How Does dForce Work?

Lending|Risk B-|7 mechanisms|5 interactions

A lending and stablecoin protocol deployed across 7+ blockchains including Ethereum, Arbitrum, and BSC, managing about $100M in deposits. Its D+ grade reflects two separate hacks ($25M in 2020, $3.64M in 2025) and the amplified risk of running the same code on many chains.

TVL

$1M

Sector

Lending

Risk Grade

B-

Value Grade

D+

Core Mechanisms

Lending/Over-Collateralized

Multi-asset lending pools with variable interest rates across 7+ chains

Standard over-collateralized lending similar to Compound/Aave. Users deposit collateral and borrow against it. Interest rates follow kinked utilization curves.

Stablecoin/CDP

USX decentralized stablecoin minted against multiple collateral types including BTC, ETH, LSDs, and LP tokens

USX is minted via collateral deposit similar to DAI. Supports diverse collateral types including liquid staking derivatives and LP tokens, adding complexity to risk management.

Stablecoin/Swap-Module

USX 1:1 swap facility with USDT, USDC, and DAI via protocol-owned liquidity

Protocol maintains liquidity reserves for direct 1:1 swaps between USX and major stablecoins. This peg maintenance mechanism depends on sufficient reserve depth.

Interest-Rate/Kinked-Utilization

Kinked utilization interest rate curves with governance-adjustable parameters

Standard Aave/Compound-style interest rate model with a kink point. Parameters are set per asset per chain via governance.

Governance/Token-Weighted

DF token governance with voting on risk parameters, collateral listings, and protocol upgrades

DF token holders govern the protocol. The token also serves as insurance backstop: DF can be minted as compensation for bad debts or exploits.

Liquidation/Fixed-Spread

Fixed-spread liquidation with bot-dependent execution across multiple chains

Liquidation mechanics depend on third-party bots monitoring positions across all chain deployments. Liquidation reliability varies significantly by chain based on bot coverage.

Cross-Chain/Multi-Deployment

Identical protocol code deployed on Ethereum, Arbitrum, Optimism, BSC, Polygon, Avalanche, and KAVA

dForce operates independent deployments on 7+ chains. Each deployment has its own TVL, risk parameters, and liquidation infrastructure. Cross-chain consistency is a governance challenge.

How the Pieces Interact

Multi-chain deploymentSmart contract vulnerabilityCritical

A single smart contract bug affects all 7+ chain deployments simultaneously. The February 2025 exploit demonstrated this exact risk: the same read-only reentrancy vulnerability was exploited on both Arbitrum and Optimism before the protocol could respond.

DF insurance mechanismMulti-chain exploit exposureHigh

DF token minting for exploit compensation dilutes all holders. A multi-chain exploit compounds the required compensation, potentially leading to hyperinflation of DF supply and token value collapse.

USX collateral diversityCross-chain liquidation infrastructureCritical

USX is backed by diverse collateral across chains, but liquidation bot coverage on smaller chains (KAVA, Polygon) is thin. During market crashes, positions on low-liquidity chains accumulate bad debt that undermines USX peg globally.

USX swap moduleProtocol-owned liquidity reservesHigh

The 1:1 USX swap facility depends on protocol-owned stablecoin reserves. A bank run depletes reserves, breaking the swap facility and forcing USX holders to sell on secondary markets at a discount.

Lending poolsOracle price feedsMedium

Lending operations across 7+ chains depend on oracle accuracy for each chain. Oracle lag or manipulation on any single chain can create arbitrage opportunities that drain lending pools.

What Could Go Wrong

  1. Two separate exploit incidents (2020 reentrancy for $25M, 2025 read-only reentrancy for $3.64M) demonstrate persistent smart contract security weaknesses
  2. Multi-chain deployment across 7+ chains creates a vast attack surface where a single vulnerability can be exploited across all deployments
  3. USX stablecoin depends on liquidation infrastructure quality that varies dramatically across smaller chains with thin DEX liquidity

Multi-Chain Smart Contract Exploit Cascade

Moderate

Trigger: A smart contract vulnerability is exploited on one chain, and the same code deployed on other chains is attacked in rapid succession before patches can be applied

  1. 1.Attacker discovers and exploits a reentrancy or logic vulnerability on one chain deployment Funds drained from the affected chain's lending pools; protocol pauses that deployment
  2. 2.Same vulnerability exists on 6+ other chain deployments with identical code Copycat attackers or the original exploit the same bug on other chains before governance can act
  3. 3.USX stablecoin backing becomes undercollateralized across multiple chains USX depegs as users realize backing is insufficient; confidence in the protocol collapses
  4. 4.Lenders rush to withdraw remaining funds from unaffected pools Bank run dynamics drain all available liquidity; utilization hits 100% and remaining depositors are locked
See all 2 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty0/15
Interaction Severity8/20
Oracle Surface2/10
Documentation Gaps5/10
Track Record10/15
Scale Exposure0/10
Regulatory Risk5/10
Vitality Risk5/10
B-

Overall: B- (35/100)

Lower score = safer

More on dForce

Is dForce Safe?

Safety analysis

Is dForce a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Lending Explainers

How Does Tapioca Work?D+How Does Abracadabra Work?D+How Does Radiant Capital Work?D+How Does YieldBlox Work?D+How Does Aave V3 Work?C-