Security Model

Osito Protocol's security model is built on the principle of adversarial design - assuming the worst-case scenario and building safety mechanisms to ensure protocol BERAvency under those conditions.

Adversarial Design Philosophy

Every token is assumed to be malicious until proven otherwise through objective, verifiable criteria. The protocol is designed to remain solvent even if tokens are specifically created to attack it.

Core Security Mechanisms

Worst-Case Borrowing Limits

The foundation of Osito's security is its mathematical borrowing limit formula, which simulates a worst-case scenario where all circulating tokens are dumped into the liquidity pool at once.

max_borrow = pool_BERA - (dumpable_tokens * pool_BERA/pool_tokens / 2)

By limiting borrowing to less than the minimum BERA that would remain after such an event, the protocol guarantees it can remain solvent even under extreme market conditions.

Objective Token Qualification

Tokens must meet verifiable criteria to be used as collateral:

  • Deployed by trusted factories (Panda Factory or Ramen)
  • Verifiably burned LP tokens to ensure there's a baseline of permanent liquidity

No Rehypothecation

Collateral assets are never reused or rehypothecated, allowing for much higher capital efficiency (90% utilization target) without increasing systemic risk. Each asset is used only once as collateral.

Real-Time Risk Assessment

The protocol recalculates borrowing limits in real-time with each interaction, using fresh on-chain data to ensure decisions are always based on current market conditions, not stale information.

Defense Against Common Attacks

Oracle Manipulation

Traditional Vulnerability: Price oracles can be manipulated through flash loans or other attack vectors.

Osito's Defense: No reliance on oracles. All calculations use direct on-chain data and worst-case analysis.

Governance Attacks

Traditional Vulnerability: Governance mechanisms can be captured or manipulated.

Osito's Defense: No governance tokens or subjective decision-making required for normal operations.

Flash Loan Attacks

Traditional Vulnerability: Flash loans can be used to manipulate market prices temporarily.

Osito's Defense: Worst-case scenario calculations already assume maximum negative price impact.

Infinite Mint Attacks

Traditional Vulnerability: Malicious tokens can infinitely mint to manipulate prices.

Osito's Defense: Only tokens from verified deployers (Panda & Ramen) are eligible as collateral.

Liquidation Mechanism

The liquidation system is a critical part of Osito's security model:

All-or-Nothing Liquidations

When a position becomes liquidatable (when borrowed BERA exceeds position max borrow):

  • Liquidators repay the entire debt of the position
  • Liquidators receive most of the collateral (minus a small bonus to the borrower)
  • This simple approach guarantees bad debt is fully resolved in a single transaction

Liquidation Bonus

A small portion of collateral (10%) is returned to the borrower as a liquidation bonus, providing a safety buffer for liquidators while ensuring borrowers retain some value.

Economic Incentives

The liquidation system creates strong economic incentives for liquidators to maintain protocol solvency without requiring centralized intervention.

← Token QualificationInterest Rates →