DIP-13: Guarded Launch Phase II

Proposals
1

DIP-13: Guarded Launch Phase II

Preamble

dip: 13
title: Guarded Launch Phase II
author: DerivaDEX Ltd.
discussions-to: https://forum.derivadex.com/t/dip-13-guarded-launch-phase-ii/66
status: Proposed
type: Logic Upgrade
created: 2026-01-22

DerivaDEX Upgrade Proposal #13

Decision Requested

Approve a code update that enables the next phase of launch, subject to applicable governance, security and regulatory readiness determinations, and permits the onboarding of a limited number of qualified users to access mainnet. Additionally, approve amendments to the Security Council Charter required for the launch of the platform and commencement of regulated operations by the Bermuda entity.

Summary

This proposal supports the opening of DerivaDEX mainnet to a limited number of users who meet due diligence requirements. Additionally, this proposal aims to further enhance the functionality, stability, and usability of the DerivaDEX platform by incorporating performance-related and feature-related work, while continuing to refine the DerivaDEX user experience. This version reflects the requirements and conditions communicated in connection with the receipt of a Class T Digital Asset Business Act (DABA) license issued by the Bermuda Monetary Authority (BMA), as understood at the time of proposal submission, in connection with the launch of regulated platform operations.

This proposal also includes amendments to the Security Council Charter, which formalize the Security Council’s consultation obligations with DerivaDex Bermuda Ltd. on matters affecting regulatory status, AML/ATF frameworks, and risk management.

The proposed update to the exchange is already live at testnet.derivadex.io for testing. The site provides a faucet and full functionality on the Sepolia testnet.

Proposer

DerivaDEX Ltd. submits this proposal to the DerivaDAO in its capacity as a proposer, subject to all applicable DAO governance procedures.

Key Updates and Changes

Onboarding and Due Diligence

This proposal updates DerivaDEX’s due diligence architecture to enable more generalizable access-control options. Blockpass remains the currently supported pathway, and these changes allow DerivaDEX to flexibly integrate other risk-management solutions as the industry evolves.

Qualified users from all regions will be required to undergo due diligence before accessing and using the DerivaDEX platform. As part of DerivaDEX’s risk-aware launch, select jurisdictions may be onboarded via front-end interfaces following acceptance of this proposal, subject to ongoing regulatory assessment and operational discretion. Additional jurisdictions may be added over time, aligning with DerivaDEX’s risk-management framework.

User Experience: One-Click Trading

Users will now have the option to enable encrypted trading sessions, allowing them to place trades without providing a new signature for each transaction. This feature remains optional, and users must opt in for each session or device. Sessions can be revoked at any time for enhanced control and security via the user settings menu. The removal of the per-transaction signature requirement significantly improves ease of use for the front-end, without impacting overall system performance.

Price Feed Performance Optimization

This proposal improves price feed performance by redesigning the data structure and algorithms, reducing latency between price feed updates. The updates significantly improve concurrency when processing price feed requests, reducing latency while increasing resource availability for the entire enclave. While these updates enhance backend efficiency, no new data sources or aggregation methods are introduced, ensuring consistency and reliability.

Platform Safety Limitations

As part of the T license process, certain initial guardrails are implemented and these parameters may be adjusted via governance vote where permissible and appropriate, consistent with regulatory guidance and applicable operational considerations. The current parameters are as follows:

  • Maximum order notional: $1,000,000
  • Maximum leverage: 3x (Initial Margin Fraction of 0.33)
  • Price banding: trades cannot execute beyond ±200bps from mark price
  • Maximum open orders: 10 per strategy/market
  • Collateral deposit cap: $10,000 per user (designated market makers exempted)
  • Maximum of 100 users onboarded at launch
  • Mark price cap: ±50bps from median index price
  • Withdrawal rate limits (1M tokens per 50 blocks + 10% of system USDC)
  • Withdrawals only allowed to same deposit address
  • Minimum deposit size of 50 USDC

Upgrade Maintenance

SGX SDK Upgrade: Transition to Teaclave Rust SGX SDK 2.0.0 to incorporate the latest hardware and software improvements. This upgrade adds Rust standard library support to the enclave component, allowing the usage of major, battle-tested Rust libraries in enclave code, thereby increasing reliability and safety within the enclave.

TME Architecture Upgrade: Intel’s Total Memory Encryption (TME) replaces the previous Memory Encryption Engine (MEE), offering dynamically allocated trusted memory, larger Enclave Page Cache (EPC) size limits, and additional safeguards. These updates enhance scalability, simplify implementation, and improve compatibility with modern hardware.

Node Operators

Initial node operator addresses for the DerivaDEX network will be:

  1. 0xAcc288bb7127251C3B372a66840016D4adA9B878
  2. 0x6B769A29247de1Cb830f73324A6478841726a4eB
  3. 0x0fF0C79d8C0d3f38b853656e7759FD15a0A36654

These are subject to change via governance proposal.

Security Council Charter Amendments

The DerivaDAO Security Council is appointed by the Foundation Board to review and advise on governance proposals. Its purpose is to ensure that proposals submitted to the DAO meet security, regulatory, and operational standards before proceeding to a community vote. The Security Council evaluates proposals for potential threats to the protocol’s security, integrity, or regulated status, and provides non-binding recommendations to the Foundation Board. It does not replace the DAO’s authority, and serves as a quality-control mechanism that balances decentralization with necessary technical and regulatory oversight.

Amendments to the Security Council Charter must be approved by the DAO.

Amendment 1: Membership

The current members of the Council are: DEX Labs, Inc. and Techniciens LLC.

Amendment 2: Independence

No Council member shall be an employee of the Foundation or any of its subsidiaries.

Amendment 3: Consultation Authority

The Council shall have the authority to consult with Foundation subsidiaries in order to perform its duties.

Amendment 4: Mandatory Consultation

The Council will consult with the board of DerivaDex Bermuda Ltd. on any proposal that materially affects the Bermuda entity’s operations, AML/ATF program, risk management framework, or regulatory status, and will not issue a favorable recommendation for Board adoption without such consultation.

Amendment 5: Receiving Bermuda Board Recommendations

The Council shall receive and consider recommendations from the board of DerivaDex Bermuda Ltd. on matters affecting that entity’s operations or regulatory status, and make appropriate recommendations to the Foundation Board.

Technical Considerations

Impact on Current Systems

The previous phase of the Guarded Launch focused on establishing mainnet stability without active users and mitigating risks during upgrades. This upgrade (proposal 13) may involve platform downtime as new operators are onboarded and begin submitting checkpoints. User onboarding will not occur until the network achieves a healthy and stable state.

Testing and Validation

The proposed code version has been extensively fuzz-tested and validated through the publicly available Sepolia testnet deployment. Extensive internal testing has been conducted to support stability, recognizing that no system can be guaranteed to be free from defects.

Community and Stakeholder Impact

Community Feedback

This proposal is the next logical step in DerivaDEX’s guarded launch, building on community feedback and the lessons learned during the Pilot phase. It aligns with DerivaDEX’s long-term risk management strategy and incremental approach to user onboarding.

Communication Channels

The status of this proposal, along with updates and progress, will be shared through DerivaDEX’s communication channels, including X (Twitter), email, and Telegram announcements.

Deployment and Risks

Deployment Plan

  • This proposal is expected to be submitted for governance approval on or around January 22, 2026.
  • If passed, it will follow governance procedures for queuing and execution.

Risk Factors

No external audit for this upgrade. No public bug bounty or third-party external audit is planned for this specific upgrade. Extensive internal testing and fuzz testing have been conducted. The guarded launch approach within regulatory parameters, with limited user onboarding and collateral caps, provides additional risk mitigation during the T-license operating period.

Performance and adoption risks. Known risks include potential performance bottlenecks and user adoption challenges. These will be mitigated through incremental onboarding and continuous monitoring.

Operational monitoring. Post-deployment monitoring of operator performance and user feedback will guide future updates.

Rollback and Contingency Plans

Any unforeseen issues during deployment can be addressed through subsequent upgrades to ensure stability and functionality.

Conclusion

This proposal enables the next phase of DerivaDEX’s launch by improving usability, performance, and scalability while maintaining a strong focus on risk management. The Security Council Charter amendments included herein address the BMA pre-condition requirements and formalize the governance relationship between the DAO and the platform’s operation under the Bermuda entity’s regulated framework.

2 Likes