Reserve Protocol’s RSV Case Study and Audit

CertiK | Oct 30, 2019

Article's Poster

The volatility of existing cryptocurrencies significantly reduces global adoption. Many investors often weigh risk against reward when choosing to adopt a particular cryptocurrency. In comparison, currency with a stable value can permit a much wider usage, and serve as standard future of payment across the world.

Reserve

While many existing currencies, like the US Dollar and the Swiss Franc, are considered safe-haven currencies, many countries have historically suffered with alarming inflation rates. A healthy increase in the average inflation should be no more than 2%. In 2018 alone, Venezuela estimated a 789.5% inflation rate compared to the previous year.

Many stablecoin projects aim to solve this issue. However, fiat collateralized stablecoins lack decentralization, and crypto-collateralized stablecoins lack stability. If you’re unfamiliar with stablecoins, check out our recent primer here.

The Reserve team offers a solution that inherently protects against volatility through a decentralized, stable, and dollar-independent stablecoin as the future of cryptocurrency.

Backed by a basket of stable coins including USDC, PAX, and TUSD, Reserve’s RSV is a stable and universally-accepted currency for people and businesses in countries with high inflation. Such a currency enables people to protect their assets, transact across borders, and keep their money out of inflation-prone local currency. Given that the US dollar’s longevity is not guaranteed, Reserve will cease to be pegged to any fiat currency in its second phase.

CertiK is proud to have worked with the Reserve team to secure the RSV’s Ownable, ReserveEternalStorage, Reserve, Vault, Basket, Proposal, and Manager smart contracts.

Systems Description

The RSV stablecoin is backed by a Basket of stablecoins, including USDC, PAX and TUSD. The stablecoin itself is a standard ERC-20 token and is attached to the specific basket by the Manager smart contract. The backing stablecoins in the basket are stored in the Vault smart contract, directly linked to the Manager.

Issuance of new RSV requires specific amounts of stable-tokens specified by the Basket to be transferred from the requesters account to the Vault account. Redemption of RSV then transfers the stablecoins back from the Vault to the requester’s account.

The RSV architecture is shown below.

Collateralization Assurance

The RSV token is bound with a Basket of stabletokens, managed by the Manager contract. The diagram below shows a simplified implementation of the relationship between the Manager contract, the main RSV contract, the associated Basket, and the trustedVault, whose address is used from holding the collateral.

The issuance of any new RSV token requires a sufficient amount of tokens, depending on the issuance amount, to be transferred to the vault address owned by the Manager. A simplified version of the logic is shown below:

The collateralization of the issuance is ensured by vaultCollateralized, which simply checks that there are sufficient amount of tokens for the current RSV supply before and after the transaction:

Combined with the vaultCollateralized modifier, isFullyCollateralized ensures that there is a sufficient amount of each token stores in the Manager’s vault address with regard to the current Basket specification. If any token is undercollateralized, the entire transaction will revert.

The actual unit used by the Basket needs special notice but generally, the implementation of the function is equivalent to checking that:

The redemption of RSV tokens transfers the corresponding amount of basket tokens back to the msg.sender’s account. The calculation is similar to the situation shown above.

Smart Contract Development requires a particular engineering mindset. A failure in the initial construction can be catastrophic, and fixing the project after a vulnerability is exploited can be exceedingly difficult.

However, the Reserve team implemented a well-designed system for its token. Each RSV token is associated with a basket of other stable tokens as collaterals. Careful checks are performed upon each critical operation such as issuance and redemption to ensure that the token stays collateralized. Every operation is associated with the correct access control to prevent untrusted parties from manipulating the states.

About CertiK

CertiK leads blockchain security by pioneering the use of cutting-edge Formal Verification technology on smart contracts and blockchains. Unlike traditional security audits, Formal Verification mathematically proves program correctness and hacker-resistance. CertiK was founded by Computer Science professors of Yale University and Columbia University, securing over $5B in assets, including many of the world’s top projects.

The research efforts of CertiK have received grants from IBM and the Ethereum Foundation, and notable investors include Binance Labs, Bitmain, Lightspeed Venture Partners, Matrix Partners, and NEO Global Capital, among others.

To request the audit/verification of your smart contracts, please email audit@certik.org or visit certik.org to submit the request.

Twitter: https://twitter.com/certikorg

Reddit: https://www.reddit.com/r/CertiKOrg/

Telegram: https://t.me/certikorg

LinkedIn: https://www.linkedin.com/company/certik