The matching engine of Deribit exchange follows the “first come, first serve” principle. Orders are executed based on price-time priority as received by the matching engine after passing the risk engine checks.
The matching engine can process thousands of orders per second and hundreds of orders per second from a single account. This is not a luxury but rather a necessity for any modern options exchange, where hundreds of assets need to be quoted in real-time. The average latency in the matching engine and risk engine is 2.0 ms for an order. Therefore, usually within 2.0 ms of receiving an order, a confirmation message will be returned to the client. If the order gets executed immediately, an execution report will be included in this message.
Our matching engine accepts several types of orders. For more, see Order Types.
Self Trading
Self trading between the same UID on Deribit is blocked, however users are able to choose whether the passive or aggressive order is cancelled, and also whether matching between different subaccounts should be allowed. You can adjust your self matching settings using our API or in your account settings. The following settings are available:
-
Self match prevention: Enable the 'Self-Match Prevention' feature to avoid executing opposing orders against yourself. If enabled the maker or passive order will be automatically cancelled to prevent self-matching. If this feature is disabled, the taker or aggressive order will be rejected to avoid self-matching. Self-matching occurs when you unintentionally execute a buy and a sell order against yourself.
-
Account-Level Self-Match Prevention: Activate the 'Account-Level Self-Match Prevention' feature to prevent trades between your own accounts (sub and or main). When this feature is enabled, any self-matching attempt between your accounts will be prevented. This includes situations where a buy order from one of your subaccounts would match a sell order from another subaccount. In such cases, Deribit will determine which order to cancel based on your selected preference in the 'Self-Match Prevention' toggle. This prevention measure helps you avoid unintentional self-matching across your accounts.
-
Block RFQ Self-Match Prevention: Enable 'Block RFQ Self-Match Prevention' to prevent trading Block RFQs against accounts configured within your Block RFQ Identity. If this setting is activated your account's Identity will be filtered out of the available maker list. If you 'Select all' makers in your Block RFQ your Identity will not be targeted. If you target your Parent Identity the accounts under it that share your Identity will not be targeted.
The risk engine is a vital part of any derivatives exchange. The Deribit risk engine can assess thousands of incoming orders per second and hundreds of incoming orders per second from a single account. If an order is approved by the risk engine, it will continue its way to the matching engine to either be matched immediately or to enter the order book. After that, a message is sent to the client.
Security is the prime objective of Deribit. Therefore, we have implemented an advanced multilevel security architecture to ensure the highest possible degree of safety. This includes everything from the platform itself, to wallet management, to staff device policies.
To lessen the risk of hacking, over 90% of assets are held offline in cold storage. The rest is held in various third party custodians and in a hot wallet. Hot wallet funds are primarily used to support efficient withdrawal handling.
The Deribit server system is located in the Equinix LD4 data center, providing world-class security solutions. Our servers are under 24/7 surveillance and are continuously guarded by on-site security personnel. Moreover, the Equinix LD4 data center employs power redundancy measures and cages built to withstand heavy physical attacks. Multiple authentication measures are set in place to control for any unauthorized physical access. These standards not only provide protection from possible platform security breaches, but also assure high infrastructure reliability by protecting it from possible environmental issues, and thus reducing the likelihood of connectivity issues.
The Deribit cold wallet is a high-security offline storage that uses multi-signature, split private key system. To achieve full risk decentralization, keys are stored in multiple geographically distributed military-grade offline vaults, in bank-safe deposit boxes. The geographical locations are chosen based on in-depth juridical analysis, to minimize any potential political and legal risk. This level of safeguarding essentially eliminates the risk of unwarranted access or potential physical damages.
The multi-signature, split private key system ensures that a signature quorum is required to gain access to the cold storage funds. This means that no single party alone can have access to the cold wallet. This decreases the risk of theft, targeted attacks, or loss of funds due to lost access to the key. Additionally, Deribit has developed a strict multi-layer asset access protocol, that governs the signing process of the transactions. The system is regularly monitored and stress-tested.