stablecoin
Falcon USD USDF
Falcon USD (USDF) is a ~$1.62B market-cap overcollateralized synthetic dollar deployed as a standard upgradeable ERC-20/BEP-20 proxy token across Ethereum, BSC, XDC, and Base. It has zero quantum-readiness posture. The project has published no cryptographic inventory, no quantum risk assessment, no PQ migration roadmap, and no quantum-related content of any kind in any official documentation, audit, or roadmap. All spend authorization is inherited from classically ECC-based host chains. Admin control sits behind a 4-of-6 Safe multisig using classical ECDSA. Reserve custody (~$1.76B in backing assets as of March 2026) relies on classical MPC from Fireblocks, Ceffu, BitGo, and ChainUp, with 93.6% held in multisig wallets. No public source code repository exists for independent review. Classical smart contract audits (Zellic, Pashov) cover zero quantum considerations. Falcon Finance's published 2025–2026 roadmap addresses RWA integrations, fiat rails, and institutional products exclusively. QRI Score: 0/100 — Stage 0 (Unassessed / No Evidence). The project is entirely quantum-unprepared across every applicable layer.
Not AssessedToken InheritanceECC-OnlyUpgradeable ProxyMulti-ChainStablecoin
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- All spend authorization is ECC-only, inherited from host chains (Ethereum, BSC, XDC, Base) with no PQ or hybrid path — a quantum-capable adversary can forge any USDF transfer on any host chain.
- Admin proxy upgrade authority is controlled by a 4-of-6 Safe multisig using classical ECDSA — a quantum attacker who recovers 4 of 6 signer keys can upgrade the implementation, pause transfers, or manipulate the blacklist.
- Reserve custody (Fireblocks, Ceffu, BitGo, ChainUp) uses classical MPC — reserves backing ~$1.76B in USDF reserves are protected by quantum-vulnerable threshold schemes.
- No public cryptographic inventory exists — the project has not identified or published which cryptographic mechanisms protect user funds, admin controls, or reserve custody.
- No quantum risk assessment, migration roadmap, or PQ mitigation design of any kind has been published.
Key Risks
- Quantum key-recovery attack on any host chain (Ethereum, BSC, XDC, Base) enables forgery of USDF transfers for all ~$1.62B in circulating supply.
- Quantum compromise of 4-of-6 admin multisig signers enables malicious proxy upgrade, token pausing, or blacklist manipulation — a full takeover of the USDF token contract.
- Quantum compromise of MPC-based reserve custodians (Fireblocks, Ceffu, BitGo, ChainUp) could enable theft or misappropriation of the ~$1.76B in collateral backing USDF.
- Cross-chain bridges (Chainlink CCIP, Axelar) introduce additional quantum-vulnerable attack surfaces for wrapped/bridged USDF.
- No public source code means the implementation's exact cryptographic dependencies and admin capabilities cannot be independently audited, increasing uncertainty about the full attack surface.
- With no quantum risk acknowledgment or migration planning, the protocol has no demonstrated capability to respond to accelerating quantum threats.
Assurance Notes
- Classical smart contract audits exist (Zellic March 2025, Pashov February 2025) but cover zero quantum-related scope; these are scope-mismatched for QRI purposes and provide no PQ assurance.
- Weekly reserve attestations by HT Digital and quarterly ISAE 3000 reports by Harris & Trotter LLP cover reserve backing only — no cryptographic or key-management assurance.
- No public GitHub repository or source code exists for the USDF implementation beyond verified proxy bytecode on Etherscan. The implementation at 0x3aDf34C09DAC24E4BAeFB1b1df4C2992edC2b789 cannot be independently reviewed from source.
- The 4-of-6 Safe multisig admin (0x1E482B60bf19Cb1cc859389e0eA3DED153f16Bd7) signer identities are partially documented by LlamaRisk; at least one signer (0x804016c31e52805eb00e0Ef42126Fd3e980A0b33) is identified as Falcon Contract Deployer.
- Reserve custody (Fireblocks, Ceffu, BitGo, ChainUp) uses classical MPC technology with no evidence of PQ-safe MPC migration. As of March 2026, 93.6% of reserves sit in multisig wallets.
- Multi-chain deployment (Ethereum, BSC, XDC, Base) means USDF inherits quantum vulnerability from four separate host chains, multiplying the attack surface.
- Falcon Finance's published roadmap (2025–2026) focuses entirely on RWA integrations, fiat rails, institutional products, and traditional finance connectivity. Zero quantum-related milestones exist.
Non-Scoring Caveats
- As a standard ERC-20/BEP-20 token, USDF cannot independently migrate its base-layer spend authorization until host chains upgrade to PQC. Token Inheritance rule (QRI Section 7.2) applies.
- Classical smart contract audits (Zellic, Pashov) exist and found no critical/high severity issues in the audited scope, but these audits are scope-mismatched for quantum-readiness evaluation.
- Reserve attestations (HT Digital weekly, Harris & Trotter quarterly ISAE 3000) provide transparency on collateral backing but are unrelated to cryptographic key security.
- Cross-chain bridging via Chainlink CCIP and Axelar introduces additional quantum-vulnerable dependencies outside the direct token-evaluation scope.
- No public roadmap or contingency plan for migrating administrative or custody keys to post-quantum secure alternatives exists as of the evaluation date.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: No public cryptographic inventory or quantum threat model exists. Falcon Finance documentation focuses exclusively on collateralization ratios, reserve composition, yield strategies, and classical risk management. Zero quantum or post-quantum terminology appears in any official or audited material.
Coverage basis: Not applicable — no assessment published
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory exists — project has not identified which cryptographic mechanisms protect user funds, admin controls, or reserves.
Assurance: High confidence in the negative finding: exhaustive search of official docs, site, whitepaper, roadmap, and independent research confirms zero quantum-related content.
Falcon Finance's 2025–2026 roadmap focuses on RWA integrations, fiat rails, institutional products, and traditional finance connectivity. Zero quantum-related milestones.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: No quantum-specific evidence record exists. Classical audits (Zellic, Pashov) and reserve attestations (HT Digital, Harris & Trotter) are scope-mismatched for quantum readiness.
Coverage basis: Not applicable — no quantum evidence published
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Zellic and Pashov audits cover classical smart-contract security only. HT Digital and Harris & Trotter attestations cover reserve backing only. None address cryptographic key security or quantum threats.
The project has published classical assurance artifacts, but none constitute a quantum evidence record.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: USDF is a standard ERC-20/BEP-20 token; all transaction authorization is delegated to host chains using classical ECDSA. Token Inheritance rule (QRI Section 7.2) applies.
Coverage basis: Token inherits host-chain (Ethereum, BSC, XDC, Base) ECC-based spend authorization
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All spend authorization is ECC-only, inherited from host chains — a quantum-capable adversary can forge any USDF transfer.
Assurance: Verified on-chain: Ethereum proxy at 0xFa2B947eEc368f42195f24F36d2aF29f7c24CeC2 is a standard OpenZeppelin TransparentUpgradeableProxy. BSC deployment at 0xb3b02E4A9Fb2bD28CC2ff97B0aB3F6B3Ec1eE9D2 is a non-proxy BurnMintERC20. Neither implements any PQ or hybrid signature verification.
Per QRI Token Inheritance rule (Section 7.2), USDF inherits the quantum vulnerability of its host L1/L2 chains. No token-level PQ protection exists.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design prevents long-exposure quantum-vulnerable ownership paths
Claim: All USDF holders interact via standard Ethereum/BSC/XDC/Base EOAs with exposed public keys after first transaction. Long-exposure (at-rest) attack window applies to all transacted EOAs.
Coverage basis: Standard EOA pattern on all host chains
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All USDF holders use standard EOAs with long-exposure public keys — any EOA that has sent a transaction has an exposed public key vulnerable to offline quantum attack.
Assurance: The long-exposure attack window (at-rest) applies to all transacted EOAs. This is a structural vulnerability of all classical Ethereum-based tokens.
No account-abstraction, stealth-address, or PQ-key-derivation mechanism exists at the token or protocol level.
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC where applicable
Claim: USDF is a token without its own consensus layer. Consensus security is inherited from host chains.
Coverage basis: N/A — token has no consensus layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable
Claim: Token state integrity (balances, allowances) is maintained by host-chain EVM execution. No independent state-integrity mechanism exists at the token level.
Coverage basis: N/A — token relies on host chain for state integrity
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable
Claim: USDF has no privacy layer, ZK proofs, shielded pools, note encryption, or stealth address mechanism.
Coverage basis: N/A — no privacy layer exists
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design
Claim: USDF has no P2P network layer.
Coverage basis: N/A — token has no P2P layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path
Claim: All admin, governance, and reserve-custody workflows use classical ECDSA multisigs and classical MPC. No PQ or hybrid wallet/custody path exists. The 4-of-6 Safe multisig admin (0x1E482B60bf19Cb1cc859389e0eA3DED153f16Bd7) and reserve custodians (Fireblocks, Ceffu, BitGo, ChainUp) use quantum-vulnerable classical cryptography.
Coverage basis: Classical 4-of-6 Safe multisig for admin; classical MPC (Fireblocks, Ceffu, BitGo, ChainUp) for reserves
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin multisig (4-of-6 Safe, classical ECDSA) and reserve custody MPC (Fireblocks, Ceffu, BitGo, ChainUp) are quantum-vulnerable. A quantum attacker who compromises these keys can upgrade the token contract or steal reserve assets.
Assurance: Falcon Finance's own documentation confirms reliance on multisig access control and MPC-based custody. Fireblocks and Ceffu MPC implementations use classical threshold ECDSA. 93.6% of reserves sit in multisig wallets as of March 2026.
Signer key exposure is long-duration (at-rest) for EOAs that have sent transactions. At least one signer identified as Falcon Contract Deployer per LlamaRisk.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: 0% of ~$1.62B USDF circulating supply is quantum-protected. All value is held via ECC-based EOAs on quantum-vulnerable host chains. Coverage: <25% → Score 1 per QRI 9.3.1 thresholds, weighted to 0 by Implementation Score of 0.00.
Coverage basis: 0% protection — no PQ or hybrid mechanisms exist
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ~$1.62B in USDF (plus ~$1.76B in reserve collateral) is entirely quantum-vulnerable with 0% protected, 0% migrated, and no migration path.
Assurance: Market cap verified via CoinMarketCap. All holders operate via standard EOAs. The long-exposure attack window applies to all transacted EOAs per QRI 7.3.
Reserve backing of ~$1.76B confirmed by Falcon Finance March 2026 report (HT Digital attestation March 27, 2026). 107.93% backing ratio. 93.6% held in multisig wallets.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (admin multisig, treasury, insurance fund, minter, reserve custodians) have any PQ protection. All use classical cryptography.
Coverage basis: 0 of critical wallets protected
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin multisig, minter (0x57Dd832f0d9547fcA3aA3CCEB052C2FD8818bF4d), insurance fund multisig, and reserve custodians all use classical cryptography.
Assurance: LlamaRisk identifies: (1) DEFAULT_ADMIN_ROLE at 4/6 multisig, (2) MINTER_ROLE at 0x57Dd832f0d9547fcA3aA3CCEB052C2FD8818bF4d, (3) insurance fund in separate multisig. Reserve custodians use classical MPC.
None of the protocol's critical operational wallets have been migrated to or designed with PQ or hybrid protection.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No inventory of quantum-vulnerable value has been published. The concept of 'legacy vulnerable' pools is not addressed in any project documentation.
Coverage basis: No identification or measurement exists
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: High confidence in the negative finding: exhaustive review of all available documentation confirms zero mention of quantum-vulnerable value identification or measurement.
The project has not acknowledged that quantum vulnerability exists, let alone measured or categorized vulnerable value pools.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No quantum migration or protection roadmap exists. Falcon Finance's 2025–2026 roadmap addresses RWA integrations, fiat rails, institutional products, and TradFi connectivity exclusively.
Coverage basis: No roadmap published
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No quantum migration roadmap of any kind exists.
Falcon Finance's published roadmap focuses on RWA integrations, equity tokenization, yield products, and fiat rails. Zero quantum-related milestones.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, warnings, education, or migration prompts exist.
Coverage basis: No migration accessibility exists
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
USDF is a standard ERC-20 token; users interact via standard wallets (MetaMask, etc.) with no PQ features.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist and ecosystem coordination prevents unsafe fallback into vulnerable systems
Claim: No enforcement mechanisms (deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking) exist for quantum migration. The token contract has pause/blacklist functionality but no quantum-specific policy or coordination plan.
Coverage basis: No enforcement mechanisms exist
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The admin multisig can pause transfers and manage a blacklist, which could theoretically be used in a quantum emergency, but no quantum-specific policy or coordination plan exists.
While the token contract has pause/blacklist functionality, these are general security controls with no documented quantum-emergency application, no coordination plan with exchanges, and no predefined triggers.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific emergency disclosure, incident-response, or governance process exists. Falcon Finance has general risk-management documentation and governance via Snapshot + FF token, but no quantum-specific plan.
Coverage basis: No quantum-specific IR process exists
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Per QRI Section 7.4 (Note-Only Caveat Rule), lack of a formal quantum-specific IR playbook is normally a note-only caveat. However, in this case it compounds the fact that no quantum risk has been acknowledged at all.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: No PQC or hybrid-PQC algorithms are used anywhere in the USDF token system. All cryptography is classical (ECDSA, keccak256 for address derivation).
Coverage basis: No PQ algorithms in use
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Zero NIST-standardized or broadly reviewed PQC algorithms are used.
Assurance: Verified from on-chain bytecode: Ethereum proxy is standard OpenZeppelin TransparentUpgradeableProxy with no custom cryptographic extensions. BSC implementation is standard BurnMintERC20.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope
Claim: Existing audits (Zellic March 2025, Pashov February 2025) cover classical smart-contract security only. Reserve attestations (Harris & Trotter) cover financial backing only. No PQ audit exists.
Coverage basis: No PQ audit exists; classical audits are scope-mismatched
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Zellic (March 2025) and Pashov (February 2025) audits found no critical/high severity issues in the classical scope. Harris & Trotter quarterly ISAE 3000 reports cover reserve backing. None address quantum resistance.
Classical audits are recorded as an assurance-only caveat. They do not reduce the QRI Score but are noted as a positive classical-security signal.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: No public source code repository exists for the USDF implementation. The GitHub org 'falconfinance' contains only a Uniswap V2 fork (github.com/falconfinance/v2-core) with no USDF-related code. Only verified proxy bytecode is available on Etherscan/BscScan.
Coverage basis: Source code not publicly available
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public source code repository exists for the USDF implementation. The GitHub org 'falconfinance' contains only a Uniswap V2 fork with no USDF-related code.
Assurance: LlamaRisk explicitly states: 'The GitHub repository is not currently public for Falcon Finance.' The implementation at 0x3aDf34C09DAC24E4BAeFB1b1df4C2992edC2b789 cannot be independently verified from source.
Classified as quantum-critical uncertainty because the lack of source code prevents independent verification of cryptographic dependencies and admin capabilities.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: No documented parameter agility or cryptographic upgrade path exists. The upgradeable proxy pattern theoretically enables future implementation upgrades, but no quantum-related upgrade path, parameter agility plan, or algorithm migration strategy is documented.
Coverage basis: No parameter agility documented
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
While the TransparentUpgradeableProxy on Ethereum could technically support a future PQ-aware implementation upgrade, this is purely theoretical with no documented plan, timeline, or design.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks
Claim: No PQ stateful signatures are in use, so stateful-signature safety considerations do not apply. Classical custody risks are managed via MPC but are quantum-vulnerable.
Coverage basis: N/A — no PQ stateful signatures in use
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment
Claim: No performance or resource-impact analysis exists for potential PQ deployment. Since no PQ algorithms are in use or planned, a PQ-specific analysis is not applicable.
Coverage basis: N/A — no PQ deployment exists or is planned
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Report metadata