So I’m trying to come up with a Stellar smart contract which is as trustless and transparent as possible for my ICO. And I do have a model which I believe can achieve almost that. I want to know if there any problems you can see in this model or there is a different (and better) approach altogether.
To start off, let’s declare some Stellar accounts for the model:
GA - Genesis Account. This account creates and issues the token a.k.a. Issuing account
DA - Distribution Account. This account receives all created tokens
EA - Escrow Account. Where funds from the contributors will be deposited
TP - Trusted Party Account. A trustor who will sign ICO success and failure transactions
TA1 to TA10 - Trustor Accounts. Explained later
CA1 - Contributor’s Stellar Account
CA2 - Contributor’s ICO Account (created by us)
Steps (some operations can be clubbed together, but I’m writing them separately for easier visualization):
Setting up accounts
GA distributes tokens to DA (token creation).
GA sets AUTHORIZATION_REQUIRED
flag so that anyone who wants to establish a trustline, will need permission from GA. This is done for the period of the ICO only.
GA adds 10 members (preferably highly trusted) from the Stellar community as signers for its account (TA1 to TA10). Each signer is assigned a weight of 1.
GA performs the following action to its account:
- Set Low Threshold to 11
- Set High and Medium threshold to 15
- Set its own weight to 11
Since allowing trust is a low threshold operation, GA can easily allow contributors to establish a trustline to it. Also no new tokens can be created because GA’s master key weight is not enough for this medium threshold operation. Once ICO is concluded GA needs at least 4 members of the community to sign the transaction which clears the AUTH_REQUIRED flag, remove signers and set its own key weight to 0 so that the account is locked forever.
Setting up crowd sale
V - Soft cap in XLMs
D - ICO conclusion date
DA sends the number of tokens to be sold during crowd sale to EA
EA creates an offer on SDEX to sell tokens for XLMs
EA sets TP as a signer with weight 1
EA sets low, medium and high threshold to 2 and its own weight to 1
ICO success transaction with a time lock D (signed by both EA and TP):
- Send V XLMs to DA
- Remove TP as a signer
- Reset thresholds
- Merge account with DA
ICO failure transaction (sequence number + 1 of above step, again signed by both and time locked with D + 1 week). Create offer on SDEX to buy tokens for XLM
Transaction #6 may need to be updated or created again based on how many XLMs EA holds. TP will ensure we play fair here ?
Crowd sale begins
CA1 sends contribution amount + 3 to 4 XLMs (for account activation and Stellar transaction fees) to CA2 (offline account created in browser).
A button is present on the contributors dashboard to buy tokens. Upon clicking, we create a transaction with following operations:
Add DA as a signer on CA2 with weight 1
Create a trustline with GA
Set CA2 (itself) weight to 1
Set low, medium and high threshold to 2
At this point, server (GA) will allow the trustline to be established as it has the required weight for a low threshold operation
Create 3 more transactions from the browser and partially sign it with CA2 to be sent to our server. We’ll need some more variables here:
N - Current sequence number of CA2
D - ICO conclusion date
Transaction #1 - Post offer to buy tokens for XLMs on SDEX (sequence number N)
Transaction #2 - Time locked (with D) transaction to increase the weight of CA2 to 2 (sequence number N + 1)
Transaction #3 - Time locked (D + 1 week) transaction to post an offer on SDEX to sell tokens for XLM, remove DA as a signer and reset thresholds (sequence number N + 2)
Server will sign the transaction with DA secret key and post #1 to SDEX and return signed XDR envelopes of #2 and #3 to the user. A copy will be saved on the server as well.
On ICO success #2 will give full control of tokens to the contributor. Website’s dashboard will provide an easy interface with options such as transfer tokens to another Stellar wallet, remove DA as a signer etc.
On ICO failure #2 will give account control to contributor but with only one option present on the dashboard to claim XLMs spent during crowdsale. Since DA is still a signer for CA2, transaction #3 will still be still be valid.
Some server automation can also be implemented to ease the process.
Post ICO
If ICO is successful, XLMs will be transferred to DA.
To clear AUTHORIZATION_REQUIRED
flag on GA, we’ll rely on at least 4 trusted members of the community to sign the transaction that we create. The operations in the transaction will be as follows:
- Clear
AUTHORIZATION_REQUIRED
flag
- Remove signers from the account
- Reset thresholds (optional)
- Set GAs own weight to 0
If ICO is a failure, then an offer will be posted on SDEX to buy tokens for XLM.
Thanks in advance,
Aditya