How Does Folks Finance xChain Work?
Folks Finance xChain is a cross-chain lending protocol using a hub-and-spoke architecture where the hub chain (Avalanche) stores all protocol state while spoke chains (Ethereum, Base, Arbitrum, BNB Chain) serve as user entry points. It uses Wormhole and Chainlink CCIP for cross-chain messaging, allowing users to supply and borrow assets across multiple chains without bridging. With $15M TVL and $6.2M in funding, it received a C+ risk grade due to the inherent complexity of cross-chain operations and bridge dependency risks, partially offset by strong documentation and a clean audit from Ottersec.
TVL
$11M
Sector
Lending
Risk Grade
C+
Value Grade
C
Core Mechanisms
Lending/Collateral Pricing
NovelCross-chain collateral valuation via hub aggregation of multi-chain oracle feeds
Hub chain aggregates asset prices from spoke chains through Wormhole/CCIP relayed oracle data
Cross-System/Bridge Adapter
NovelWormholeAdapter and CCIPAdapter with BridgeRouter message normalization
Dual-bridge architecture with adapter pattern converting messages to common format for hub processing
Lending/Interest Rate Model
Utilization-based interest rate curves managed on hub chain
Standard lending rate model similar to Aave/Compound but calculated centrally on hub
Lending/Liquidation
Cross-chain liquidation with hub-coordinated health factor monitoring
Liquidations triggered on hub chain with settlement propagated to relevant spoke chains
Token Supply/Vesting Schedule
50M fixed supply with gradual unlock over multi-year schedule
35% community, 24.73% ecosystem, 21.83% seed, 10% core contributors, 4.94% strategic, 3.5% advisors
Governance/Token Voting
FOLKS governance token with protocol parameter control
Standard governance model for lending parameter adjustments
Cross-System/Message Finality
Finality-aware message relaying for value-transfer vs non-value operations
Critical operations wait for spoke chain finality before hub processing, non-value operations relay immediately
How the Pieces Interact
Bridge adapter failure or message delay could cause stale collateral valuations on hub, enabling undercollateralized borrowing
Cross-chain liquidation settlement delays may allow positions to become deeply underwater before execution completes
Utilization rate calculations on hub may lag spoke-chain activity during bridge congestion, mispricing rates
Large token unlocks could shift governance power to early investors, enabling parameter changes favoring insiders
Oracle price updates that arrive at hub before finality confirmation could be used in MEV-style attacks across chains
What Could Go Wrong
- Cross-chain messaging dependency on Wormhole and Chainlink CCIP introduces bridge-layer risk where adapter failures could lock funds across spoke chains
- Hub-and-spoke architecture concentrates all protocol state on a single chain, creating a single point of failure if the hub experiences downtime or exploit
- Only 24.4% of FOLKS tokens are currently circulating with significant unlock events ahead, creating dilution pressure and potential sell-side imbalances
Hub Chain State Corruption via Bridge Adapter Exploit
TailTrigger: Critical vulnerability in WormholeAdapter or CCIPAdapter allows malicious cross-chain message to corrupt hub state
- 1.Attacker crafts malicious message through compromised bridge adapter — Forged deposit or collateral update accepted by hub chain
- 2.Hub processes fraudulent state update as legitimate — Attacker borrows against phantom collateral across multiple spoke chains
- 3.Protocol detects discrepancy between hub state and spoke chain reality — Emergency pause triggered but funds already withdrawn from spoke pools
- 4.Legitimate users on affected spoke chains cannot access their deposits — Bank-run behavior as users on other spokes race to withdraw
- 5.Protocol attempts to reconcile cross-chain state — Extended downtime and potential socialized losses across all spoke chain depositors
Risk Profile at a Glance
Overall: C+ (41/100)
Lower score = safer