Iris · options, anywhere
DocsLearnLaunch app →

Iris documentation

Iris is a cross-chain front-end on top of Derive's permissionless options orderbook. It owns no contracts and no liquidity — it adds the onboarding, the retail UX, and the signing layer that turns a click into a valid order on Derive.

Overview

Derive (ex-Lyra) runs a permissionless, hybrid options orderbook: the matching is fast and off-chain, settlement is non-custodial and on-chain on Derive Chain (an OP-Stack L2). Anyone with a Derive account can read the market and submit signed orders — there is no market-maker whitelist.

Iris rides that liquidity and reframes it for normal users: deposit any token from any chain, and run a single-leg, fully collateralised options strategy presented as a plain-English yield product ("deposit USDC, earn X% APR").

Architecture

  any token / any chain
        │  LI.FI (swap + bridge)
        ▼
  USDC on Derive Chain ── deposit ──▶ Subaccount (collateral + positions)
        ▲                                   ▲
        │ Privy embedded wallet             │ signed orders (EIP-712)
        │                                   │
  ┌─────┴───────────── Iris web (Next.js) ──┴──────────┐
  │  funding UI · strategy cards (APR) · trade · portfolio │
  └───────────────────────┬────────────────────────────┘
                          │ REST
              ┌───────────▼────────────┐
              │  Iris server (Node/TS)  │  holds the session key,
              │  Derive client + signer │  signs every order
              └───────────┬────────────┘
                          ▼
              Derive REST/WS  (api.lyra.finance)
LayerOwned by DeriveOwned by Iris
Liquidity / orderbook
Smart wallets, subaccounts, session keys
Matching + on-chain settlement
Cross-chain onboarding (Privy · LI.FI · Arc)
Retail framing (options → APR)
Order signer (EIP-712)

End-to-end flow

1 · Fund

The user holds some token on some chain. LI.FI quotes a route that swaps + bridges it into USDC heading to Derive Chain (in one transaction). The USDC lands in the user's Derive smart wallet and is deposited into a subaccount as collateral.

2 · Discover

The Iris backend reads Derive's public endpoints (get_instruments, get_ticker) for live options — prices, greeks, implied volatility, top-of-book. The strategy layer turns each option into an economics object: premium, collateral, breakeven, and an annualised yield.

3 · Trade

The user clicks a card ("Earn 72% APR"). The backend builds the trade, signs it with a session key (EIP-712), and submits it to Derive's matching engine. The order crosses the live book; the position settles on-chain and shows up in the subaccount.

Order signing (EIP-712)

Every order is a signed authorization. Iris ports the official Derive scheme (derivexyz/v2-action-signing) 1:1. The steps:

1. ABI-encode the trade module data
   [asset, subId, limitPrice·1e18, amount·1e18, maxFee·1e18, recipientId, isBid]
2. moduleDataHash = keccak(encoded)
3. actionHash = keccak( abi.encode(
     ACTION_TYPEHASH, subaccountId, nonce, tradeModule,
     moduleDataHash, signatureExpiry, owner, signer) )
4. digest = keccak( 0x1901 ‖ DOMAIN_SEPARATOR ‖ actionHash )
5. signature = sign(digest, sessionKey)   // 65 bytes
6. POST /private/order { ...order, signer, signature, nonce }

The matching engine recovers the signature, checks the signer is a registered session key for that subaccount, and matches. The nonce (timestamp + random) prevents replay; the DOMAIN_SEPARATOR binds the signature to the right chain and contracts.

Strategies & economics

All three presets are the same primitive — one option, fully collateralised. They differ only in option type, direction, and collateral.

PresetActionCollateralFramed as
Cash-Secured Putsell a putUSDC (strike × size)"deposit USDC, earn APR"
Covered Callsell a callthe underlying"yield on an asset you hold"
Buy Callbuy a callpremium paid"capped-risk upside bet"

The yield framing for the income presets:

periodReturn = premium / collateral
APR          = (premium / collateral) × (365 / daysToExpiry) × 100

Security model

EOA (you) ──owner──▶ Smart Wallet ──holds──▶ Subaccount (funds + positions)
   │ signs only onboarding                         ▲
   Session key (Iris backend) ──signs orders───────┘
       └─ CANNOT withdraw to an arbitrary address

Iris holds only the session key. Even a fully compromised backend can place trades inside the subaccount but cannot move funds out — withdrawals require the owner key, which never leaves the user.

Why no liquidationsSingle-leg fully collateralised means the maximum obligation is pre-funded (e.g. a cash-secured put locks the full strike in USDC). No margin, no liquidation, no risk maths — which is exactly what lets us present it as a simple yield product.

Backend API

MethodRoutePurpose
GET/api/healthenv + trading status
GET/api/presetsthe strategy presets
GET/api/strategies/:presetlive candidates + APR
GET/api/instrumentsraw option instruments
GET/api/ticker/:instrumentlive ticker + greeks
POST/api/tradesign + place an order
GET/api/accountcollateral + positions
GET/api/historytrade history

Onboarding (testnet)

The demo trades on Derive testnet (api-demo.lyra.finance, chain id 901) — no real money. One-time setup:

  1. Generate a session key (npm run signkey).
  2. Connect at testnet.derive.xyz; get gas from l2faucet.com/derive.
  3. Get test USDC through the app's deposit flow (the test-USDCmint() is gated to Derive's bridge).
  4. Create a subaccount + deposit; note the subaccount id.
  5. Register the session-key address on the Developers page.
  6. Fill server/.env and the backend signs + submits real testnet orders.

Cross-chain funding

Three layers, no overlap: Privy (wallet + embedded wallets), LI.FI (swap+bridge into USDC, one tx), and Arc (USDC settlement hub). Privy and other wallet-infra providers are mutually exclusive — Iris commits to Privy and pairs it with LI.FI and Arc, which sit on different layers.

Demo vs. product

Demo: the backend trades from one pre-onboarded account via a session key — viewers do nothing on Derive. Product: the onboarding (smart wallet + subaccount + session key) is automatable behind Privy, so a real user goes connect → deposit → earn without ever leaving Iris. That automation is the main demo-to-product gap.