Written by: Chaos Labs

Compiled by: AididiaoJP, Foresight News

The Rise of Risk Management and On-chain Capital Allocators (OCCA)

DeFi has entered a new structured phase, where institutional trading strategies are being abstracted into composable and tokenizable assets.

It all started with the emergence of liquid staking tokens, and the tokenized basis trading launched by Ethena Labs became a key turning point for DeFi structured products. The protocol packages a delta-neutral hedging strategy that requires 24-hour margin management into a synthetic dollar token, allowing users to participate with just a single click, thus redefining their expectations of DeFi.

Products that used to belong solely to trading departments and institutions have now entered the mainstream. USDe has become the stablecoin to reach a total locked value of $10 billion the fastest.

The success of Ethena confirms the strong demand in the market for 'institutional strategy tokenization'. This transformation is reshaping market structures and giving rise to a group of 'risk managers' or 'on-chain capital allocators' who package complex yield and risk strategies into simpler products for users.

What is the risk manager and on-chain capital allocator OCCA?

Currently, there is no unified definition of 'risk managers' or 'OCCA' in the industry. This label encompasses various designs, but the commonality is that they all repackage yield strategies.

Translator's note: OCCA stands for Onchain Capital Allocator, which can be understood as a professional fund manager or asset administrator in DeFi, attracting user funds by packaging complex strategies into simple products.

OCCA typically launches branded strategy products, while risk managers often utilize modular money markets (such as Morpho and Euler) to provide yield through parameterized vaults. The total locked value of these two types of products has surged from less than $2 million in 2023 to $20 billion, an increase of about ten thousand times.

This also brings a series of fundamental issues:

  • Where are the deposits being directed?

  • What protocols or counter-parties is the capital exposed to?

  • Even in the face of severe fluctuations, can risk parameters be adjusted flexibly? What assumptions are they based on?

  • How is the liquidity of the underlying assets?

  • What is the exit path if large-scale redemptions or runs occur?

  • Where exactly does the risk lie?

On October 10, the cryptocurrency market experienced the largest altcoin crash in history, affecting centralized exchanges and perpetual contract DEXs, triggering cross-market liquidations and automatic deleveraging.

However, delta-neutral tokenized products seem to be less affected.

Most of these products operate like black boxes, providing almost no information other than highlighted APY and marketing slogans. Very few OCCAs indirectly disclose protocol exposure and strategy details, but key information such as position-level data, hedging venues, margin buffers, real-time reserves, and stress testing strategies is seldom made public; even if it is, it is often selective or delayed.

The lack of verifiable marks or trading venue footprints makes it difficult for users to determine whether a product's resilience stems from robust design, luck, or even financial delays in confirmation. Most of the time, they cannot even know if losses have occurred.

We have observed four recurring weak links in design: centralized control, re-mortgaging, conflicts of interest, and insufficient transparency.

Centralization

Most yield-generating 'black boxes' are managed by multi-signature wallets controlled by external accounts or operators, responsible for custodial, transferring, and deploying user funds. This concentration of control makes it easy to incur catastrophic losses if operational errors occur (such as private key leaks or coercion of signers). This also replicates common patterns of bridge attacks from the previous cycle: even without malicious intent, a single compromised workstation, phishing links, or internal personnel abusing emergency permissions can cause significant damage.

Re-mortgaging

In some yield products, collateral is reused among multiple vaults. One vault deposits into or lends to another, which then recycles into a third. Investigations have found circular lending patterns: deposits are 'cleaned' through multiple vaults, artificially inflating TVL and forming recursive chains of 'minting-lending' or 'borrowing-supplying', continuously accumulating systemic risk.

Conflicts of interest

Even if all parties act in good faith to set optimal supply/borrowing limits, interest rate curves, or choose appropriate oracles for the product, it is not an easy task. These decisions involve trade-offs. Markets that are too large or have no limits may exhaust exit liquidity, leading to liquidation failures and potentially triggering manipulation. Conversely, limits that are too low may restrict normal activities. Ignoring the depth of liquidity in interest rate curves may trap lenders' funds. When curators' performance is assessed based on growth, the issue becomes more prominent, as their interests may diverge from depositors.

Transparency

The market cleanup in October exposed a simple fact: users lack effective data to assess risk positions, risk marking methods, and whether supporting assets are always sufficient. While it may be unrealistic to publicly disclose all positions in real-time due to risks such as front-running and short squeezing, a certain degree of transparency is still compatible with business models. For example, visibility at the portfolio level, disclosure of reserve asset composition, and hedge coverage by asset can all be validated through third-party audits. The system can also introduce dashboards and proofs to reconcile custody balances, custody or locked positions against outstanding liabilities, providing reserve proofs and governance without exposing transaction details.

A viable path forward

The current wave of interest-bearing products is pushing DeFi away from its original intentions of being 'non-custodial, verifiable, and transparent', towards an operational model closer to traditional institutions.

This transformation is not inherently sinful. The maturity of DeFi has created space for structured strategies, which indeed require a certain degree of operational flexibility and centralized operations.

However, accepting complexity does not equate to accepting opacity.

Our goal is to find a feasible middle ground that allows operators to execute complex strategies while retaining transparency for users.

To this end, the industry should move in the following directions:

  • Reserve proof: It should not only promote APY but also disclose underlying strategies, along with regular third-party audits and PoR systems, allowing users to verify asset backing at any time.

  • Modern risk management: Existing solutions can price and manage risks for structured yield products. Mainstream protocols like Aave have adopted risk oracles to optimize parameters through decentralized frameworks, maintaining the health and safety of money markets.

  • Reducing centralization: This is not a new issue. Bridge attacks have forced the industry to face problems such as upgrading permissions, collusion among signers, and opaque emergency permissions. We should learn from these lessons and adopt threshold signatures, key role separation, role separation (proposal/approval/execution), instant funding of minimum hot wallet balances, custodial withdrawal whitelists, time-lock upgrades for public queues, and strictly revocable emergency permissions.

  • Limiting systemic risk: The reuse of collateral is an inherent characteristic of insurance or re-mortgaging products, but re-mortgaging should be limited and clearly disclosed to avoid the creation of circular minting - borrowing loops between related products.

  • Aligning mechanisms transparently: Incentives should be as public as possible. Users need to know where the interests of risk managers lie, whether there are related party relationships, and how changes are approved, so that the black box can be transformed into an assessable contract.

  • Standardization: On-chain packaged yield assets have become a $20 billion industry. The DeFi field should establish minimum standard general classifications, disclosure requirements, and event tracking mechanisms.

Through these efforts, on-chain packaged yield markets can retain the advantages of professional structuring while leveraging transparency and verifiable data to protect users.

Conclusion

The rise of OCCA and risk managers is an inevitable result of DeFi entering the structured product stage. Since Ethena proved that institutional strategies could be tokenized and distributed, the formation of a professional allocation layer around money markets has become a foregone conclusion. This layer itself is not the problem; the issue lies in the operational freedom it relies on, which should not replace verifiability.

The solutions are not complicated: release reserve proofs corresponding to liabilities, disclose incentives and related parties, limit re-mortgaging, reduce single-point control through modern key management and change control, and integrate risk signals into parameter management.

Ultimately, success depends on whether three key questions can be answered at any time:

  • Are my deposits backed by real assets?

  • What protocols, venues, or counter-parties are exposed to the asset?

  • Who is controlling the assets?

DeFi does not need to choose between complexity and fundamental principles. Both can coexist, and transparency should expand in tandem with complexity.