are addresses that get permission (through M0's Two-Token Governance system) to earn yield on their $M holdings. Their rate is calculated separately. A mathematical model makes sure that what Earners receive is ≤98% of the "safe rate" — meaning total interest paid out to earners can never exceed total interest collected from minters.
The contracts enforce this through two separate continuous-indexing systems (one in the MinterGateway, another inside the $M token itself). All obligations and rewards build up continuously, not in periodic payments. Earning accounts either grow automatically (the $M token rebases, meaning your balance goes up on its own) or earn rewards you can claim later (in the wrapped version, wM).
The leftover spread — at minimum about 2%, plus rounding buffers and any penalties charged to minters who miss collateral updates — piles up as "excess owed $M." This excess gets minted directly to the Distribution Vault (TTGVault), which hands it out proportionally to Zero governance token holders through an epoch-based claim system.
Builders creating stablecoin extensions can also customize how yield flows. If their extension contract is approved as an M0 Earner, it earns yield too. They can then direct that yield to a treasury, rebase it to token holders, let holders claim it as rewards, or split it among multiple parties.
The Wrapped $M (wM) token — a non-rebasing ERC-20 wrapper — adds another layer. The wM contract earns $M yield on everything it holds, but only wM holders who turn on "Earning Mode" actually get that yield. The $M yield on non-earning wM balances accumulates as "excess" inside the contract. Anyone can claim this excess via claimExcess(), which sends it to the Distribution Vault for Zero holders.
Extra revenue for the vault also comes from Power token auction proceeds and forfeited StandardGovernor proposal fees.
All rates (the Minter Rate set via BASE-MINTER-RATE, and the Earner Rate via max_earner_rate) are controlled by the Two-Token Governance system (TTG) and get applied whenever updateIndex() is called.
Persons
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Quantstamp08-01-2024 - 29-01-2024 |
| The audit found no critical or high-severity vulnerabilities, and the single medium-severity truncation issue was fixed, indicating solid code quality; however, the protocol's reliance on off-chain validator attestation and governance mechanisms introduces inherent trust assumptions beyond the smart contract scope. |
Three Sigma Labs08-01-2024 - 02-02-2024 |
| The audit identified no critical vulnerabilities and both high-severity issues were remediated, indicating a reasonably secure codebase; however, the acknowledged medium finding around signature replay and the presence of 11 low-severity findings (two acknowledged) suggest residual operational risks that should be monitored post-deployment. |
Certora18-01-2024 - 07-03-2024 |
| The formal verification and manual audit uncovered two critical and one high-severity vulnerability in the PowerToken bootstrap/sync logic, all of which were acknowledged and fixed by the team, and the net zero medium findings reflect strong contract safety for the M0 protocol's core governance and minting invariants. Residual informational items were either accepted as design choices or also remediated. |
ChainSecurity08-01-2024 - 23-04-2024 |
| The codebase provides a good level of security with zero critical or high-severity findings; all medium-severity issues were either corrected, acknowledged, or risk-accepted, and the vast majority of low-severity findings were fixed, leaving only well-documented residual rounding and design-edge behaviors that the team has consciously accepted. |
OpenZeppelin08-01-2024 - 09-02-2024 |
| The audit identified one high-severity signature replay flaw and six medium-severity design/implementation issues, all unresolved as of reporting, indicating that significant remediation was required before production deployment; the protocol's heavy reliance on two-token governance and off-chain validators introduces residual trust and game-theoretic risks that should be carefully monitored. |
Prototech Labs08-01-2024 - 09-02-2024 |
| This invariant-focused security review by Prototech Labs identified 3 critical, 4 high, 5 medium, 9 low, and 11 informational findings, with nearly all critical and high severity issues resolved by the M0 team prior to publication, though several structural design decisions (dynamic collateral expiry, inflation rounding on resets) were accepted as intentional risks outside the scope of fixing. |
Kirill Fedoseev08-03-2024 |
| The audit identified one High-severity issue (double-counted validator signatures, already fixed) and several Medium/Low findings, most of which were remediated, indicating that the M0 Protocol's core contracts were in a reasonably secure state at the time of the review. |
Sherlock01-03-2024 - 30-04-2024 |
| The audit identified several high and medium severity issues relating to validator signature replay, earning rate invariants, and penalty-based DoS risks, which require remediation before the M0 protocol can be considered safe for production. |
ChainSecurity13-08-2024 |
| The audit found no critical or high-severity vulnerabilities; all medium and most low-severity findings were corrected, with one low-risk accepted as a design choice, indicating a good level of security for the Wrapped M Token. |
Three Sigma17-07-2024 - 19-07-2024 |
| No critical, high, or medium vulnerabilities were found, and the two low-severity issues were either acknowledged or addressed, indicating the Wrapped M contract codebase was in a generally sound security posture at the time of audit. |
Kirill Fedoseev04-07-2024 - 09-08-2024 |
| All three high-severity vulnerabilities were fixed, and the remaining acknowledged medium/low issues represent acceptable design trade-offs under TTG governance control, making the audit outcome favorable for deployment. |
Certora25-06-2025 - 06-07-2025 |
| The audit found no critical vulnerabilities; the two high-severity issues were either fixed or acknowledged with a planned mitigation, and the remaining medium-to-low findings were addressed or accepted. Overall the codebase presents a manageable risk profile for deployment once all fixes are applied. |
ChainSecurity23-06-2025 - 17-07-2025 |
| The audit reveals several medium-severity open issues — including an irrecoverable state in MEarnerManager and incorrect balance tracking in the Uniswap V3 adapter — alongside one high-severity insolvency risk that was remediated; overall the codebase provides an improvable level of security per ChainSecurity's assessment, and the draft status suggests further review may be warranted before production deployment. |
Guardian05-08-2025 |
| The audit found one High-severity issue that was resolved, and the remaining Medium and Low findings were either resolved or acknowledged, leading Guardian to assign a High Confidence ranking (4/5); the protocol is considered suitable for deployment after remediations, with periodic review recommended as the codebase evolves. |
Halborn17-06-2025 - 23-06-2025 |
| The audit found one High-severity issue (whitelist access control) which was remediated, and one Low-severity issue (front-running risk during initialization) which was risk-accepted; all informational findings were resolved, leaving no critical or medium vulnerabilities in scope. |
| The critical access control vulnerability and most findings were resolved before launch, though the front-running risk was acknowledged without remediation; the protocol's mathematical design is robust but depends on the out-of-scope ext_earn program for index monotonicity, presenting a residual trust risk. | |
OtterSec16-06-2025 - 20-06-2025 |
| The one critical and one medium vulnerability were both remediated before the audit's conclusion, and the informational recommendations were either acknowledged or patched, indicating that the protocol's identified security and correctness risks have been addressed. |
Three Sigma28-04-2025 - 05-05-2025 |
| The critical vulnerability was resolved before release, making the core bridging logic safe; the two low-severity issues were either addressed or acknowledged with mitigations in place, leaving no open high-risk exposure. |
ChainLight (Theori)25-05-2025 |
| The one critical vulnerability enabling cross-chain message forgery has been patched, resolving the highest-risk attack path; the two remaining won't-fix items (integer truncation and rounding) present only theoretical or conditionally constrained risks deemed acceptable for the current design. |
ChainSecurity12-09-2025 |
| The audit found 3 open findings (1 High, 2 Low) plus 2 informational notes, all accepted or acknowledged by the M0 team with no required code changes, and the report concludes the codebase provides a high level of security within its limited scope. |
Guardian Audits15-08-2025 |
| The audit found no critical or high-severity vulnerabilities, and Guardian assigns the protocol a Very High Confidence ranking, indicating the codebase is mature and secure for deployment; however, the two acknowledged medium/low issues around native M token handling and failed swap recovery represent residual design risks that the M0 team accepts as intentional configuration choices. |
Halborn27-10-2025 |
| Halborn found no critical, high, medium, or low severity vulnerabilities; only two informational issues were raised, both of which were addressed (one acknowledged, one solved with an event emission). The overall security posture of M Portal Lite is sound with no material risks identified. |
Halborn31-03-2025 - 10-04-2025 |
| The Halborn audit identified no critical or high-severity vulnerabilities, with the single medium finding resolved and all low/informational items either remediated, risk-accepted, or acknowledged, supporting a sound security posture for the M0 protocol. |
OtterSec10-03-2025 - 17-03-2025 |
| The audit found no critical or high-severity vulnerabilities, and both identified issues have been resolved or acknowledged, indicating a sound security baseline for the solana-m program. |
Sec3— |
| The audit identified two medium-severity and one low-severity code issues in the Solana M Earn and Ext_Earn programs, all of which were resolved by the development team; the remaining design-level question about earn_manager trustworthiness was acknowledged as an expected trust assumption rather than a code vulnerability, indicating that the remediated codebase is sound. |
ChainSecurity13-08-202525-08-2025 |
| The MUSD codebase was found to provide a high level of security with no exploitable vulnerabilities; only two informational observations were acknowledged by the client and no fixes were required. |
Consensys Diligence11-08-2025 - 15-08-2025 |
| The audit found no significant security vulnerabilities in the mUSD token contract, with only one medium-severity design issue (approval during pauses) that was promptly fixed, alongside several code-quality improvements. However, the contract's centralized administrative controls—including freezing, forced transfers, and upgradeability—constitute a material trust assumption that requires rigorous operational security. |
Guardian Audits15-08-2025 |
| The M0 mUSD codebase received a very clean audit with zero findings across all severity bands above Informational, and the sole Informational issue was resolved; the protocol is considered highly secure at the time of audit with very low risk of latent critical issues. |
Kirill Fedoseev06-08-2025 |
| This audit identified zero security or economic-impacting vulnerabilities in the MUSD M Extension contracts; only three informational code-quality recommendations were noted, indicating the contracts were found to be in sound condition at the reviewed commits. |
ChainSecurity22-01-2026 |
| All critical and medium-severity findings were remediated across three code versions, and the two remaining low-severity issues were accepted as managed risks, resulting in a high overall security assessment from ChainSecurity for the M0 Liquidity Delivery protocol. |
Guardian Audits30-01-2026 |
| The audit uncovered 3 critical and 5 high-severity vulnerabilities—all resolved—plus numerous medium and low findings; Guardian assigned a low confidence ranking (2/5) and strongly urged a follow-up audit at a finalized frozen commit before mainnet deployment, indicating that meaningful residual risk remains despite the remediations. |
Halborn08-12-2025 - 22-12-2025 |
| The audit covered 11 business days with one security engineer and found no Critical or High severity issues; the single Medium finding was risk-accepted by the team for their stablecoin use case, while all other findings were remediated, indicating a generally sound codebase with acceptable residual risk. |
| The Sherlock review identified several security issues spanning access control, cross-chain state synchronization, and economic design, with initialization front-running being the most severe due to lack of access controls. The protocol should address the cross-chain cancel semantics and account squatting vectors before mainnet deployment. | |
Adevar Labs23-01-2026 |
| The codebase demonstrates a strong security posture with no exploitable vulnerabilities found; the two low-severity issues (one acknowledged, one resolved) and four minor enhancements do not materially affect protocol safety, and the after-fix review confirms all actionable items were addressed. |
Adevar Labs21-01-2026 |
| The audit revealed no critical or high-severity vulnerabilities, and all four low-severity issues were either resolved or acknowledged with no remaining risk, reflecting strong development practices by the MO team. |
ChainSecurity24-02-2026 |
| All critical and medium findings were addressed before the final report, and the codebase provides a high level of security for the M-Portal-v2 and Order Book, though residual design risks around rounding and index synchronization during edge cases were accepted by the protocol team. |
Guardian Audits30-01-2026 |
| The 3 critical and 5 high-severity issues were all resolved before publication, substantially reducing the most material risks, but Guardian assigns a Low Confidence ranking (2/5) and strongly recommends a follow-up audit on the fully remediated codebase before mainnet deployment. |
Halborn22-12-2025 - 31-12-2025 |
| All 13 findings have been addressed (solved, accepted, or acknowledged) by the M0 team, with no critical or high-severity vulnerabilities remaining, indicating a robust security posture for the Portal V2 deployment. |
Sherlock19-12-2025 |
| The audit identified several cross-chain security issues of note, with most resolved by the team; however, the garbled text extraction prevents precise severity accounting, so the report should be consulted directly for the full severity breakdown before relying on these findings for a safety assessment. |
Guardian12-12-2025 |
| The audit found no Critical or High severity vulnerabilities and only one Medium issue (acknowledged), indicating a mature, well-secured codebase suitable for deployment after the resolved low-severity fixes are applied. The Very High Confidence ranking and extensive fuzz testing (10M+ runs) further reinforce the protocol's strong security posture. |
| The audit report could not be meaningfully analyzed because the PDF conversion yielded unusable text, so no assessment of security findings or severity distribution can be made from this source. |
Backers
M0 (previously M^0) has raised a total of $100 million across three rounds, as confirmed by official press releases on the M0 website.
Seed Round (early 2023): $22.5 million, led by Pantera Capital, with participation from other investors (the company emerged from stealth in April 2023).
Series A (June 5, 2024): $35 million, led by Bain Capital Crypto. Additional participants in the round included Galaxy Ventures, Wintermute Ventures, GSR, Caladan, and SCB 10X, alongside existing investors.
Series B (August 28, 2025): $40 million, co-led by Polychain Capital and Ribbit Capital, with participation from the Endeavor Catalyst fund. Existing investors Road Capital, Pantera Capital, and Bain Capital Crypto also participated.
Other institutional investors and backers listed on the M0 homepage under "Backed by the best" include: Road Capital, AirTree VC, Standard Crypto, Earlybird, Salt, GSR, Fort West Capital, Hack VC, ParaFi, Wintermute Ventures, Kraynos, Endeavor, Distributed Capital, Caladan, and SCB 10X.
Legal
Legal form
Foundation (Swiss foundation / Stiftung)
Registration jurisdiction
Switzerland (CHE-132.878.734; Zug canton; domiciled at Bergliweg 15, 6300 Zug)
Status and notes
The operating entity is the M0 Foundation (M0 FOUNDATION), a foundation established under Swiss law and registered in Switzerland under UID CHE-132.878.734. Full legal imprint, Terms of Use (last updated May 2024), and Privacy Policy are published at m0.org/terms-conditions and m0.org/privacy-policy respectively. Contact email: [email protected]. The foundation states it does not control the Protocol or TTG governance; it solely promotes and supports the M0 ecosystem.