The Vault Contract code is the fruit of a joint labor by open-source executable distributed code contract (EDCC) platform Giveth and blockchain development studio Blockchains.com, which will match donations to the project up to 300 Ether.
David Berns, chief operating officer of Blockchains.com, told ETHNews that the company “is both excited and proud to be a sponsor and assist in the development of this very important project to provide a secure way to store Ether in a contract.”
The Vault Contract was originally developed in 2016 by Giveth cofounders Jordi Baylina and Griff Green. After working together through many iterations, the two finalized the code with input from Blockchains.com and believe the time has come for testing and release.
The Vault Contract has many features that make it stand out: customizable automated security parameters that coalesce with variable time delays; whitelists of approved users; and an escape hatch, which makes it possible for developers and their decentralized applications (Dapp) to safely store Ether in the event that anomalies occur in more complex EDCCs. Green described these features in more detail in a Medium blog post:
“1. Whitelist: Only addresses that have been pre-approved by the `owner` can authorize a payment, this is NOT an optional feature. The `owner` can remove addresses from the whitelist as well (The `owner` role however IS optional, after it has added `authorizedSpenders` to the whitelist, it can be set to 0x0).
2. Time-Based Failsafes: Authorized Payments cannot be collected until the `earliestPayTime` has passed. The minimum `earliestPayTime` is set when deploying the Vault (and can be set to 0 to allow immediate payments) but it can be extended by:
A. The `owner` (only affects future authorized payments)
B. The `approvedSpender` when authorizing a payment.
C. The `securityGuard` anytime after the payment has been authorized.
3. Canceling Authorized Payments: The ‘owner’ can cancel any authorized payment.
4. Escape Hatch: If there seems to be a critical issue, the `owner` or the `escapeCaller` can call the `escapeHatch()` to send the ether in the Vault to a trusted multisig (specified when deploying the Vault and of course this is also a completely optional feature)."
To manage payments, special abilities are granted to the "owner," the "escapeCaller," and the "securityGuard." Authorized payments have a minimum time for which recipients must wait prior to collecting. During this waiting period, if anything seems untoward, the "securityGuard" can postpone the payment, allowing the "escapeCaller" and the "owner" to investigate issues. If the "owner" thinks the payment shouldn't be sent, the transaction can be canceled. The "owner" and "escapeCaller" can also use the escape hatch in case of emergencies or if they want to upgrade to new Vault Contracts.
Green believes that open source, open license development is the only road that makes sense for the Vault Contract project:
“Every contract Jordi and I develop for Giveth will be done under an open source license. This is a promise we give to our donors.
Furthermore, we want to contribute to smart contract development. We are writing these contract so that they can be used. The best way to achieve this is to be as transparent as possible, hopefully, with this audit, the Vault contract can achieve network effects like our MiniMe contract seems to be starting to achieve.
The Vault IMO [in my opinion] is the most important smart contract being developed in the ecosystem right now. If we can get this audited and bug bountied, the smart contract ecosystem will have a major piece of software to build safer products for us all to use. How could we not open source this contract!”
Vault Contract designers encourage developers to experiment with safety features to test their efficacy on a project-to-project basis.
As of yet the Vault Contract is not designed to handle millions of Ether, but developers of the contract have deployed a version of the Ethereum Foundation's multisig, since it has a proven history of publicly holding millions of dollars.
Green explained how the funds donated to the Vault Contract are used:
“Every wei [the smallest divisible unit of Ether] donated to ANY giveth campaign is 100% traced on the blockchain, you can see the milestone based payouts for this project at http://www.giveth.io/dapp/#/campaigns/3/details
Basically writing, testing, and auditing smart contracts is not an easy or cheap task, we are lucky to be working with several incredibly generous developers that are willing to dedicate their valuable time and knowledge to focus on this contracts for several weeks.”
The alpha testing for the Vault Contract is ongoing, and developers will eventually build a user interface. More security features, like trusted child vaults, opening hours, and transaction limits will be tested and audited by experts during an eventual bug bounty.
Developers invite anyone interested in implementing Vault Contract codes in their project are invited to join Giveth’s slack channel and receive assistance.