🅾️
Coordinape Docs
English
English
  • ⚪Welcome to Coordinape
  • 🔮Social Oracle™️ GIVE
  • How To: Coordinape Gift Circles
    • 🥳Get Started
      • 🤓New Coordinape Admins
        • Setting up your Organization
        • Managing Organization Membership
        • Creating A Circle
        • Uploading an Organization Logo
        • Upload Circle Logo
        • Add Team Members
        • Schedule an Epoch
        • Contributions and Epoch Statements
        • Allocate GIVE
        • Review Distributions
        • Your First Payment
        • 📐Admin Best Practices
      • ✨New Coordinape Members
        • Set Up Your Profile
        • Record Contributions & Opt-in/out
        • Select Your Collaborators(Optional)
        • Allocate GIVE
        • Get Paid
    • 🏠Organizations
    • ⚪Circles
      • Creating a Circle
      • Team Members
    • 📅Epochs
      • Create An Epoch
      • Contributions and Epoch Statements
    • 👐GIVE in Gift Circles
      • Allocating GIVE
      • Reviewing Distributions
    • 💲Compensation
      • 💲Paying Your Team
        • Disperse
        • Gnosis Safe
        • Parcel
    • 🎩Admin
      • Update Circle Settings
      • Update Epoch Settings
      • Update Members
      • Enable Vouching
    • 🧑🤝🧑 Members
      • Member Profile
      • Vouching New Members
  • Info
    • Documentation
      • ⭕Vision
      • Gift Circle
      • Who To Gift
      • Vouching System
      • Email Login and Web3 Best Practices
    • Integrations
      • Dework
      • Parcel
      • Wonderverse
      • Hedgey
      • Guild
    • CO Token Utility
  • support
    • Change Log
    • 🇨🇭Get Help
  • community
    • Coordinape Community
      • Contributing
      • Community Calls
  • CoLinks
    • What is CoLinks
    • Home, Posts and Replies
    • Explore and Search
    • Buying and Selling Links
    • CoLinks Smart Contract
    • Rep and CoSouls
    • GIVE
    • CoLinks Mobile Features
    • FAQ
Powered by GitBook
On this page
  • Key Roles and Contracts
  • Two Types of Vaults
  • Security and Upgradability
  • Contract Addresses
  • Future Functionality
  • Audits

Was this helpful?

Edit on GitHub
  1. Info
  2. Documentation

CoVaults Smart Contracts

Description of the smart contracts that power the Coordinape Vaults.

Last updated 7 months ago

Was this helpful?

Key Roles and Contracts

  • The vault factory () creates new vaults ( containing funds for a different organization using Coordinape.

  • According to a Merkle tree, the distributor () distributes tokens to contributors. When a distribution occurs, tokens are transferred from a vault to the distributor. Only the vault's owner can submit a distribution.

  • When tokens are deposited into or withdrawn from vaults, the router () manages the process to make tracking TVL easier.

  • The registry () contains system-wide settings.

Two Types of Vaults

Vaults can be initialized as Yearn Vaults (with a non-zero _token constructor argument) or Basic Vaults (with a non-zero _simpleToken constructor argument). A Yearn Vault for a token converts deposits into the corresponding yield-bearing Yearn wrapper token, e.g. yvDAI for DAI, and stores that in the vault. Yearn Vaults, therefore, support only tokens for which Yearn wrapper tokens are available. Basic Vaults can store any ERC-20 token.

Security and Upgradability

Any address can deposit funds into a vault, but only the vault's owner can withdraw any funds.

The registry also references a fee registry component, as seen in the diagram above, which can be used to charge fees on distributions from vaults. There are no plans to charge any fees.

See below for links to our security audits.

Contract Addresses

To see the vault implementation currently in use, you can follow this chain of properties:

Future Functionality

There is some functionality present in the contracts that are not supported by our front-end app:

  • The distributor can send tokens directly to end-user addresses, rather than having their claim from a Merkle root (ApeDistributor.tapEpochAndDistribute).

  • A vault owner can designate one address per circle as a "distribution manager" (ApeVault.updateCircleAdmin), and set a time-limited allowance (ApeVault.updateAllowance) for that address to distribute tokens from their vault.

  • A vault can be initialized with a Yearn-backed token address and a basic/simple token address and receive and distribute both of those tokens independently. (This use case is unlikely to be supported on the front-end for the sake of UX simplicity.)

Audits

After the primary audit with BlockSec, additional features were added to the contracts. A secondary audit was performed by SlowMist.

The links above go to our Github repo for contracts, , which also contains a test suite written with . Additional tests that exercise the contracts on a Ganache test chain can be found in .

The registry determines which factory, distributor, and router are in use. These can be changed by the registry owner, which is currently the Coordinape . These changes are time-locked, so vault users have time to withdraw their tokens if the registry is somehow compromised.

The vaults use the pattern for upgradability so that all existing vaults can be upgraded with a single transaction to add functionality or fix a bug. This is also executable only by the beacon owner (the Coordinape multisig) and time-locked.

A vault owner can "opt-out" of upgrades by calling setBeaconDeploymentPrefs. Please ask in if you would like more details about this.

The addresses currently in use on are stored in . The top-level sections in that JSON file are keyed by chain ID, i.e. 1 is mainnet and 5 is Görli.

ApeVaultFactory in deploymentInfo.json:

the factory's beacon property:

the beacon's implementation property:

Coordinape's vault contracts underwent two thorough security audits. Both audits deemed the use of our contracts to be "Low Risk". Primary Audit:

Secondary Audit:

coordinape/coordinape-protocol
a brownie
our frontend repo
multisig
Beacon Proxy
our Discord
app.coordinape.com
deploymentInfo.json
0xb06E1FF...
0x7BD45da...
0xd92e89e...
https://github.com/blocksecteam/audit-reports/blob/main/solidity/blocksec_coordinape_v1.1_signed.pdf
https://github.com/slowmist/Knowledge-Base/blob/master/open-report-V2/smart-contract/SlowMist%20Audit%20Report%20-%20Coordinape%20protocol_en-us.pdf
ApeVaultFactory
ApeVault)
ApeDistributor
ApeRouter
ApeRegistry