Skip to main content

Introduction

The Dera Protocol is a permissionless, non-custodial yield infrastructure layer deployed on Ethereum mainnet. This page provides a technical overview of the protocol's smart contract architecture for developers, auditors, and integrators. For a full conceptual and economic overview, see the Whitepaper.

The architecture consists of four primary contracts: the DERA token contract, the Dera Engine, the Safety Escrow, and the Protocol Connectors. These components work together to handle capital routing, yield generation, token issuance, and redemption while maintaining full on-chain auditability.

Smart Contract Architecture

DERA Token Contract (ERC-20 + OFTv2)


DERA.sol is the protocol's native yield-bearing token contract. It implements the standard ERC-20 interface with a strict mint/burn mechanism exclusively callable by the DeraEngine contract. DERA tokens are minted only when a user converts a whitelisted stablecoin into DERA via the Engine, and burned only when a user redeems. This preserves the direct relationship between circulating supply and protocol TVL.

DERA integrates LayerZero's OFTv2 (Omnichain Fungible Token Version 2) standard, enabling native cross-chain transfers across supported EVM networks without wrapped tokens or custodial bridges. This omnichain functionality is built on LayerZero's Ultra Light Node (ULN) architecture.


Cross-chain message delivery is secured through a two-actor verification model:

  • Oracle: Provides block headers from the source chain
  • Relayer: Supplies Merkle proofs and transaction payloads


Both actors must independently verify a message before it is finalised on the destination chain via lzReceive(), ensuring exactly-once delivery, ordered message execution, and protection against replay attacks.

Role-Based Access Control

DERA implements a strict permission model via a custom DeraRoles abstract contract, built on OpenZeppelin's AccessControlDefaultAdminRules. This enforces the following:


  • ENGINE_ROLE: Held exclusively by the DeraEngine contract. The only role authorised to mint and burn DERA tokens
  • DEFAULT_ADMIN_ROLE: Transferable only via a mandatory two-step process:
    • beginDefaultAdminTransfer(address newAdmin)
    • acceptDefaultAdminTransfer() — must be called by the receiving address
    • cancelDefaultAdminTransfer() — available to abort a pending transfer


All role changes emit structured on-chain events for full traceability. No unilateral administrative action is possible.