September 1, 2023
Technical Architecture
Dive into the technical architecture of Everstrike.

Technical Architecture

Everstrike is a decentralized perpetual options exchange. The exchange combines off-chain matching with on-chain settlement/custody, achieving performance equivalent to centralized options exchanges such as Deribit, while maintaining the security of decentralized exchanges such as Uniswap and dYdX. Everstrike differentiates itself from other decentralized options exchanges by focusing on perpetual options.

Off-Chain Matching

Everstrike maintains an off-chain matching and risk engine. Clients interface with the engine through the Everstrike API. Submitted orders go through risk checks, ensuring that they are well formed, and that the client can comply with margin requirements. Once an order has successfully passed all risk checks, it is posted to the engine's internal orderbook. If there is an immediate match, a trade takes place. If not, the order is stored in memory, until a match is found.

Off-Chain State Channel

Users of Everstrike maintain a perpetual state channel with the operator of Everstrike. The state channel keeps track of user balances and positions, and can be revoked by either party at any time. The state channel enables Trustless Withdrawals - a 100% permissionless and 100% censorship-resistant withdrawal type.

On-Chain Settlement/Custody

User funds remain on-chain at all times, within the Everstrike smart contracts. Funds within the contracts are divided into four categories:

Free Funds

Free funds can be used for trading and redemptions.

Locked Funds

Locked funds are used as margin for open positions and orders.

Staked Funds

Staked funds can be used to mint Everstrike USD (the internal stablecoin of Everstrike).

Deposited Funds

Deposited funds cannot be used for minting, but may be used for withdrawals and staking.

The user pays a gas fee for the following operations:

  • Deposit
  • Stake
  • Withdraw

Everstrike covers the gas fee for:

  • Mint
  • Redeem (Unstake)

Trustless Withdrawal

Everstrike features a Trustless Withdrawal operation. Trustless Withdrawal is a 100% permissionless and 100% censorship-resistant withdrawal type, which does not require the cooperation of the operator of Everstrike. Trustless Withdrawal relies on an innovative innocent-until-proven-guilty model. To submit a Trustless Withdrawal, the user is required to present an up-to-date state receipt. The state receipt is a simple datastructure, which contains the following properties:

  • Nonce
  • User Signature
  • Operator Signature
  • User Balance
  • User Positions

The user is issued a new state receipt after performing (or being subject to) an operation that modifies the user's balance. These operations include (but are not limited to) the following:

  • Order submission
  • Order cancellation
  • Trade
  • Funding Transaction
  • Deposit
  • Withdrawal

Consider the state receipt a rolling agreement between the user and the operator of Everstrike, on the current balance and positions of the user.When the user wants to initialize a Trustless Withdrawal, they simply submit their latest state receipt to the Everstrike.sol contract on the blockchain. Also included in the request is their desired withdrawal amount. Now the operator is granted 24 hours to prove that the user is behaving fraudulently. To do so, the operator needs to present a state receipt with a higher nonce than the one provided by the user. If the operator manages to do so, the Trustless Withdrawal is cancelled, and the user is punished with a Dishonesty Fee (100 USDT, or 10% of the withdrawal amount, whichever is higher). If the operator cannot present a state receipt with a higher nonce prior to the deadline, the Trustless Withdrawal is declared a success, and Everstrike.sol processes the withdrawal on behalf of the user. While Trustless Withdrawal is completely trustless and censorship-resistant, there are some inherent restrictions associated with the operation:

  • After submitting the Trustless Withdrawal, the user cannot trade until at least one of the following are true: 1) the operator has approved the withdrawal, or 2) the 24 hour deadline is up. If the user decides to trade prior to this, the operator is granted a chance to declare the Trustless Withdrawal invalid, and claim the Dishonesty Fee from the user.
  • Cross Margin cannot be active, while a Trustless Withdrawal is processing. If the user has open positions, the user is encouraged to switch to Isolated Margin, prior to initializing the Trustless Withdrawal operation.
  • The state receipt must have an up-to-date nonce. This prevents the user from re-using expired state receipts.
Order Flow

Prior to submitting a new order, the user must sign a state receipt presented by the operator. The operator must not accept the order prior to the user signing the receipt, or the user could potentially trick the operator. Once the state receipt has been signed, and the order has been accepted by the operator, the operator will sign the receipt themselves, and deliver a copy of the signed receipt to the user. The signed receipt will be stored in three places:

  • Locally, on the users device
  • With the operator
  • Within Everstrike.sol

If the user loses their receipt, they can simply retrieve it from the operator. If the operator refuses to provide the receipt, they can retrieve it from the blockchain, by interacting directly with Everstrike.sol.

Trustless Withdrawal Abuse

To prevent abuse of the Trustless Withdrawal operation (flooding the operator with requests, and making it impossible for the operator to disprove all of the requests in time), each Trustless Withdrawal requires the user to stake a Dishonesty Fee. The Dishonesty Fee remains staked until the Trustless Withdrawal is successfully completed, after which it will reimbursed to the user. If the Trustless Withdrawal is declared invalid, the Dishonesty Fee is claimed by the operator. The Dishonesty Fee is set to 10% of the withdrawal amount, or 100 USDT, whichever is higher. Trustless Withdrawal is also subject to a non-refundable Withdrawal Fee of 20 USDT.

Why does Trustless Withdrawal work?

The state receipt constitutes a rolling agreement between the user and the operator on the balance and positions of the user. The user is guaranteed to always be able to claim the balance amount specified in the latest state receipt. Simultaneously, the Dishonesty Fee incentivizes the user to act in a honest way, and not disrespect the Trustless Withdrawal process, by claiming more than they are entitled to.

Should the user always use Trustless Withdrawal?

It is important to note that Trustless Withdrawal is an escape-hatch. As long as the operator acts in good faith, it is not needed. It is only when the operator acts fraudulently, and censors specific withdrawals, that the user is required to use Trustless Withdrawal.

What are the risks of using Trustless Withdrawal?

From a user POV, the only risk is that you accidentally sign a new state receipt prior to the Trustless Withdrawal completing. The Everstrike frontend will make it impossible for you to do so.

What is the minimum Trustless Withdrawal?

Due to the fees involved (20 USDT non-refundable Withdrawal Fee, and 100 USDT fully-refundable Dishonesty Fee), Trustless Withdrawals are not designed for smaller amounts. It is recommended to use Trustless Withdrawal only for amounts exceeding 100 USDT, and only when you really need it (i.e. when the operator is suspected to be behaving maliciously).

Can Trustless Withdrawal be extended to other operations, such as Unstaking?

Yes. Everstrike V2 will also feature a Trustless Unstaking (Redemption) operation. The operation will work in the same way as Trustless Withdrawal. Any operation that relies on the cooperation of the operator can be made Trustless.

What about UX? Will I need to sign every order?

Optionally, you can grant the operator to access to a session key. This is a short-lived and revocable key that will allow the operator to sign orders on your behalf. You can customize the session key with fine-grained permissions and duration, and if you believe the operator is behaving maliciously, you can instantly revoke it. Enabling the session key functionality provides superior UX at a (slight) decrease in security.

The operator won't issue me a state receipt

If the operator refuses to issue you a new state receipt, you should stop trading immediately, and begin a Trustless Withdrawal as soon as possible (using your latest state receipt). It may be a sign that the operator intends to act maliciously.

Can the operator sign a state receipt on my behalf?

No. The operator never has access to your private key. The operator has your public key, which allows them to verify that you signed a specific state receipt. The public key is also stored within Everstrike.sol, on the blockchain. Your private key lives locally within your wallet, and is never disclosed to third parties.

What prevents the operator or the user from faking a state receipt?

The state receipt must be signed by both the user and the operator.

Can someone else start a Trustless Withdrawal on my behalf?

No. Initializing a Trustless Withdrawal requires access to your private key, which only you have access to.

Related Topics

Explore related topics and concepts within the Everstrike ecosystem.

Experience Perpetual Options Today

Ready to take your options trading to the next level?

Join 15,000+ users who already began trading perpetual options on Everstrike.

Thank you!
Your submission has been received!
Something went wrong! Try again later