tokenized asset
Ondo US Dollar Yield USDY
Ondo US Dollar Yield (USDY) is a tokenized real-world asset representing claims on short-term US Treasuries, deployed across 10+ blockchains with ~$994M in AUM. As a smart-contract token, user-level transfers inherit host-chain quantum risk profiles. However, USDY has token-specific quantum-critical vulnerabilities that are entirely unaddressed: (1) Admin and upgrade authority is secured by two Gnosis Safe 4-of-7 ECDSA multisigs whose signers' public keys are exposed on-chain — a long-exposure quantum vulnerability enabling complete token takeover by a future quantum adversary. (2) The Ondo Bridge depends on LayerZero OFT adapters with a classical verifier set, creating a cross-chain supply-integrity vulnerability. The project has published no cryptographic inventory, no quantum risk assessment, no migration plan, and no PQ implementation of any kind. The only mitigating factor is that smart contracts are open-source and verified, enabling community review of the classical implementation. The QRI Score of 3.33 reflects zero quantum readiness at the token-specific layer, capped at 10 by the absence of a public cryptographic inventory. This is a Stage 1 (Quantum Risk Assessed) evaluation where the assessment is performed by the evaluator, not self-reported by the project.
Tokenized RWANot Assessed by ProjectClassical-Only Admin KeysQuantum-Vulnerable Bridge DependencyMulti-ChainLong-Exposure Admin Key Risk
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
3.33 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory published by the project (Readiness & Risk Cap: 10).
- Admin/Gnosis Safe multisig keys use classical ECDSA with exposed public keys from executed transactions; quantum key recovery could enable unauthorized mint, burn, freeze, upgrade, or blocklist operations.
- Cross-chain bridge (LayerZero OFT adapters) relies on classical verifier set; quantum compromise could authorize fraudulent cross-chain minting across all deployed chains.
- No migration plan, PQ roadmap, or quantum-specific governance process exists for any token-specific cryptographic surface.
Key Risks
- Admin key quantum compromise: Both ProxyAdmin owner multisig (0x1a694a...) and Management multisig (0xAEd4ca...) are 4-of-7 Gnosis Safes using ECDSA. Signers have executed transactions on Ethereum mainnet, exposing public keys permanently on-chain. A future CRQC could recover 4 of 7 private keys and execute arbitrary admin actions including: upgrading proxy to malicious implementation, minting unlimited USDY, burning tokens from any address, freezing all transfers, modifying blocklist/allowlist, and changing oracle price parameters.
- Bridge validator compromise: The Ondo Bridge uses LayerZero Omnichain Fungible Token Adapters with a classical verifier set (Axelar, Polyhedra, LayerZero Labs, Ondo DVNs). Quantum compromise of these verifier keys could authorize fraudulent cross-chain mint messages, creating unbacked USDY on destination chains.
- Harvest-now-decrypt-later (HNDL) exposure: All admin multisig public keys and bridge verifier public keys are already visible on public blockchains. Adversaries can harvest this data today and decrypt it once a CRQC becomes available.
- No quantum governance or emergency process: The project lacks any published quantum-specific incident response plan, emergency key rotation procedure, or governance framework for responding to a quantum cryptographic break.
- Multi-chain blast radius: USDY is deployed on Ethereum, Arbitrum, Mantle, Solana, Sui, Aptos, Stellar, Sei, Noble, and Plume. A compromise of the Ethereum admin multisig could affect token integrity across all chains due to centralized admin control and cross-chain bridge dependencies.
Assurance Notes
- Classical smart contract audits (Spearbit, Halborn, Code4rena, Cyfrin, Nethermind, Zokyo) cover USDY contracts but are entirely focused on classical security; no quantum-specific review exists.
- Most recent audit (Spearbit, March 2025) is ~15 months old and does not address post-quantum threats.
- Admin multisig signer identities are not publicly disclosed, making independence and key hygiene unverifiable.
- No public quantum risk assessment, cryptographic inventory, or migration roadmap has been published by Ondo Finance.
- Bridge dependency uses LayerZero OFT adapters with a classical verifier set (including Axelar, Polyhedra, LayerZero Labs, Ondo DVNs); no PQ migration timeline disclosed.
- Gnosis Safe v1.3.0 used for admin multisigs relies on classical ECDSA; Safe ecosystem has no announced PQ migration path.
Non-Scoring Caveats
- Audits are classical-only and the most recent (Spearbit, March 2025) is ~15 months old — this affects Confidence and Assurance notes but does not independently reduce the QRI Score since no PQ implementation exists to audit.
- Multisig signer identities are undisclosed and two multisigs share 6/7 signers — this is an operational security concern but does not change the quantum-vulnerability assessment.
- USDY has no on-chain timelock for upgrades — this amplifies the impact of admin key compromise but is not itself a quantum-specific issue.
- USDY is deployed across 10+ chains with varying host-chain QRI postures. This evaluation addresses only token-specific admin and bridge surfaces; users should also consult host-chain QRI evaluations.
- The Ondo Bridge uses LayerZero OFT adapters with multiple DVNs (Axelar, Polyhedra, LayerZero Labs, Ondo). The exact dependency relationship is partially ambiguous from public sources.
- Future PQ-to-PQ migration of admin keys (if ever implemented) is not scored — only current production state is evaluated.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: USDY has not published any cryptographic inventory, quantum threat model, or quantum risk assessment.
Coverage basis: Absence of any project-published quantum readiness documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory (Readiness & Risk Cap: 10)
Assurance: Ondo Finance's Trust & Security documentation covers institutional partners, transparency, and legal compliance but contains zero mention of cryptography, quantum threats, or post-quantum planning.
This evaluation itself constitutes the first public cryptographic inventory and quantum threat model for USDY's token-specific surfaces.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment
Claim: No project-published evidence record exists. This QRI evaluation assembles evidence from on-chain data, contract verification, and third-party analysis.
Coverage basis: Evaluator-assembled evidence from Etherscan, Ondo docs, Staking Rewards risk rating, IPFS technical documentation
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Evidence is assembled from multiple independent sources. The evidence is credible and consistent but has not been assembled or acknowledged by the project itself.
Implementation Score of 0.25 reflects that this evaluation produces a public evidence record, equivalent to a 'draft specification or research plan' level.
- https://etherscan.io/address/0x96F6eF951840721AdBF46Ac996b59E0235CB985C
- https://etherscan.io/address/0xAEd4caF2E535D964165B4392342F71bac77e8367
- https://etherscan.io/address/0x1a694a09494e214a3be3652e4b343b7b81a73ad7
- https://github.com/stakingrewards/defi-risk-rating/blob/master/ratings/Ondo-USDY.md
- https://docs.ondo.finance/addresses
- https://ipfs.io/ipfs/QmVLyZow92cB4j1fXzVc1LCEwW16F9UxtyoWLtHHW7FUh7
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: Token-level admin authorization (mint, burn, freeze, pause, upgrade, blocklist management) uses Gnosis Safe 4-of-7 ECDSA multisigs. User-level transfers inherit host-chain signature schemes. No PQC or hybrid-PQC exists at any layer.
Coverage basis: Admin authorization via Gnosis Safe multisig (ECDSA); user transfers via host-chain inheritance
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin multisig authorization is entirely ECDSA-only with exposed public keys. No PQC or hybrid path exists.
Assurance: Verified on-chain: Management Multisig (0xAEd4ca...) has 202+ executed transactions confirming public key exposure. Both use Gnosis Safe Singleton 1.3.0 with ECDSA secp256k1 signatures.
User-level transfers inherit host-chain QRI and are not evaluated here. Token-specific admin authorization is the critical surface.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: Admin multisig signers have executed transactions, permanently exposing their ECDSA public keys on Ethereum mainnet. This is a long-exposure (at-rest) quantum vulnerability with no key rotation, address migration, or exposure-mitigation design.
Coverage basis: On-chain transaction history of admin multisig addresses
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure admin public keys with no rotation, deprecation, or migration mechanism. HNDL attack surface is permanent.
Assurance: Management Multisig (0xAEd4ca...) shows 202+ transactions on Etherscan with 'Exec Transaction' method calls, confirming repeated ECDSA signature exposure.
Per QRI Section 7.3 (Attack-Window Classification), this is a long-exposure (at-rest) surface — the most immediate quantum risk category.
Production Cryptographic Protection
Consensus-critical authentication
Claim: USDY is a token, not a consensus network. Consensus authentication is not applicable at the token level.
Coverage basis: Token architecture — no native consensus mechanism
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: USDY is a standard ERC-20 token with no custom state-integrity, commitment, or data-availability mechanisms beyond the host chain's native security.
Coverage basis: Standard ERC-20 token architecture
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
The USDY token does incorporate transfer hooks for blocklist/sanctions enforcement, but these are logical checks (address lookups) rather than cryptographic state-integrity mechanisms.
Production Cryptographic Protection
Privacy and proof layers
Claim: USDY has no privacy layer, zero-knowledge proofs, shielded transactions, or confidential transfer mechanisms.
Coverage basis: Standard transparent ERC-20 token
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: USDY is a token, not a peer-to-peer network. P2P transport and node identity are not applicable at the token level.
Coverage basis: Token architecture — no native P2P network
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, and hardware-wallet workflows
Claim: Admin multisig signers use standard ECDSA wallets (Gnosis Safe) with no PQ or hybrid signing path. There is no evidence of HSM usage, PQ-compatible custody, or hardware-wallet support for post-quantum admin operations.
Coverage basis: On-chain evidence of Gnosis Safe multisig usage; absence of any PQ wallet documentation
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin signers use standard ECDSA wallets with no PQ-compatible custody or signing path.
Assurance: Signer identities are undisclosed, so the specific wallet/HSM configurations cannot be independently verified. However, Gnosis Safe's standard ECDSA secp256k1 signature scheme is confirmed by on-chain contract verification.
Per the Staking Rewards risk assessment, both multisigs share 6/7 signers, and signer identities are not publicly disclosed.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of token-specific value-at-risk is protected from quantum key-recovery attacks. The admin multisig controls ~$994M in TVL across all chains. No PQ protection exists for any token-specific surface.
Coverage basis: Total value locked / assets under management (~$994M as of March 2026)
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: 0% value-at-risk coverage. Admin keys control the entire token supply across all chains with no quantum protection.
Assurance: AUM figure of ~$994M is from Staking Rewards (March 2026). The Ondo Finance: Multisig 2 (0x677fd4...) holds ~$1.85B in token value as of June 2026 per Etherscan.
Per QRI Section 9.3.1, this falls into '<25% — Experimental/negligible protection' territory, but the Implementation Score is 0.00 because there is zero protection.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (admin multisigs, bridge operators, treasury) have been migrated to PQ-safe schemes. All use classical ECDSA.
Coverage basis: On-chain verification of multisig contract type (Gnosis Safe with ECDSA)
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Zero critical wallets migrated to PQ-safe schemes.
Assurance: Both admin multisigs (ProxyAdmin owner and Management) are standard Gnosis Safe 1.3.0 proxies using ECDSA secp256k1.
USDY is not PQ-native and has no classical-ownership-free design.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No identification, measurement, deprecation, or migration of quantum-vulnerable admin key surfaces has been performed.
Coverage basis: Absence of any deprecation, freeze, or migration documentation or on-chain activity
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No identification or deprecation of quantum-vulnerable admin key surfaces.
Assurance: The absence of any quantum-related documentation, on-chain migration activity, or deprecation events is confirmed by comprehensive search of Ondo docs, Etherscan history, and third-party analyses.
The admin multisigs are actively used with no indication of planned key rotation, deprecation, or migration.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No migration or protection roadmap exists for any token-specific quantum-vulnerable surface.
Coverage basis: Absence of any roadmap, proposal, or planning documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Comprehensive search of all Ondo Finance official channels confirms zero quantum-related roadmap content.
This is classified as quantum-critical uncertainty because the absence of a roadmap prevents verification of any future migration path.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for token-specific admin operations.
Coverage basis: Absence of any PQ migration tooling or user-facing features
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: For token-specific admin operations (not end-user transfers), migration accessibility means the ability for multisig signers to transition to PQ-safe signing schemes.
End-user transfer migration is inherited from host chains.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms (deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking) exist for quantum-vulnerable admin surfaces. No exchange, custody, bridge, wallet, or infrastructure coordination for quantum migration has been initiated.
Coverage basis: Absence of any enforcement or coordination activity
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No evidence of quantum-specific coordination with any external party.
The Ondo Bridge's dependency on LayerZero creates a coordination requirement that spans multiple independent projects, none of which have published quantum migration roadmaps.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific emergency disclosure process, incident-response plan, or governance framework exists.
Coverage basis: Absence of any quantum-specific incident-response documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI Section 8.2, the absence of a formal quantum-specific incident-response playbook does not by itself create a Readiness & Risk Cap.
The project has a general Immunefi bug bounty program and classical security audits, but these do not constitute quantum-specific incident response capability.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: No PQC or hybrid-PQC algorithms are used anywhere in the USDY token system. All token-specific cryptography is classical ECDSA (secp256k1).
Coverage basis: On-chain verification of Gnosis Safe multisig (ECDSA secp256k1); absence of any PQC deployment
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No NIST-standardized PQC algorithms deployed for any token-specific cryptographic function.
Assurance: NIST finalized PQC standards in August 2024 (FIPS 203 ML-KEM, FIPS 204 ML-DSA, FIPS 205 SLH-DSA). No evidence of any of these being evaluated or deployed for USDY admin operations.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: Multiple independent audits exist for USDY smart contracts but none address quantum readiness, post-quantum cryptography, or quantum threat models.
Coverage basis: Existing classical audits (Spearbit, Halborn, Code4rena, Cyfrin, Nethermind, Zokyo); zero quantum-specific audit coverage
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Audits are extensive for classical security (8+ independent audits) but scope-mismatched for quantum readiness. The most recent audit (Spearbit, March 2025) covers smart contract security but not cryptographic migration or quantum resistance.
Per QRI Section 6.4, scope-mismatched audits support only the audited component.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: USDY smart contracts are verified on Etherscan with Solidity v0.8.16 source code publicly available. The implementation uses standard OpenZeppelin libraries.
Coverage basis: Etherscan contract verification; GitHub source code availability
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Contracts are verified on Etherscan and source code is available on GitHub. This transparency enables community assessment of quantum vulnerability in the classical implementation.
This is the only subfactor earning a non-zero Implementation Score.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: No documented parameter agility or future upgrade path exists for migrating token-specific cryptography to post-quantum algorithms.
Coverage basis: Absence of any cryptographic agility documentation or PQ upgrade planning
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The USDY contract uses OpenZeppelin's TransparentUpgradeableProxy pattern, which technically enables contract upgrades. However, there is no documented plan for how this upgrade mechanism would be used to transition to PQ-safe admin signatures.
Classified as assurance-only because the absence of documented parameter agility does not itself create a quantum attack vector.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks
Claim: No stateful PQ signatures (XMSS/LMS-style) are used, so stateful-signature safety considerations are not applicable to the current implementation.
Coverage basis: No PQ signature deployment of any kind
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
If USDY migrates to stateful PQ signatures (e.g., XMSS/LMS for admin operations), this subfactor would become applicable.
Algorithm & Implementation Assurance
Performance and resource-impact analysis for PQ deployment
Claim: No performance or resource-impact analysis has been conducted for deploying PQ signatures in the USDY admin workflow.
Coverage basis: Absence of any performance analysis or benchmarking
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI Section 8.2, the absence of a formal performance benchmark does not create a Readiness & Risk Cap by itself. For admin multisig operations (infrequent, low-throughput), PQ signature size and verification cost are unlikely to be deployment blockers.
Admin multisig operations are low-frequency (202 transactions over ~4 years). The performance impact of PQ signatures (~3-8 KB per signature vs. ~65 bytes for ECDSA) would be negligible for this use case.
Report metadata