DAO Architecture

How the DAO runs, in detail

The OPEN protocol uses Compound Money Market code as its lending engine. Very minor changes have been made to the ctoken contracts to enable integration of zaps.

A new factory has been setup that allows the creation of a new lending market instance based on the Compound code.

Each such instance has only two tokens in the market. The collateral token (input parameter) and USDO (default) which is allowed to be borrowed.

Anyone can supply the collateral token to the market and borrow USDO.

The collateral factor is defaulted to 50%. In future versions of the factory this will be made into an input parameter that can be supplied by the deployer.

0.5% fee on borrows, that goes to DAO.

The collateral factor is intentionally set to be static and not made a function of liquidity as the collateral may or may not have onchain liquidity. It is left up to those who supply USDO to the particular lending market to determine if the collateral factor is appropriate or not in line with the permissionless ideal.

The price of USDO is defaulted to $1.

The price of the token is set using an Oracle. The deployer may choose any Oracle as long as it meets the interface standards.

While both Collateral factor and price are effectively controlled by the delpoyer, any market that is whitelisted and seeded by the DAO will have to meet the standards set by the DAO.

The interest rate model is currently static and linear. In the future, deployers will be given a choice of interest rate models which try to optimize for liquidity.

The interest rates are determined by supply and demand which means that they will differ based on which collateral is being used to borrow USDO. Market participants will make a determination on the security of the underlying collateral to determine whether to lend USDO or not against it.

A fee is charged at the factory deployment stage to ensure that spammy, low quality markets are not set up.

A fee is charged at the borrow and repay stage. And borrowers pay interest on any USDO borrowed which they have to repay before they can unlock their collateral.

The design via segregation of lending market instances creates breakwaters which limit any exploits to that specific market.

The collateral token itself cannot be borrowed and the collateral factor of USDO is defaulted to 0 further making any recursive flash loan exploits difficult to execute.

There is no reserve factor between lend and borrow rates. There are no admin keys and a market once deployed cannot be changed. The contracts are not upgradeable giving it another layer of security.

New improvements to the protocol can be pushed as a new factory so that any users deployed previously make a conscious choice to switch rather than have any changes imposed on them.

The overall design is that of permission minimized governance.

Anyone can create any lending market they want and only when the wish the market to be whitelisted or pre-seeded with USDO do they have to present it for governance votes.

But this step is optional and anyone may use any token and create a market and present it for USDO borrowing. The decision to lend rests with the USDO holders.