stablecoin
GHO GHO
GHO is a ~$584M ERC-20 stablecoin governed by the Aave DAO with zero quantum readiness. The project has published no cryptographic inventory, no quantum risk assessment, no PQC migration roadmap, and no hybrid-PQC or PQ production protection. All spend authorization uses Ethereum ECDSA (secp256k1), permit signatures (EIP-2612) use ECDSA, governance operates through ECDSA-based EVM transactions, and cross-chain supply integrity depends on Chainlink CCIP's classical cryptographic signers. QRI Score of 4 (Stage 0) reflects the complete absence of project-level quantum readiness work combined with fully quantum-vulnerable production cryptography protecting ~$584M in value.
Not AssessedECC-Only Spend AuthorizationLong-Exposure Vulnerable ValueBridge-Dependent: Chainlink CCIPToken Inheritance: Ethereum L1
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
3 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- All GHO spend authorization relies on Ethereum ECDSA (secp256k1) with no PQC or hybrid-PQC path.
- EIP-2612 permit signatures use ECDSA, creating long-exposure vulnerable signatures on-chain.
- Aave DAO governance operates through ECDSA-based EVM transactions; quantum compromise of major AAVE holder keys could enable malicious governance.
- Chainlink CCIP uses classical cryptographic signatures from Decentralized Oracle Networks; a quantum break could enable infinite unbacked minting of GHO on destination chains.
- No public cryptographic inventory or quantum risk assessment exists for GHO.
Key Risks
- Quantum key recovery from exposed Ethereum EOA public keys: any GHO holder who has sent a transaction has permanently exposed their public key on-chain.
- Governance compromise: Quantum break of AAVE token holder keys could enable malicious facilitator onboarding, bucket capacity manipulation, or GSM parameter changes.
- Bridge supply-integrity failure: Chainlink CCIP's DON signers use classical cryptography. A quantum attacker could forge cross-chain messages to mint unbacked GHO on L2s.
- Permit signature harvesting: EIP-2612 permit signatures broadcast on-chain are permanently harvestable and quantum-vulnerable.
- No freeze or deprecation mechanism: GHO has no protocol-level mechanism to freeze, deprecate, or burn quantum-vulnerable tokens.
Assurance Notes
- No quantum-specific audit has been performed on GHO token contracts, facilitator contracts, or CCIP bridge integration.
- GHO token contract source code is open source (MIT license) and verified on Etherscan, providing classical security assurance but no quantum assurance.
- Google Quantum AI paper (March 2026) identifies Aave V3 admin keys as quantum-vulnerable. No quantum-specific response from Aave DAO has been observed.
- Chainlink CCIP has published educational content on quantum-safe cryptography but has not deployed PQC in production CCIP.
- Ethereum Foundation has a structured PQC roadmap targeting 2029, but upgrading Ethereum's base layer does not automatically protect GHO's governance keys, facilitator contracts, or CCIP bridge signers.
Non-Scoring Caveats
- GHO inherits Ethereum L1 quantum risk and will benefit from Ethereum's PQC roadmap (targeting 2029), but Ethereum base-layer upgrades will not automatically protect GHO's governance keys, facilitator contracts, or CCIP bridge dependencies.
- Google Quantum AI paper (Babbush et al., March 2026) identifies Aave V3 admin keys as quantum-vulnerable among ~70 major contracts. This external assessment has not prompted any observed Aave DAO quantum response.
- Chainlink CCIP has published educational content on quantum-safe cryptography and positions CCIP as 'future-proof,' but no production PQC deployment exists in CCIP as of the evaluation date.
- No formal quantum-specific governance proposal has appeared on the Aave governance forum.
- ~$584M in GHO is fully exposed through quantum-vulnerable paths with no protocol-level freeze, deprecation, or policy mechanism to address unmigratable value.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory (weight 3)
Claim: No public cryptographic inventory exists for GHO. No quantum threat model has been published by Aave DAO.
Coverage basis: Absence verified across Aave official docs, GitHub repositories, and governance forum
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory or quantum risk assessment
Assurance: Search of Aave governance forum, official docs, and GitHub found zero quantum-related proposals or documentation for GHO.
Google Quantum AI paper (March 2026) externally identified Aave V3 admin keys as quantum-vulnerable, but this is not a project-published assessment.
Security Assessment & Evidence Preparedness
Public evidence record (weight 2)
Claim: No quantum-specific evidence record exists for GHO.
Coverage basis: Absence of any quantum-related documentation, audits, or transaction examples
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Production Cryptographic Protection
Spend authorization / transaction signatures (weight 9)
Claim: GHO is a standard ERC-20 token. All spend authorization relies on Ethereum ECDSA (secp256k1) with no PQC or hybrid-PQC support.
Coverage basis: Token inherits Ethereum base-layer ECDSA; no custom signature logic in token contract
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All spend authorization is ECDSA-only
Assurance: Verified via Etherscan token contract, GitHub source code, and official documentation.
GHO also supports EIP-2612 permit for gasless approvals, which uses ECDSA signatures.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design (weight 7)
Claim: GHO uses standard Ethereum accounts. Public keys are permanently exposed on-chain after first transaction.
Coverage basis: Ethereum account model: address derived from public key; public key exposed on first spend
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure public keys with no rotation or PQ migration path
Assurance: All GHO holders who have sent transactions have exposed public keys. ~$584M in GHO held across ~7,620 addresses.
Unlike Bitcoin where P2PKH addresses hide public keys until spend, Ethereum permanently exposes public keys on first transaction.
Production Cryptographic Protection
Consensus-critical authentication (weight 6)
Claim: GHO is an ERC-20 token and has no consensus mechanism of its own.
Coverage basis: Token-only asset with no validator set, VRF consensus, or finality signatures
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
State-integrity and data-availability mechanisms (weight 6)
Claim: GHO supply integrity depends on facilitator contracts governed by ECDSA-based Aave DAO governance.
Coverage basis: GhoToken.sol AccessControl roles and facilitator model verified in source code
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Facilitator governance controlled by ECDSA-based Aave DAO
Assurance: The GhoToken contract uses OpenZeppelin AccessControl with FACILITATOR_MANAGER_ROLE and BUCKET_MANAGER_ROLE assigned via Aave governance.
GHO Stewards operate a 3-of-4 multisig for parameter management; Aave Guardian uses a 5-of-9 multisig. All rely on ECDSA.
Production Cryptographic Protection
Privacy and proof layers (weight 3)
Claim: GHO has no privacy or zero-knowledge proof layer.
Coverage basis: Standard ERC-20 token with transparent balances
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication (weight 2)
Claim: GHO is an ERC-20 token, not a P2P network.
Coverage basis: Token asset with no independent P2P networking layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows (weight 2)
Claim: No evidence of PQ wallet, custody, HSM, or hardware-wallet support for GHO.
Coverage basis: No PQ wallet integration documented; standard ERC-20 uses existing Ethereum wallet infrastructure
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQ wallet/custody path for GHO
Assurance: GHO is a standard ERC-20 token compatible with any Ethereum wallet. No wallet or custody provider has announced GHO-specific PQ support.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected (weight 20)
Claim: ~$584M market cap with 0% protected from quantum key-recovery attacks. All GHO value is held in quantum-vulnerable Ethereum accounts.
Coverage basis: CoinGecko and CoinMarketCap market data; all GHO on Ethereum and bridged L2s uses ECDSA-based accounts
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: $584M GHO fully quantum-vulnerable with zero migration coverage
Assurance: Market cap ~$584M as of early June 2026. Coverage <25% → Implementation Score 0.05 per QRI thresholds.
CCIP bridge creates additional value-at-risk on destination chains. A quantum break could enable infinite minting beyond nominal supply.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native (weight 3)
Claim: No critical wallets have been migrated to PQ for GHO.
Coverage basis: No evidence of any PQ migration at any critical GHO custody point
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Critical wallets (GSM, CCIP pools, Steward multisigs, DAO treasury) all use ECDSA
Assurance: Key contracts: GhoToken, GhoCCIPTokenPoolEthereum, GSMUSDC, GSMUSDT, GHO Stewards multisig (3-of-4), Aave Protocol Emergency Guardian multisig (5-of-9). All use standard Ethereum ECDSA accounts.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts identified and deprecated (weight 2)
Claim: No identification, measurement, deprecation, migration, or freeze mechanism exists for quantum-vulnerable GHO accounts.
Coverage basis: No legacy identification program or freeze/deprecation/burn policy
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: No proposals related to identifying, measuring, or deprecating quantum-vulnerable GHO holdings found.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap (weight 3)
Claim: No quantum migration or protection roadmap exists for GHO.
Coverage basis: Absence of any quantum migration plans in Aave documentation, governance, or GitHub
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Ethereum Foundation has a PQC roadmap targeting 2029, but this covers base-layer cryptography only.
GHO may indirectly benefit from Ethereum's EIP-8141 (account abstraction for PQ signatures), but GHO governance keys, facilitator roles, and CCIP bridge require independent migration plans.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults (weight 5)
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user warnings, education, or migration prompts exist for GHO.
Coverage basis: No evidence of any PQ migration tooling or user-facing quantum readiness features
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQ migration path available to GHO users
Assurance: GHO is integrated with standard Ethereum wallets (MetaMask, Rabby, etc.). None offer PQ signature options for GHO transactions.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination (weight 4)
Claim: No enforcement mechanisms exist for quantum migration. No infrastructure coordination prevents unsafe fallback.
Coverage basis: Absence of any deprecation, freeze, disabled legacy signing, or migration enforcement
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: CCIP bridge between Ethereum and L2s is two-way and unrestricted.
Creates a Readiness & Risk Cap condition: 'Two-way bridge allows value to flow back into a non-PQ-secure system without restrictions' → Max QRI 50.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process (weight 3)
Claim: No quantum-specific emergency disclosure or incident-response process exists.
Coverage basis: Aave has general governance guardians and emergency pause mechanisms but no quantum-specific playbook
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Aave has Protocol Emergency Guardians (5-of-9 multisig) that can pause markets. These provide general emergency response but no quantum-specific processes.
Per QRI Note-Only Caveat Rule, the absence of a quantum-specific IR playbook does not reduce the QRI Score by itself.
Algorithm & Implementation Assurance
Uses NIST-standardized PQC algorithms (weight 6)
Claim: GHO uses no PQC or hybrid-PQC algorithms. All cryptography is classical ECDSA secp256k1 via Ethereum.
Coverage basis: Verified in GhoToken.sol source code and official documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No NIST PQC algorithms in use
Assurance: The GhoToken contract imports standard OpenZeppelin ERC20 and AccessControl. No PQC libraries are imported.
NIST finalized PQC standards in August 2024 (FIPS 203, 204, 205). These are available for integration but have not been adopted by GHO or Aave.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit (weight 6)
Claim: No quantum-specific audit exists for GHO. Standard audits cover classical security only.
Coverage basis: Standard smart contract audits exist but do not address quantum threat models
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: GHO token contracts have been audited for classical vulnerabilities. No audit scope includes quantum threat models.
Per QRI Section 6.4, absence of a quantum-specific audit does not by itself reduce the QRI Score when the quantum-critical property (no PQC implementation) is already verifiable from public code.
Algorithm & Implementation Assurance
Open-source, reproducible implementation (weight 3)
Claim: GHO token contracts are open source (MIT license) and verifiable on Etherscan.
Coverage basis: GitHub repositories: aave/gho-core, aave-dao/gho-origin; verified on Etherscan
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: The GhoToken.sol source code is MIT licensed and publicly available. Verified on Etherscan.
This subfactor receives full credit because the existing token implementation is open source and reproducible. This does not imply quantum safety.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path (weight 2)
Claim: No PQ upgrade path is documented for GHO.
Coverage basis: Aave governance can upgrade facilitator contracts but no PQ-specific agility design
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: No crypto-agility framework, PQ algorithm selection criteria, or parameter migration strategy has been documented.
Any PQ transition would require a full token contract migration or proxy upgrade.
Algorithm & Implementation Assurance
Stateful-signature safety (weight 2)
Claim: GHO does not use stateful PQ signatures.
Coverage basis: No stateful signature schemes in use
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Performance and resource-impact analysis (weight 1)
Claim: No PQ performance or resource-impact analysis exists for GHO.
Coverage basis: No documentation of PQ signature sizes, gas costs, or validation impact
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: No analysis exists of how PQ signatures would impact GHO operations.
Per QRI Note-Only Caveat Rule, absence of a performance benchmark does not reduce the QRI Score when no PQ implementation exists.
Report metadata