TARE Stablecoin
// OVERCOLLATERALIZED · ETH-BACKED · VYPER 0.4.x · STATUS: BUILDING
A decentralized, overcollateralized stablecoin pegged to the US dollar, backed by ETH and written entirely in Vyper. Every TARE in circulation is minted against at least 2× its value in locked ETH. Positions are monitored by an on-chain health factor; when collateral falls below threshold, permissionless liquidators step in. No governance token, no admin keys on the engine, no rebasing — just collateral, code, and a price feed.
Vyper 0.4.x
Chainlink Oracle
Moccasin
ERC-20
Liquidations
Health Factor
Sepolia
200%
Min Collateral
50%
Liquidation LTV
10%
Liquidator Bonus
3h
Oracle Staleness
Mechanism
The protocol exposes five primitive actions. Each one is enforced by the engine against the position's live health factor — derived from the Chainlink ETH/USD feed.
- Deposit — Lock ETH in
TareEngine as collateral
- Mint — Borrow TARE up to 50% LTV (2:1 minimum collateral ratio)
- Track — Every position carries a health factor from the live ETH/USD feed
- Liquidate — When health drops below 1.0, any third party repays debt, seizes collateral, and pockets a 10% bonus
- Redeem — Users burn TARE to unlock and withdraw their ETH at any time
healthFactor = (collateralValueUSD × liquidationThreshold) / debtUSD
With liquidationThreshold = 0.5, a position with $200 of ETH and $50 of debt has a health factor of 2.0 — well above the 1.0 liquidation line.
Architecture
| Contract | Responsibility |
|---|
| tare_token.vy | ERC-20 stablecoin. Mint and burn restricted to the engine. |
| tare_engine.vy | Holds collateral, tracks debt, enforces health factor, executes liquidations. |
| oracle_lib.vy | Wraps the Chainlink ETH/USD price feed; reverts on stale data. |
Risk Parameters
| Parameter | Value |
|---|
| Collateral asset | ETH |
| Minimum collateral ratio | 200% |
| Liquidation threshold | 50% |
| Liquidation bonus | 10% |
| Price feed | Chainlink ETH/USD |
| Oracle staleness window | 3 hours |
Threat Model
TARE is built as a learning project, but the following attack surfaces are considered in the design and test suite:
- Oracle manipulation — Single price feed dependency; mitigated by staleness checks and bounded deviation. A production deployment would aggregate multiple feeds.
- Liquidation griefing — Liquidators must repay debt up front; partial liquidations are gas-bounded.
- Reentrancy — All state mutations occur before external calls (CEI pattern); collateral transfers use checks-effects-interactions order.
- Donation / inflation attacks — The engine tracks accounting balances independently of
address(this).balance.
- Insolvency — If collateral value falls below debt before liquidation, the system absorbs bad debt. Overcollateralization plus the 10% liquidator bonus is the only defense.
Build Status
The protocol is currently in the building phase. The core engine, token, and oracle library are implemented and unit-tested. Sepolia deployment scripts are in place; mainnet deployment is gated on completion of the full security review and audit pass.
- ✓ Core contracts (token, engine, oracle lib) implemented in Vyper 0.4.x
- ✓ Moccasin deploy pipeline for Sepolia
- ✓ Unit + integration tests on core flows
- ◐ Stateful fuzzing of liquidation edge cases
- ◐ Multi-feed oracle aggregator for production
- ○ External audit pass
- ○ Mainnet deployment