Ooki Technicals: Permissionless Listings

Ooki Technicals: Permissionless Listings



OOIP-19 proposes an extension to the Ooki protocol that enables any token to be used as collateral to borrow USDC from the internal lending pools. This is established by creating a security module that allows for protocol token (OOKI) staking against arbitrary USDC trading pairs, creating a collateral backstop for permissionless margin trading activities. The collateral backstop creates a debt ceiling which limits the amount of USDC any given collateral token can borrow. This generalizes as a security module that can apply to any USDC pair within the protocol, even those that are permissioned.

Debt Ceiling Dynamics

The debt ceiling allows permissionless listing of arbitrary tokens as collateral by mobilizing previously idle capital within the protocol to earn yield by acting as risk assessors.

When OOKI tokens or iTokens are staked to a trading pair within the security module, each user has a collateral ratio that must be maintained. These tokens are potentially at risk of liquidation if the trading pair is manipulated, so stakers must exercise diligence both regarding the background of the token and its level of liquidity. Initially, the collateral ratio will be 700% for every unit of debt ceiling created. When the collateral ratio is above the initialization rate, stakers to that specific pair are entitled to half of the protocol revenue generated through its activities; the other half goes to all OOKI stakers generally.

Trading rewards for a pair are distributed on a per-epoch basis, which is five days by default. When tokens are staked to a trading pair, they are staked for the entire epoch. Each epoch’s rewards can be triggered by anyone once the period has ended, and period lengths can be configured by governance. Stakers in the OOKI security module can withdraw as long as there is an excess of unused debt ceiling, and unstaking was initiated in the prior epoch.

The yields on staking to permissioned USDC pairs provide market-driven insights into the relative risk of each trading pair’s risk management parameters. This provides a route to market-driven, governance-minimized risk management for lending protocols that can be replicated across the entire vertical, including AAVE.

This design borrows from Synthetix but with spot market assets. As a consequence of using spot market assets, OOKI stakers are not counterparties to trader PnL and do not have to hedge any exposure. Finally, the asset universe is not constrained by access to Chainlink price feeds.


Permissionless collateral in the security module uses the Uni v3 TWAP oracle. Initially, this TWAP will be 1 hour in length, but this can be altered by governance. Project teams are encouraged to lock LP liquidity in a Uni v2 range to provide security against price manipulation attacks. It is up to each Ooki security module staker to determine the quality of liquidity in the pool and to decline to increase the debt ceiling in excess of the cost of attack.

This oracle design is inspired by the Euler protocol. An analysis of the cost of attack over various block lengths can be performed using their open-source tools at https://oracle.euler.finance.


Liquidations of collateral tokens and OOKI staked to the security module proceed via the existing liquidation machinery of the Ooki protocol. Risk parameters around liquidations of permissionless collateral, such as the liquidation discount and permitted leverage, are determined by governance. Initially, all permissionless pairs will have risk parameters that assume a high level of price volatility.