How Does Neverland Work?

Lending|Risk B-|6 mechanisms|4 interactions

Neverland is a Monad-native lending protocol built on the battle-tested Aave V3 architecture, featuring self-repaying loans and veTokenomics through the Pixie Dust (DUST) governance token. With approximately $21M TVL on Monad mainnet, it underwent a security review by Composable Security that identified and resolved 23 issues including 1 critical and 3 high vulnerabilities before deployment. Its B- risk grade reflects the added complexity of self-repaying loan automation on top of Aave V3, dependency on the young Monad L1 chain, and governance concentration risk from veDUST directing 100% of protocol revenue.

TVL

$38M

Sector

Lending

Risk Grade

B-

Value Grade

C-

Core Mechanisms

6.1.1

Aave V3-based lending pools on Monad — overcollateralized borrowing and lending with supply/borrow positions

Standard Aave V3 architecture — battle-tested lending framework. Deployed on Monad with Monad-specific optimizations.

6.2.2

Aave V3 kinked interest rate curves for borrowing rates across supported assets

Standard Aave V3 interest rate model with kinked utilization curves.

5.1.3

veDUST — vote-escrow governance where Pixie Dust (DUST) token is locked for governance power, directing 100% of protocol revenue

Standard veCRV-style vote-escrow tokenomics. veDUST holders direct all protocol revenue, creating strong incentive alignment but also governance capture risk.

6.1.1

Novel

Self-repaying loans — automated yield strategies that use generated yield to repay loan principal over time

Novel addition to Aave V3 base: self-repaying loan functionality that automates yield-to-repayment conversion. Similar to Alchemix model integrated into a lending protocol.

1.3.1

Deflationary DUST token mechanics — portion of protocol fees used for token burns

Standard deflationary mechanism with fee-based token burns.

6.4.1

Oracle feeds for asset pricing in lending markets

Standard oracle dependency inherited from Aave V3 architecture for collateral pricing and liquidation triggers.

How the Pieces Interact

Self-repaying loan automation (6.1.1)Aave V3 lending pools (6.1.1)High

Self-repaying loans add automated yield strategy execution on top of the Aave V3 base. A bug in the repayment automation could incorrectly modify loan positions, potentially creating undercollateralized positions or draining yield that should have been applied to repayment.

veDUST governance directing 100% revenue (5.1.3)Lending pool parametersHigh

veDUST holders direct 100% of protocol revenue. Governance capture by a concentrated holder could redirect all income while also influencing lending parameters (interest rates, collateral factors) in self-serving ways that increase risk for other users.

Monad chain dependencyLending market operationsMedium

Monad is a young L1 chain. If Monad experiences consensus failures, block production delays, or network halts, Neverland's lending markets freeze — oracle updates stop, liquidations pause, and positions accumulate bad debt.

Pre-launch audit findings (1 critical, 3 high)Production deployment securityMedium

The high number of pre-launch audit findings (23 issues, 1 critical, 3 high) suggests complex code with a significant attack surface. Resolved issues reduce immediate risk but the density of findings raises probability of remaining undiscovered issues.

What Could Go Wrong

  1. Pre-launch security audit by Composable Security found 23 issues including 1 critical and 3 high vulnerabilities. While these were resolved before deployment, the high issue count suggests complex attack surface that may harbor additional undiscovered vulnerabilities.
  2. Monad-native deployment means the protocol is tied to Monad's relatively new and less battle-tested infrastructure. Monad is a young EVM-compatible L1, and its reliability under stress has not been extensively proven.
  3. veTokenomics with veDUST governance directing 100% of protocol revenue creates incentive for governance capture — concentrated veDUST holders could redirect all protocol income to themselves at the expense of other users.
  4. Self-repaying loan functionality adds complexity beyond the base Aave V3 architecture, creating additional attack surface in the repayment automation logic.

Self-Repaying Loan Exploit Drains Protocol Reserves

Moderate

Trigger: A vulnerability in the self-repaying loan automation logic allows an attacker to manipulate yield calculations or repayment routing to extract protocol funds

  1. 1.Attacker discovers exploit in the self-repaying loan mechanism that allows artificial yield generation or incorrect repayment crediting Attacker borrows maximum amounts and uses the exploit to rapidly repay loans while extracting value from protocol reserves
  2. 2.Protocol reserves are drained as the exploit processes automated repayments that exceed actual yield generated Lending pool utilization spikes to 100% as reserves are depleted; lenders cannot withdraw deposits
  3. 3.Protocol pauses self-repaying loan functionality to stop the bleeding All existing self-repaying loan users lose automated repayment functionality; some may have partially repaid loans frozen
  4. 4.Confidence in Neverland collapses; healthy borrowers repay and lenders withdraw Protocol TVL drops dramatically as users exit to other Monad lending protocols or off-chain
See all 2 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty3/15
Interaction Severity6/20
Oracle Surface2/10
Documentation Gaps2/10
Track Record10/15
Scale Exposure3/10
Regulatory Risk5/10
Vitality Risk4/10
B-

Overall: B- (35/100)

Lower score = safer

More on Neverland

Is Neverland Safe?

Safety analysis

Is Neverland a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Lending Explainers

How Does Tapioca Work?D+How Does Abracadabra Work?D+How Does Radiant Capital Work?D+How Does YieldBlox Work?D+How Does Aave V3 Work?C-