|>>>
|
|>>> _ _|_ _ |>>>
| |;| |;| |;| |
_ _|_ _ \\. . / _ _|_ _
|;|_|;|_|;| \\:. , / |;|_|;|_|;|
\\.. / ||; . | \\. . /
\\. , / ||: . | \\: . /
||: |_ _ ||_ . _ | _ _||: |
||: .|||_|;|_|;|_|;|_|;|_|;||:. |
||: ||. . . . ||: .|
||: . || . CF. . , ||: | \,/
||: ||: , _______ . ||: , | /`\
||: || . /+++++++\ . ||: |
||: ||. |+++++++| . ||: . |
__ ||: . ||: , |+++++++|. . _||_ |
Coinfort is a decentralized escrow application based on the Ethereum Blockchain.
With Coinfort users can make deposits in ERC20 coins, set timeout and the address of the receiver of funds. Before starting a transaction, user need to open a Coinfort Account.
Transaction closure happens in two cases:
- After a timeout set by the depositor, if the Oracle driven external condition wasn't met, funds are sent back to the depositor.
- Before timeout, if the Oracle driven external condition is met, funds are sent to the predefined receiver address.
| Public functions | Description |
|---|---|
| openAccount() | Open account for depositor, needed to make a deposit |
| initializeTransaction() | Open transaction with the set timeout |
| closeTransaction() | Close transaction by sending funds back to depositor or to receiver |
| getTransactionData() | Return Transcation struct |
| getAccountData() | Return Account struct |
| getAccountBalance() | Return deposited account balance in ERC20 |
| Admin functions | Description |
| pauseAccountSwitch() | Pause all operations on account |
| pauseTransactionSwitch() | Pause transaction |
| approveCoin() | Approve ERC20 for depositing |
| setOracleAddress() | Set Oracle |
| withdrawAlts() | Emergency withdrawal for ERC20 |
| withdraw() | Emergency withdrawal for ETH |
| setManager() | Set contract manager address |
| Internal functions | Description |
| approveTransaction() | Function used by the Oracle, when the external condition is met |
Coinfort uses a system where every Account and every Transaction and presented with structs, and saved in the state.
This approach allows for several benefits regarding security measures:
- Every account could be paused and inspected.
- Every transaction could be paused and inspected.
- Application creates history of transactions for every user.
- Closing function fetches data from internal state, not from the caller.
- Security checks are tuned more precisely.
In addition to the Account and Transaction system, Coinfort uses a wide variety of checks and requirements to eliminate any potential attacks.
To further secure the application's security:
- Verified Oracle timestamp should be used instead of the block.timestamp.
- Multisig wallet should be used as a manager and deployer.
- Integration of the offchain security measures.
- Timeouts before funds transfers.
- Implement measures against bot attacks.
In the test folder, you can find unit tests. Every public and admin functions were tested with a wide variety of tests done in the Hardhat testchain environment. Unit tests were simulating attacks on the application's logic, below test results are presented.
You can find deployment script in the scripts folder. Script automatically deploys and verifies Coinfort and Oracle smart contract onchain using Hardhat and Ethers packages.
Coinfort has a degree of upgradability and in a nutshell is an onchain database which could further improved with additional applications for the commercial financial use-cases.
Potential upgrades:
- On-chain banking services.
- On-chain investment services.
- Staking, launching own proprietary coin.
- Integrating application to an off-chain financial service.
- Addition of more external Oracle conditions.
- Integrating an off-chain database.