Monerium / Jan 03, 2023


4 min read

EURe asset risk assessment

Evmknows and the cryptoriskteam have published an asset risk assessment of our EURe e-money token.

The risk assessment includes a detailed description of 1) the European electronic money (e-money) rules under which our EURe token is authorized and regulated and 2) the Monerium smart contracts.

Recommendations regarding e-money

We chose to apply to become an e-money issuer quite simply because e-money is a “battle tested” framework for digital cash in a major jurisdiction, Europe. In our view, European e-money is the most robust framework for digital cash in the world.

After we received our e-money license, this belief has been validated in several ways, for example, in the recent Market-in-Crypto-Assets regulations which bring fiat “stablecoins” under the existing e-money regulations.

However, evmknows and the cryptoriskteam also recommend that we:

  • Publish regular proof-of-reserves attestations from an auditor or through other ways.

We agree. Adding transparency to how our user funds are safeguarded has always been part of our roadmap. We are now undergoing an annual audit and will start the conversation with our auditors and our safeguarding partners about how regular proof-of-reserves attestations can be implemented.

Additionally, we would like to highlight how customer claims are handled in case of insolvency. The European Directive 2009/110/EC on e-money follows the Directive (EU) 2015/2366 on payment services on how customer funds must be safeguarded: “funds […] shall be insulated in accordance with national law in the interest of the payment service users against the claims of other creditors of the payment institution, in particular in the event of insolvency”.

Accordingly, the Icelandic Electronic Money Act No. 17/2013 stipulates that funds received in exchange for e-money shall be paid from the asset pool formed from the funds in priority to all other creditors. E-money claims have a special priority according to the Icelandic Bankruptcy Act No. 21/1991 which states that “assets and interests in the possession of the bankruptcy estate shall be delivered to a third party if the third party proves his entitlement.”

Recommendations regarding smart contracts

Since we received our e-money license, our smart contracts have operated without issues on the Ethereum Mainnet and, more recently, the Polygon Mainnet. As with other parts of our tech stack, the smart contracts were designed and deployed after undergoing a risk analysis.

However, the rapid growth of the blockchain ecosystem, including the emergence of new services such as liquidity pools, has introduced new risks to our Ethereum Virtual Machine compatible smart contracts.

Specifically, evmknows and the cryptoriskteam recommend that we:

  • Replace the owner of the EURe contract with a multi-sig.
  • Keep the SystemAccount as an EOA (for operational reasons > automating mints/burns), however implementing changes into the controller that would put a limit on how much EURe can be minted. This would greatly reduce the repercussions of a compromised SystemAccount.
  • Hire an auditor to review the smart contracts.

We have already started addressing these issues. Solutions will be incorporated into our smart contract product roadmap, and we look forward to announcing the first update in the coming weeks.

It is still early days for Web3. Global commerce and capital markets are just beginning to migrate to shared ledgers. Authorized and regulated electronic money tokens are needed to settle peer-to-peer transactions of tokenized assets.

We thank evmknows and the cryptoriskteam for their contribution to the risk assessment. Their constructive comments help us improve our e-money services for Web3.

Happy New Year!