← All Reports

3Jane — USD3

3.5
USD3 / Ethereum / March 4, 2026
View full report on GitHub →

Score Breakdown

CategoryWeightScore
Audits & Historical Track Record20%3.00
Centralization & Control30%3.75
Funds Management30%3.75
Liquidity Risk15%3.00
Operational Risk5%3.00
Final Score3.5 / 5.0
20%30%30%15%
Medium Risk

Overview

3Jane is a credit-based money market on Ethereum that enables unsecured (uncollateralized) USDC credit lines underwritten against verifiable proofs of crypto assets, bank assets, future cash flows, and credit scores. The protocol is built as a modified fork of Morpho Blue, replacing collateral logic with credit assessment, and uses Yearn V3 tokenized strategy architecture for its vault contracts.

USD3 is the senior tranche of 3Jane's lending pool. Users deposit USDC to mint USD3, and those funds are allocated into a shared lending pool. Idle capital earns baseline yield via Aave V3 USDC market. When borrowers draw down credit lines, funds are withdrawn from Aave and lent at interest rates determined by a base rate + per-borrower risk premium.

Dual-Tranche Structure:

  • USD3 (Senior Tranche): Priority claim on interest repayments, lower risk, lower yield (~2.1% APY). ERC-4626 compliant.
  • sUSD3 (Junior/Subordinated Tranche): First-loss capital. Users stake USD3 to mint sUSD3. Higher yield but absorbs losses first in case of defaults. Has a lock period before withdrawal.

Interest is distributed with an 85/15 split between USD3 (senior) and sUSD3 (junior) tranches.

Links:

Risk Summary

Key Strengths

  • Tier-1 backing: $5.2M seed led by Paradigm, with Coinbase Ventures, Robot Ventures, Wintermute Ventures
  • Solid governance structure: 3-of-5 multisig with 24h timelock on all non-emergency actions
  • Inherited Morpho Blue security: Core lending logic based on extensively audited Morpho Blue codebase
  • Dual-tranche protection: sUSD3 junior tranche + $1M Insurance Fund absorb losses before senior USD3 holders
  • Emergency controls: Dedicated EmergencyController with binary stop controls for rapid incident response

Key Risks

  • Unsecured lending model: Fundamentally higher risk than overcollateralized DeFi lending. Default recovery depends entirely on offchain legal mechanisms and U.S. collection agencies — novel and untested in DeFi
  • Proprietary credit algorithm: The 3CA is a black box. Credit decisions are offchain and opaque. Incorrect credit assessments could lead to systemic defaults
  • No bug bounty program: Notable absence from Immunefi, Sherlock, and Cantina despite managing $20M+ in user funds
  • Novel offchain dependencies: zkTLS/Reclaim Protocol and EigenLayer AVS are early-stage technologies with limited battle-testing
  • Limited team transparency: Only the founder is publicly known. No disclosed legal entity

Critical Risks

  • Default contagion: If multiple borrowers default simultaneously, the sUSD3 junior tranche + $1M Insurance Fund may be insufficient to cover losses, directly impacting USD3 holders
  • Offchain legal dependency: Entire default recovery mechanism depends on U.S. legal system, licensed collection agencies, and credit bureau reporting — none of which have been tested at scale in a DeFi context
  • Upgrade risk: All core contracts are upgradeable via 3/5 multisig + 24h timelock. Anonymous signers. The auditor explicitly recommended splitting roles, which has not been fully implemented
  • Liquidity risk under stress: If utilization spikes due to high borrowing demand or defaults, USD3 redemptions could face significant delays
Full Report

Audits and Due Diligence Disclosures

3Jane-Specific Audits

Auditor Date Type Scope Critical High Medium Low/Info Status
Veridise (4 analysts, 20 person-days) Aug 7–18, 2025 Audit MorphoCredit, USD3/sUSD3, ProtocolConfig, CreditLine, Helper, MarkdownController, InsuranceFund, IRM 1 2 2 5 6 Fixed, 4 Acknowledged
Sherlock (Kirkeelee, mstpr-brainbot) Aug 4–20, 2025 Collaborative Audit MorphoCredit, USD3/sUSD3, CreditLine, Helper, IRM (2 repos: 3jane-morpho-blue + usd3) 0 7 5 3 All fixed/acknowledged
Electisec (Panda, Fede — 10 days, 13 contracts ~2000 LoC) Oct 18, 2025 Audit Full moneymarket + Jane token, RewardsDistributor, PYTLocker 0 1 2 10 All fixed/acknowledged
Sherlock 2 (Obsidian lead, ~40 wardens) Oct 7–17, 2025 Private Contest Full moneymarket + USD3/sUSD3 + Jane/PYTLocker/RewardsDistributor 0 1 7 0 All fixed/acknowledged

Notable findings across all audits:

  • V-3JNE-VUL-001 (Veridise Critical): Funds draining via malicious market creation — attacker could create fake markets with malicious MarkdownManager and CreditLine contracts to drain the MorphoCredit waUSDC wallet. Fixed via access control on market creation.
  • Sherlock H-1: Settlement flow double deduction and incorrect balance clearing — MorphoCredit settlement flow contained critical accounting vulnerabilities that could lead to protocol insolvency. Fixed.
  • Sherlock H-2 through H-7: Various high-severity issues across credit line settlement, repayment flows, and balance tracking. All fixed.
  • Electisec H-1: Pendle YT token interests lost during lock period in PYTLocker — locker never claims accrued yield, so YT tokens are worth $0 at expiry. Feature subsequently removed from codebase.
  • Sherlock 2 H-1: Loss of all YT yield accrued due to PYTLocker staleness (same root cause as Electisec H-1). Fixed.
  • Veridise H-1/H-2: Griefing via small donations resetting lock timer; lock period bypass via uncontrolled startCooldown(). Both fixed.
  • Electisec M-1/M-2: Cooldown restart allows users to bypass cooldown mechanism; JANE burn mechanism is unfair and gameable. Acknowledged/Fixed.

Veridise auditor recommendations: Split the ProtocolConfig.owner role into separate keys with different delays for emergency vs. configuration actions. Enforce access control on market creation (least privilege approach).

Total across all 4 audits: 1 Critical, 11 High, 16 Medium — all fixed or acknowledged. The high volume of findings (particularly in the first Sherlock audit with 7 highs) indicates the codebase had significant issues that were caught and resolved before mainnet deployment.

Inherited Morpho Blue Audits

The core lending logic is a modified fork of Morpho Blue, which has been extensively audited:

Auditor Date Scope
OpenZeppelin Sep–Oct 2023 Morpho Blue & Speed Jump IRM
Cantina Nov 2023 – Mar 2024 Morpho Blue managed review, IRM, Competition, Periphery, Fixed rate IRM

Note: The inherited audits cover the base Morpho Blue logic. 3Jane's modifications (credit-based lending, tranche system, markdown controller) are the novel risk surface covered by the 4 3Jane-specific audits above.

The source code includes a /certora directory indicating formal verification efforts for rate math.

Bug Bounty

  • Not listed on Immunefi, Sherlock, or Cantina
  • Not listed on SEAL Safe Harbor
  • No active bug bounty program found

Historical Track Record

  • Production time: USD3 deployed August 25, 2025 (~6 months)
  • TVL: ~$16.4M (DeFiLlama), with ~$7.2M borrowed
  • Token supply: ~$20.3M USD3, ~$6.4M sUSD3
  • Security incidents: None known
  • Peg history: USD3 is USDC-denominated and redeemable 1:1 from idle reserves; no known depegging events
  • Phase 1 (bootstrapping): During initial phase, USD3 operates in a "fully risk-off" configuration where funds are only deposited into Aave's USDC market. The unsecured lending component ramps up over time

Funding: $5.2M seed round (June 2025) led by Paradigm, with participation from Coinbase Ventures, Robot Ventures, Wintermute Ventures, Breed VC, and Bodhi Ventures. Andre Cronje listed among backers.

Funds Management

USD3 funds are deployed into two channels:

  1. Aave V3 USDC market — baseline yield on idle capital
  2. Unsecured credit lines — funds lent to approved borrowers at interest (base rate + risk premium + potential penalty rate)

Accessibility

  • Minting: Deposit USDC → receive USD3 (1:1). Anyone can mint.
  • Staking: Stake USD3 → receive sUSD3 (junior tranche). Lock period applies (1 month in Phase 1).
  • Redemption: USD3 redeemable for USDC from idle reserves (Aave). A redemption queue with time-based throttling exists for liquidity management.
  • Minting/redeeming is not fully atomic — subject to available idle reserves and throttling mechanisms.

Collateralization

USD3 is fundamentally different from traditional overcollateralized stablecoins:

  • Not overcollateralized — USD3 is backed by USDC deposits that are then lent out via unsecured credit lines
  • Credit-based model: Borrowing limits are based on offchain reputation and financial records, not onchain collateral
  • Default risk: If borrowers default, losses are absorbed first by sUSD3 (junior tranche), then by the Insurance Fund ($1M USDC), and finally by USD3 holders (senior tranche)
  • Markdown mechanism: MarkdownController gradually reduces the value of defaulted loans from their initial value to zero over time, preventing sharp market shocks
  • No liquidation mechanism — there is no onchain collateral to liquidate. Default recovery relies on offchain legal enforcement via U.S.-based collection agencies

Default Recovery Process

  1. Immediate credit score reduction (slashing 3Jane score)
  2. Overdue interest reallocation
  3. Markdown: protocol marks down delinquent/defaulted positions to reflect recovery rate
  4. Insurance Fund coverage ($1M USDC)
  5. NPL Auction: non-performing loans sold to registered U.S. collection agencies via Dutch-style auctions
  6. Offchain legal recovery via credit bureau reporting and regulatory enforcement

Provability

  • USD3/sUSD3 share prices are computed onchain via ERC-4626 standard
  • Outstanding loans and interest accruals are tracked onchain in MorphoCredit
  • Credit assessment is offchain — the 3CA (3Jane Credit Algorithm) is a proprietary black box. Credit line sizes, default risk rates, and repayment schedules are computed offchain
  • zkTLS + Reclaim Protocol provides zero-knowledge proofs of offchain data (bank statements, credit scores), verified by EigenLayer AVS nodes
  • Offchain data sources: Plaid (bank data), Credit Karma (credit scores)
  • Total reserves cannot be fully verified onchain because outstanding loan values depend on offchain repayment status

Liquidity Risk

  • Primary exit: Redeem USD3 for USDC from idle reserves in the Aave V3 pool
  • Throttling: Redemption queue with time-based throttling exists for large withdrawals
  • Utilization risk: If a high percentage of deposited USDC is lent out to borrowers, idle reserves shrink and redemptions may be delayed
  • Current utilization: ~$7.2M borrowed out of ~$16.4M TVL (~44% utilization)
  • No DEX liquidity data readily available for USD3/USDC pairs
  • sUSD3 exit: Subject to lock period (1 month in Phase 1) plus cooldown mechanism
  • No historical stress test data — protocol is only ~6 months old

Centralization & Control Risks

Governance

Ownership structure:

All core contracts (MorphoCredit, ProtocolConfig, CreditLine, USD3) are owned by a TimelockController with a 24-hour delay:

Contracts are upgradeable — MorphoCredit, USD3, ProtocolConfig, and AdaptiveCurveIRM use proxy patterns (TransparentUpgradeableProxy). The 3-of-5 multisig can upgrade contract logic after the 24h timelock delay. CreditLine and Helper are standalone (non-proxy) contracts.

EmergencyController (source verified, deployed address not publicly documented):

  • Has EMERGENCY_AUTHORIZED_ROLE that can: pause protocol, set debt cap to 0, stop USD3 deployments to MorphoCredit, stop new deposits
  • Can revoke individual borrower credit lines
  • Emergency actions bypass the 24h timelock by design (binary stop controls only)

Privileged roles (from Veridise audit trust model):

  • ProtocolConfig.owner: Pauses protocol, sets bounds on grace/delinquency periods, loan sizes, tranche ratios, interest rate configurations
  • CreditLine.owner: Approves credit lines, posts minimum repayments, settles debt from insurance fund.

Auditor noted: These powerful roles are not sufficiently separated — the same owner role controls both emergency and configuration actions.

Programmability

  • Onchain: Interest accruals, share price computation (ERC-4626), loan state tracking, markdown decay — all programmatic
  • Offchain (critical): Credit assessment (3CA algorithm), borrower approval, minimum repayment posting, credit line sizing — all require admin intervention
  • PPS (price per share): Computed onchain algorithmically via ERC-4626 standard, but the total asset value depends on outstanding loan values which can be marked down by admin
  • Hybrid system: Automated onchain mechanics + significant manual offchain operations

External Dependencies

Dependency Criticality Notes
Aave V3 Critical Base yield on idle USDC. Well-audited, blue-chip dependency
Morpho Blue (forked) Critical Core lending logic. Modifications (credit, tranches, markdown) are the novel risk surface
Reclaim Protocol / zkTLS High Offchain data verification for credit scores and bank data. Novel technology with limited battle-testing
EigenLayer AVS High ZK proof distribution and verification. Early-stage infrastructure
Plaid Medium Bank account data access. Centralized offchain dependency
Credit Karma Medium VantageScore/FICO data. Centralized offchain dependency
Yearn V3 Vault Low USD3/sUSD3 vault design pattern. Well-tested

Operational Risk

  • Founder: Jacob Chudnovsky — publicly identified, previously at Ribbon Finance / Aevo. Active on X/Twitter
  • Team: Only founder is publicly known. Rest of team not disclosed
  • Developed in stealth before the June 2025 funding announcement
  • Legal entity: Not publicly disclosed
  • Documentation: Good — comprehensive docs covering architecture, risks, and developer resources
  • Incident response: No incidents to date, untested response plan
  • Funding: $5.2M seed from tier-1 investors (Paradigm, Coinbase Ventures)

Monitoring

Key Contracts (Ethereum)

Contract Address Monitor
USD3 Token (Proxy) 0x056B269Eb1f75477a8666ae8C7fE01b64dD55eCc Supply changes, large deposits/withdrawals, share price
sUSD3 Token (Proxy) 0xf689555121e529Ff0463e191F9Bd9d1E496164a7 Supply changes, lock period changes, cooldown events
MorphoCredit (Proxy) 0xDe6e08ac208088cc62812Ba30608D852c6B0EcBc Borrow/repay events, utilization ratio, new market creation, delinquency/default state changes
ProtocolConfig (Proxy) 0x6b276A2A7dd8b629adBA8A06AD6573d01C84f34E Config changes (pause, debt cap, supply cap, tranche ratios)
CreditLine 0x26389b03298BA5DA0664FfD6bF78cF3A7820c6A9 New credit line approvals, credit line revocations, repayment postings
Helper 0x82736F81A56935c8429ADdbDa4aEBec737444505 Borrower interactions
AdaptiveCurveIRM (Proxy) 0x1d434D2899f81F3C3fdf52C814A6E23318f9C7Df Rate model parameter changes
TimelockController (24h) 0x1dCcD4628d48a50C1A7adEA3848bcC869f08f8C2 Scheduled/executed/cancelled operations, role changes
Multisig (3/5 Safe) 0x33333333bd7045f1a601a1e289d7ab21036fb5ef Signer/threshold changes, submitted transactions

Critical Events to Monitor:

  • Protocol pause/unpause events
  • Debt cap or supply cap changes
  • New credit line approvals (borrowers being approved)
  • Delinquency and default state transitions
  • Markdown events on defaulted positions
  • USD3/sUSD3 share price deviations
  • Insurance Fund balance changes
  • Contract upgrades via TimelockController
  • Multisig signer/threshold changes
  • Large withdrawal requests and redemption queue depth
  • Aave V3 USDC utilization (affects idle reserve availability)

Reassessment Triggers

  • Time-based: Reassess in 3 months (June 2026)
  • TVL-based: Reassess if TVL changes by more than ±30%
  • Incident-based: Reassess after any borrower default exceeding $500K, any exploit, or governance change
  • Default-based: Reassess if default rate exceeds 5% of outstanding loans
  • Audit-based: Reassess if additional audits are completed or bug bounty is established (could improve score)
  • Dependency-based: Reassess if Aave V3 or EigenLayer AVS experience significant security events
  • Phase-based: Reassess when Phase 1 bootstrapping ends and full unsecured lending is active
Submit report inaccuracy