Peer-to-peer options and lending with zero owners, no admin keys, no proxy, no pause, and no upgrade mechanism. Immutable smart contracts that run forever.
Write or buy fully collateralized covered calls and puts on WETH and WBTC. No oracle, no liquidation.
No open options found. Be the first to write one.
Fixed-rate, fixed-term loans with no liquidation, no oracle, no margin calls. Lender sets all terms.
No open loan offers found. Be the first to create one.
The philosophy, mechanics, and security model of Onchain DeFi.
Onchain DeFi is a protocol built on a single principle: once deployed, no one can change anything, ever.
There is no owner. No admin keys. No multisig. No proxy contract. No pause mechanism. No upgrade path. No governance token controlling parameters. The smart contracts are deployed to Ethereum mainnet and they run forever exactly as written.
This is the most trustless form of DeFi possible. You don't trust us. You don't trust a DAO. You don't trust a multisig committee. You trust the code, which is immutable and verifiable on Etherscan.
Onchain DeFi consists of two independent smart contracts:
Onchain Options — A peer-to-peer covered options protocol supporting fully collateralized calls and puts on WETH and WBTC, with premiums and settlement in USDC, USDT, or DAI.
Onchain Lending — A peer-to-peer fixed-rate lending protocol with no liquidation mechanism, no oracle dependency, and no margin calls. Lenders set all terms including collateral requirements, interest rate, and duration. Borrowers can never be liquidated before expiry.
Both contracts have a hardcoded whitelist of exactly 5 Ethereum mainnet tokens. These addresses are constants in the contract code and cannot be changed:
A writer deposits underlying tokens (WETH or WBTC) as collateral and sets a strike price in quote tokens (USDC/USDT/DAI), a premium, and an expiry date. A buyer pays the premium and receives the right to purchase the underlying at the strike price before expiry. On exercise, the buyer sends the strike amount and receives the collateral. If the option expires unexercised, the writer reclaims their collateral.
A writer deposits quote tokens as collateral and sets a strike amount in underlying tokens. A buyer pays the premium and receives the right to sell underlying at the agreed price. On exercise, the buyer sends underlying tokens and receives the quote collateral.
There is zero oracle dependency. The buyer decides whether to exercise based on their own market view. The buyer's economic incentive IS the oracle — they will only exercise if it's profitable for them. This eliminates an entire category of attack vectors (oracle manipulation, stale prices, flash loan attacks on price feeds).
A lender creates an offer by depositing loan tokens and specifying the collateral token, required collateral amount, annual interest rate, and loan duration. A borrower fills the offer by depositing the required collateral and receiving the loan tokens (minus a 1% lender-side fee).
At any time before expiry, the borrower can repay the principal plus full interest plus a 1% borrower-side fee to reclaim their collateral. Early repayment is allowed but full interest is still owed. If the borrower does not repay by expiry, the lender claims the collateral.
There is no mid-term liquidation mechanism. If the collateral drops 90% in value during the loan, the borrower still cannot be liquidated. The lender accepted this risk when they set the collateral requirements. This is how lending worked for thousands of years before algorithmic liquidation engines. Two parties agree on terms, and the contract enforces them.
Both contracts charge a flat 1% fee (100 basis points) per side on every transaction. The fee rate and fee recipient address are hardcoded at deployment and immutable.
The security of this protocol derives from its simplicity. The contracts have:
No owner or admin variable. No proxy pattern or delegatecall. No selfdestruct. No pause mechanism. No external oracle calls. No flash loan integration. No pool-based liquidity. No variable parameters. No governance. Hardcoded token whitelist preventing interaction with non-standard ERC-20 tokens. ReentrancyGuard on all state-changing functions. SafeERC20 for all token transfers. Checks-effects-interactions pattern throughout.
Each position is completely isolated. A problem with one option or loan cannot affect any other position in the contract.
These are permanent, deliberate design decisions. There is no mechanism to change any parameter after deployment. This contract will run on Ethereum for as long as the chain produces blocks.
— onchaintoshi
Deployed on Ethereum. Immutable forever. No keys to lose, no admin to corrupt, no governance to capture. Just code.