River
About
River is a chain-abstraction stablecoin system centered on the over-collateralized stablecoin satUSD (backed by BTC, ETH, BNB, and LSTs). Users can collateralize assets on one blockchain and natively mint satUSD on another chain without bridges, stake satUSD for yield via the liquid yield-bearing token satUSD+, deposit into Smart Vaults or Prime Vaults (institutional) for automated strategy-based returns with no liquidation risk, and engage socially through River4FUN to earn token rewards. The protocol is built on LayerZero's OFT standard for cross-chain composability.
Where Does Yield Come From?
River generates yield for users through several distinct channels. None of the satUSD-based yields rely on printing new tokens — instead, the rewards come from real activity inside the protocol.
1. Core lending fees (the main yield source)
Users deposit assets like BTC, ETH, BNB, or liquid staking tokens (LSTs) as collateral to mint the stablecoin satUSD. Every time someone mints, redeems, or gets liquidated, the protocol collects a fee. These fees pool together and are shared with users who stake satUSD.
2. satUSD+ — auto-growing staking token
When you stake satUSD, you receive satUSD+ in return. This is a token whose value automatically increases over time as the protocol collects more fees. You never need to manually claim or re-stake — the growth happens passively. As River's docs state, there is "no inflationary reward model — all yield is backed by real activity within the protocol."
3. Smart Vault — two ways to earn, zero debt risk
You deposit BTC, ETH, USDT, or USDC into a Smart Vault. The protocol then does two things with your money:
- It internally mints satUSD against your deposit (using a governance-set "staking factor" between 0–100% per asset) and stakes that satUSD into the fee-sharing pool.
- Meanwhile, your original deposited assets are put to work across approved DeFi protocols (like Morpho and Pendle) and CeDeFi strategies held in institutional-grade custodian wallets.
Because the borrowing happens inside the protocol — not on your behalf — you never hold debt and face zero liquidation risk. During market stress, the system automatically rebalances using oracle data. When the vault matures, you get back your original deposit plus the satUSD yield and River Pts that have accumulated.
4. Prime Vault (institutional version)
Same idea as the Smart Vault, but with regulated custody from providers like Ceffu and Cobo — designed for larger or institution-level participants.
5. River4FUN — social engagement rewards
You stake any token, connect your X (Twitter) account, and earn River Pts by posting, referring friends, or voting. These points convert into staked $RIVER tokens through a dynamic rate that improves the longer you wait — over a 180-day window, the conversion rate rises continuously, reaching up to roughly 270 times the starting rate.
6. $RIVER ecosystem incentives (separate from fee-based yield)
Out of 100 million $RIVER total supply, 12 million tokens (12%) are set aside for ecosystem incentives. These vest linearly over 60 months and are used for liquidity mining, referral programs, and yield-boosting campaigns. This pool is separate from the satUSD+ yield, which remains backed by fees and strategy returns.
Key design choices worth noting:
- satUSD+ yield is non-inflationary — it comes from CDP fees and strategy returns, not from minting new tokens.
- Smart Vaults remove debt and liquidation risk from the user by keeping the borrowing internal to the protocol.
- Governance parameters (staking factors, approved strategies) are controlled by $RIVER token holders.
- All cross-chain minting and burning uses LayerZero's OFT standard, so yield is not fragmented across different bridges.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Bill Hsu10-06-2024 - 30-06-2024 |
| Three of four high-risk findings were fixed, but the most critical recovery-mode liquidation attack was acknowledged without a code fix, leaving a residual economic attack vector dependent on protocol state. Overall, the review identified meaningful design-level risks in the liquidation and redemption mechanics that warrant continued monitoring. |
ScaleBit25-02-2024 - 15-03-2024 |
| All six identified issues (including one major and one medium severity) were resolved, indicating a clean remediation cycle before deployment. The audit scope was comprehensive across core protocol contracts, and no residual high-risk vulnerabilities remain open. |
Supremacy19-03-2024 |
| All three findings (2 Medium, 1 Low) were fixed prior to release, leaving no unresolved security issues; the audit indicates the contracts were made safe for deployment, though counterparty risk from privileged accounts (mitigated but not fully eliminated) was noted. |
ScaleBit25-02-2024 - 25-03-2024 |
| The audit found no critical or major vulnerabilities, with all minor issues fixed and the sole acknowledged medium finding accepted as intentional design, indicating a reasonable security posture for the OSHI contract suite at the time of review. |
billh (@hibillh)24-12-2024 - 04-01-2025 |
| The audit identified several critical-severity-equivalent issues (5 high, 7 medium) concentrated in access control, accounting logic, and yield-strategy integrations, with most high and medium findings remediated in PR#5 or via contract removal, indicating the team acted promptly on security feedback. |
billh (@hibillh)23-01-2025 - 29-01-2025 |
| All serious issues were addressed: the single high-risk underflow bug and both low-risk findings were fixed, leaving only one acknowledged informational item that poses no material risk. The audit indicates Satoshi Farm was adequately reviewed with no unresolved security threats. |
Zenith (Code4rena)11-02-2025 - 18-02-2025 |
| The audit found no critical or high-risk issues, and all medium-severity findings were resolved, demonstrating that the Satoshi Farm contracts were in a solid security posture at the time of review. |
Zellic28-09-2025 - 02-10-2025 |
| The audit found no critical or high-severity issues, with all nine findings falling into medium, low, or informational impact — meaning the Smart Vault system has a solid security baseline, though the three medium issues (reward precision loss, missing config validation, and insufficient test coverage) should be addressed before production deployment. |
Supremacy02-12-2025 |
| All three medium-severity findings were fixed by the project team, and four informational items were resolved (one acknowledged), indicating the protocol addressed the identified risks before the audit closed. The invariant testing provides reasonable assurance of core correctness, though the acknowledged centralization risk in the withdraw function remains a residual design concern. |
Backers
No named investors, specific VC funds, funding rounds, or investment amounts are publicly disclosed on any of River's official channels (website, documentation, or blog). The tokenomics documentation (docs.river.inc/tokenomics/tokenomics) notes that 15% of the total 100,000,000 $RIVER supply is allocated to "Investors" with a vesting schedule (3-month cliff, 10% unlock at month 4, 6-month cliff, then 24-month linear vesting), but does not identify any specific backers by name.
Legal
Legal form
Not explicitly disclosed on official sources; LinkedIn lists company type as "Partnership" but this cannot be confirmed as the formal legal structure. The Terms of Service refer solely to "River" without specifying a legal form (e.g. Ltd., Foundation, LLC, etc.).
Registration jurisdiction
Cayman Islands (indicated by governing law, exclusive jurisdiction, and arbitration seat in the Terms of Service — "governed by the laws of the Cayman Islands", seat of arbitration is the Cayman Islands, exclusive jurisdiction in courts of the Cayman Islands).
Status and notes
Privacy Policy (Last Updated: 20 Dec 2024) and Terms of Service (Last Updated: 20 Dec 2024) are published at /privacy-policy and /terms-of-service respectively. The operating entity is not named in either document; the Terms state '"River," "we," "our," or "us" refers to River.' Contact email: [email protected]. The Terms exclude users from the US, Canada, and other excluded jurisdictions. GitHub organization is 'Satoshi-Protocol' with contact email [email protected]. LinkedIn lists the entity as 'River' (formerly Satoshi Protocol), industry Blockchain Services, 2-10 employees, founded 2024, type 'Partnership'. No imprint/impressum page, no company registration number, and no registered address are publicly disclosed on any official channel.