LlamaRisk, Explained

A specialized DeFi risk research firm operating at the intersection of protocol governance and quantitative finance, LlamaRisk has become one of the most influential independent risk managers in the Ethereum ecosystem — holding mandates across Curve Finance, Aave, and Ethena simultaneously.

What LlamaRisk Does

Risk management in decentralized finance is not a single discipline. It spans collateral assessment, oracle integrity, liquidity modeling, regulatory analysis, and governance participation. LlamaRisk positions itself as a full-stack risk partner: it produces public research, submits governance proposals, sits on risk committees, and in some cases builds the infrastructure — oracles, monitoring tools, analytical frameworks — that protocols use to protect themselves.

The firm operates differently from a traditional auditing shop. Rather than one-time code reviews, LlamaRisk embeds in protocol governance over multi-month or multi-year terms, giving it longitudinal visibility into how risk evolves as markets, collateral types, and code change. That continuity is a meaningful structural advantage in an industry where the threat surface shifts constantly.

CurveCap

Apr 9, 2026

View article →

LlamaRisk expands its risk management mandate across the full Aave protocol fleet

𝕏/@LlamaRisk • Apr 9, 2026

The Curve Finance Partnership

LlamaRisk's longest-running mandate is with Curve Finance, the liquidity protocol underpinning a large share of stablecoin and pegged-asset trading on Ethereum. The Curve DAO has extended the LlamaRisk partnership through April 2027, making it one of the more durable institutional relationships in DeFi governance.

The scope is broad. In Q3–Q4 2024 alone, LlamaRisk drove 26 active governance proposals and helped administer a 250,000 OP grant from the Optimism ecosystem. On the product side, the firm has worked directly on crvUSD — Curve's native stablecoin — including reviewing peg-defense mechanisms during periods of "unusually severe" market conditions and publishing analysis on which monetary policy configurations best protect borrowers.

A notable example of applied research: LlamaRisk's examination of Curve's LlamaLend platform identified that the Quadratic variant of the Semilog Monetary Policy best balanced market performance with user protection — a recommendation grounded in empirical market data rather than theoretical preference. The firm also produced a post-mortem on the LlamaLend sDOLA exploit, attributing the incident to unsmoothed vault oracle reads. A $190,000 donation inflated the price-per-share by 13.79%, triggering hard liquidations for 27 borrowers. The technical specificity of that finding — tracing the damage to a single oracle design choice — illustrates the depth LlamaRisk brings to incident analysis.

LlamaRisk has also been active on crvUSD expansion. The firm formally proposed onboarding Frax's frxUSD stablecoin as a PegKeeper asset for crvUSD with an initial $3 million debt ceiling, and separately proposed disabling all gauges in the Elixir marketplace. Each proposal represents a direct governance action with protocol-level consequences, not just advisory commentary.

Aave: Scaling the Mandate

The other major pillar of LlamaRisk's work is Aave, the dominant decentralized lending protocol. What began as advisory engagement has grown into a formal, renewed mandate covering the full Aave protocol fleet — including Aave V3, V4, and Aave Horizon, the protocol's institutional lending product.

The scope of the Aave relationship reflects how protocols think about risk as they scale. Rather than treating each deployment independently, LlamaRisk has proposed a unified risk framework designed to standardize asset evaluation and provide protocol-wide oversight across all versions. That kind of systemic view matters especially as Aave operates across multiple chains and serves increasingly heterogeneous collateral types.

The firm's incident modeling has been particularly prominent. When the Kelp rsETH bridge was exploited, LlamaRisk modeled potential bad debt exposure between $123 million and $230 million across Layer 1 and Layer 2 scenarios — a range that reflected genuine uncertainty about how the exploit would propagate through Aave's liquidation mechanics. The analysis informed emergency freezes, rate changes, and coverage planning. A full incident report followed, detailing the exploit mechanics, Aave's response, and recommendations to contain protocol risk and protect users.

On the product development side, LlamaRisk published research on the Aave V4 Reinvestment Controller — a mechanism designed to improve capital efficiency by deploying idle reserves into yield-generating strategies. The firm also analyzed GHO, Aave's native stablecoin, examining its backing composition and its growing integration with real-world assets. Separately, LlamaRisk released a preliminary analysis of the GENIUS Act, a proposed U.S. stablecoin regulatory framework, concluding that GHO does not qualify as a "payment stablecoin" under the act's statutory definition — and recommending that Aave maintain GHO's current architecture rather than restructure it to fit the regulatory category.

Danicjade

Jun 9, 2026

View article →

LlamaRisk proposes a unified risk framework for Aave V3, V4 and Horizon, aiming to standardize asset evaluation and protocol-wide risk oversight

𝕏/@LlamaRisk • Jun 9, 2026

Top Comment

Benthic

Jun 9, 2026

116,500 unbacked rsETH entered Aave through a 1-of-1 DVN bridge; bridge design sits inside collateral risk now, same as oracle paths and upgrade keys. Horizon raises the blast radius because shared stablecoin liquidity lets a new RWA tap the whole pool on day one, so issuer, oracle, bridge, and admin-control grades need to throttle caps/LTVs automatically. Wire that into V4 Hub/Spoke limits and LlamaGuard-style NAV bounds, and Aave turns risk review into a liquidity moat for RWAs, PTs, and yield-bearing stables.

Aave Horizon and Real-World Assets

One of the more forward-looking areas of LlamaRisk's work is Aave Horizon, the protocol's dedicated lending environment for tokenized real-world assets (RWAs). Horizon reached $550 million in deposits as RWA lending surged, and LlamaRisk has been building risk infrastructure alongside that growth.

The centerpiece is LlamaGuard NAV, a next-generation oracle for tokenized RWAs built in collaboration with Chainlink and Aave Labs. Traditional price oracles are designed for liquid, continuously traded assets. Tokenized RWAs — which might represent treasury bills, private credit, or real estate — have different pricing dynamics: infrequent valuations, legal risk dimensions, and redemption mechanics that don't map cleanly onto spot price feeds. LlamaGuard NAV addresses this by delivering dynamic, risk-adjusted net asset value feeds with automated safeguards, setting a new technical standard for how DeFi lending can safely accept RWA collateral.

The firm also published a legal risk cartography of tokenized RWAs — a taxonomy of the legal risks embedded in different asset structures, jurisdictions, and issuer arrangements. That kind of cross-disciplinary work, combining legal analysis with DeFi protocol design, is relatively rare and speaks to the breadth of competency LlamaRisk has built.

The Ethena Risk Committee

Beyond Curve and Aave, LlamaRisk has secured a fourth consecutive term on the Ethena Risk Committee. Ethena is the issuer of USDe, a synthetic dollar backed by hedged crypto positions rather than fiat reserves. The risk profile of USDe is meaningfully different from collateral-backed stablecoins: it depends on funding rate dynamics, derivative market liquidity, and custodian counterparty risk.

LlamaRisk's continued presence on the committee reflects both Ethena's complexity and the market's recognition that the firm has developed relevant domain expertise. Sitting on multiple risk committees across different protocol architectures also gives LlamaRisk a cross-protocol view of systemic risk that few single-protocol teams can match.

0xpmm.eth

Apr 20, 2026

View article →

rsETH Incident Report by LlamaRisk Aave details the rsETH bridge exploit, models up to $230M in potential bad debt across L1/L2 scenarios, and outlines freezes, rate changes, and coverage plans to contain protocol risk and protect users.

governance.aave • Apr 20, 2026

Top Comment

Benthic

Apr 20, 2026

$230M bad debt across L1/L2 scenarios is Umbrella-territory and forces the DAO treasury into the coverage math if the worst case lands. Bridge risk was always the underpriced leg of the LRT trade — protocols modeled slashing and depeg but treated cross-chain attack surface as a rounding error. Whether Kelp wears the loss or Aave absorbs it sets the template for how every restaked asset gets priced as collateral from here.

Emerging Research Areas

LlamaRisk's research agenda in 2025–2026 has pushed into several new areas that reflect where DeFi risk is evolving.

Prediction market lending. The firm published research examining the risks of lending against Polymarket positions when prices quickly approach zero — a scenario where collateral can become worthless faster than liquidation mechanisms can respond. This is a genuine frontier problem as prediction markets grow and seek integration with lending infrastructure.

YieldBasis and correlated risk. In partnership with Pangea, LlamaRisk identified that structural flows from Curve's YieldBasis product tightly couple the crvUSD system to Bitcoin price movements. That coupling introduces correlated risk that could amplify stress scenarios. LlamaRisk proposed a three-phase rollout model designed to balance YieldBasis's growth ambitions against Curve's need to manage its credit exposure responsibly — the context being a $1 billion credit line under governance consideration.

Regulatory analysis. The GENIUS Act analysis demonstrates that LlamaRisk is tracking legislative developments that could materially affect protocol design. As stablecoin regulation advances in the U.S. and Europe, protocols will increasingly need formal legal-technical analysis to guide architecture decisions. LlamaRisk appears to be positioning itself to provide that.

How LlamaRisk Gets Paid and Governed

LlamaRisk's engagements are structured as governance proposals — typically multi-month or annual terms approved by token holder votes. The firm submits renewal proposals, which are subject to community scrutiny. The Aave community renewed LlamaRisk for a year; the Curve DAO extended through April 2027. The firm's renewal bid for Curve did face scrutiny amid a broader DeFi risk landscape debate, illustrating that governance-based contracting is not automatic — the firm must continuously demonstrate value to token holders who control the budget.

This model has meaningful implications for how LlamaRisk operates. Its research and proposals are public by design, since the community needs to evaluate them. Transparency is structural, not optional. That differs from how traditional risk consulting firms work, where analysis is typically client-confidential.

Limitations and Criticisms

No risk management process eliminates risk, and LlamaRisk's track record includes incidents that occurred on protocols under its watch. The LlamaLend sDOLA exploit, the rsETH event's potential for Aave bad debt, and the crvUSD peg stress events all occurred during active engagement. The firm's post-mortems on these incidents are valuable precisely because they acknowledge failures honestly — but it is worth being clear that risk management is a mitigation discipline, not a prevention guarantee.

The governance-based funding model also creates potential tensions. A firm that depends on community votes for revenue has incentives to maintain good relationships with protocol teams, which can create subtle pressure against strongly critical assessments. Whether LlamaRisk navigates this tension successfully is a question that community observers continue to monitor.

Outlook

LlamaRisk enters 2026 with its broadest mandate yet — covering Curve, the full Aave fleet including V4 and Horizon, and a fourth term on the Ethena Risk Committee. The firm's research surface has expanded from collateral evaluation into oracle infrastructure, regulatory analysis, and cross-system correlated risk modeling.

The structural trends driving demand for its work are durable: more complex collateral types (RWAs, synthetic assets, prediction market positions), more cross-chain deployments creating arbitrage and liquidation complexity, and a regulatory environment demanding more formal documentation of risk frameworks. LlamaRisk's multi-protocol positioning also means it accumulates pattern recognition across ecosystems that single-protocol risk teams cannot develop internally.

The open question is whether a governance-funded model can sustain the staffing and analytical depth required as DeFi's risk surface keeps expanding — and whether the firm can maintain critical independence as its revenue becomes more dependent on the goodwill of the communities it advises.