Introducing Code4rena Pro League: The elite tier of professional security researchers.Learn more →

blog home

Audits

The Ones in the Arena: Open Dollar

As the first CDP protocol with NVPs, the team over at Open Dollar is well-versed in what’s involved when you’re pioneering new tech. We had the pleasure of chatting with Joseph Schiarizzi, Co-Founder and CEO of Open Dollar (and long-time solidity dev), about the specifics of the project, how security is at the forefront of their plans, the focus of their current audit, and more.

What are you building, and what sets it apart in the space?

Open Dollar is building the most flexible lending protocol in DeFi, centered around LSTs and Arbitrum native assets. With collateral and debt positions tied to tokens instead of accounts, there are new use cases that can be built on top of this new primitive.

What’s your vision for your project? What are you building towards in the longer view?

The ultimate stablecoin:

  • Trusted and safe for everyone everywhere.
  • Ungoverned as much as possible and safe from human intervention or attack.
  • Built to stand the test of time.

Open Dollar can create the best version of a dollar that anyone has ever made. Our protocol is so flexible that it can safely handle more types of collateral. Eventually, our ecosystem can include a long tale of hundreds of different LST types and a whole suite of services built for LST holders that aligns closely with the long-term success of Ethereum.

What’s been the biggest challenge throughout the entire process? Did you have any security concerns?

People have said: “you can’t make debt transferable, someone will always figure out a way to get out of paying you!” But being able to trade entire positions, debt included, is an important primitive that unlocks lots of new opportunities in DeFi. Making sure this part is safe and transparent, and built in a way that users always know what they are buying and selling is a challenge.

What’s been your security strategy so far, and how has it evolved?

We started with a huge priority of isolating our changes from the very complex and proven code of the safe engine. Making sure our NFV system is safe and does not impact the security of other established parts of the code is essential.

Talk more to us about $OD. Your documentation mentions that it’s more flexible and requires less governance than other stablecoins. What are its use cases?

OD gives people easy access to low-interest rate leverage of LSTs and Arbitrum native assets. The NFV means that stablecoin holders can potentially buy vaults as NFTs and redeem their OD for high-quality collateral, making it safer than holding and using other stablecoins. To stay stable, OD uses a GEB/reflexer style PID controller with our own parameters. Instead of allowing humans, who make mistakes, to control so much in the system we rely on math and an ungoverned PID controller that reacts to market forces while creating incentives to keep the token price floating towards the peg.

What role do you see Open Dollar playing in shaping security within the wider web3 ecosystem?

Consider that you would never take out a 30-year mortgage on a home if you couldn’t sell it without paying off the debt. That’s how lending in DeFi works today. Open Dollar is going to change the game in DeFi for how people manage their positions. Now that debt is easily transferable via NFTs, users won’t need to ever scrape up collateral to close a position or pay fees for flash loans: they can always just sell it to someone else. This makes DeFi more usable for more people. Security is even more pivotal when we’re trying to make lending simple and safe enough for non-power users. If DeFi really is for the masses, it needs to be safe enough for them too.

What prompted you to engage with Code4rena?

When I worked at OpenSea on Seaport, my team had a great experience using code4rena to quickly iterate and find bugs. I love the open nature of C4 so it was an obvious choice for us.

What’s the main focus of this particular audit with Code4rena? Are there any areas you’d like auditors to hone in on?

The main focus is the Non-fungible Vaults, NFVs, and a bit of the minimized governance. Auditors will do well to try and create situations where the owner of the NFT and the owner of the vault are not the same, breaking the NFV concept — these will be the highest priority findings.

What technical tips would you give to an auditor looking to participate in your audit?

We made an intro video walking through the contracts that are in scope, so definitely I recommend starting with that. Otherwise, please ask for help, we are all on the same team! Our devs are in discord and ready to help in any way we can.

About Open Dollar

Open Dollar is a lending protocol where users can lock their Liquid Staking Tokens (LSTs) and other assets into Collateralized Debt Positions (CDPs) via NFT Vaults.

Website | Twitter | Discord | Docs | Github

About Code4rena

The leading web3 security marketplace.

Website | Twitter | Discord | Medium | Docs

Open Dollar’s audit with Code4rena began on October 18th, 2023 and runs until October 25th, 2023. More details here.

The Ones in the Arena spotlights emerging and established DeFi projects and their founders, with an eye to celebrating and learning from them. The series’ name is inspired in part by Teddy Roosevelt’s famous quote, which has a central place in Code4rena’s philosophy.

Related Posts

The Ones in the Arena: Doubler