About

rwaUSD - System Model

rwaUSD only accepts deeply liquid, institutional-grade collateral assets whose risks can be clearly assessed and insured by Lloyd’s of London. Approved collateral may include:

  • Tokenized U.S. Treasury bills or short-duration Treasury products (NAV- or price-based)

  • Tokenized stablecoins (e.g., USDC-like assets and do not accept algorithmically backed assets)

  • Tokenized gold, spot-priced and verified for real-time liquidity

The focus is on transparency, resilience, and reliable liquidity under all market conditions.

1. System model

rwaUSD is generated against locked collateral inside Collateral Accounts. Each account has:

  • one or more collateral balances (by collateral profile)

  • a minted rwaUSD liability

  • accumulated carry charges (fees) applied over time

Solvency is enforced by:

  1. Conservative valuation: risk-adjusted pricing and haircuts

  2. Safety thresholds: minimum collateral coverage per profile

  3. Automated unwinds: unsafe accounts are closed via collateral sales

  4. System backstop: explicit deficit accounting + reserve buffer + last-resort recap

A simplified view:

2. Terminology

This specification avoids inherited naming from other systems. Terms are precise and used consistently:

  • Collateral Account: user-owned position container holding collateral and a rwaUSD liability.

  • Collateral Profile: per-asset configuration (token address + oracle + risk parameters).

  • Minted Principal: the account’s base liability (the amount generated before time-based fees).

  • Fee Index: a per-profile accumulator that grows over time and converts principal into the current liability.

  • Current Liability: what must be repaid now = principal scaled by the fee index (+ any direct charges).

  • Safety Factor: minimum required collateral coverage multiplier for a profile.

  • Haircut: additional discount applied to oracle prices for solvency checks.

  • Unwind: liquidation process for an unsafe account.

  • Auction House: collateral sale mechanism used to settle liabilities.

  • Peg Rail: fixed-spread conversion module between rwaUSD and a reference stablecoin.

3. Design constraints and invariants

3.1 Core constraints

  • Overcollateralized at all times under normal conditions Issuance is only permitted when the account remains above the safety threshold using risk-adjusted prices.

  • Liquid collateral assumptions must be true Collateral profiles in this pool must be liquid enough to unwind on-chain at scale without relying on multi-week redemption.

  • Minimal trusted compute The accounting core should not depend on off-chain computation for state transitions. Oracles provide prices; the core remains deterministic.

  • Composable token, conservative core rwaUSD is a standard ERC‑20 with a narrow, auditable mint/burn surface area.

3.2 Protocol invariants (must always hold)

  1. No untracked issuance Total rwaUSD supply must equal aggregate liabilities recorded by the accounting core (minus any explicitly recorded deficits).

  2. Risk checks gate issuance and withdrawals Any operation that increases risk (mint more, withdraw collateral) must pass the safety check.

  3. Unsafe accounts are unwindable without special permissions Any actor can trigger unwinds. The system must not rely on a privileged operator to remain solvent.

  4. Shortfalls are explicit If collateral sales cannot cover liability, the deficit is recorded and resolved via reserves/recap. No silent socialization.

4. Internal accounting model

The protocol uses a two-layer liability model to avoid per-account “continuous interest updates”:

  • Store principal per account

  • Maintain a per-profile fee index that grows over time

  • Compute current liability lazily on interaction

4.1 Fixed-point conventions

Use distinct precisions to avoid rounding drift:

  • AMT (1e18): token-style amounts and rwaUSD quantities

  • RATE (1e27): high-precision indices and rates

  • ACC (1e45): internal products of AMT × RATE when needed

Names are implementation details; the point is deterministic fixed-point math with enough precision for long-lived positions.

4.2 Liability formulas

For an account a and profile p:

  • principal[a,p] in AMT

  • index[p] in RATE

  • liability[a,p] = principal[a,p] * index[p] / RATE

Total account liability is the sum across profiles if multi-profile borrowing is allowed. Two options exist:

  • Option A (simpler, recommended): one borrowing profile per account

  • Option B (flexible): shared liability bucket with weighted indices

v1 should pick Option A unless there is a strong reason to support mixing collateral profiles in one account.

4.3 Solvency check

For each collateral profile p in an account:

  • locked[a,p]: collateral amount

  • refPrice[p]: oracle USD price

  • haircut[p]: discount factor

  • adjPrice[p] = refPrice[p] * (1 - haircut[p])

Collateral value:

  • collateralValue[a] = Σ locked[a,p] * adjPrice[p]

Required coverage:

  • required[a] = liability[a] * safetyFactor[p]

Safe if:

  • collateralValue[a] ≥ required[a]

This check gates:

  • increasing principal (minting)

  • withdrawing collateral

  • certain collateral swaps inside the account

PreviousHow rwaUSD WorksNextContract Suite

Last updated