Hello. Thank you for the kind feedback and your interest.
Regarding BTT not being “vaultable” at present: We haven’t implemented support for native assets such as BTT/TRX/ETH just yet. We were primarily focused on ERC20/TRC20/ERC721/TRC721 primitives. However, native asset support will be added soon. It only requires wrapping the native chain asset (e.g., BTT into wBTT, or TRX into wTRX) to make it ERC20/TRC20 compatible. The relevant Solidity function is WETH.deposit.value(msg.value)();. It’s just one line of code plus minor API/frontend adjustments.
Regarding hot/cold wallets and DeFi integration: We intend for this to be available for all types of users. Banks/Institutions/Users could leverage our protocol’s features in a cold wallet fashion. However, for hot wallets, you’re slightly incorrect - we envision mirrored tokens as a more secure way of conducting novel DeFi/staking/yield/custom logic operations. They represent collateral and pose a risk to the investing party, but stealing these assets would be pointless. We can’t implement recovery of mirrored assets from other wallets/contracts as it would violate true transferability and ownership - but we did make locking transfers by the owner available for that reason. We see our coins as a new way to achieve secure but reliable escrow in contracts, against which other coins can be borrowed, stake can be earned, etc. In the future, we’re exploring nested mirroring, which could add layers of security and functionality. For instance, a mirrored token could be further mirrored with additional security measures, allowing for more complex and secure financial instruments. Our protocol also enables more secure transfers between parties. For example, two banks could establish shared secrets for MFA, making large sum transfers significantly more secure. This could revolutionize inter-bank transactions in the crypto space. We’re certain there are many other possibilities we haven’t thought of yet. Traditional Web2 industries like governments and banks could leverage this technology for smart cities, immutable public audits, or any application requiring a high degree of compliance. The flexibility of our protocol allows for custom security logic to be built on top, making it adaptable to various regulatory environments. The caveat here is we consider our Web2 API pattern will be utilized by other protocols as well.
Addressing trust concerns: These are very prudent concerns for any dApp. To that end our frontend is completely serverless and open source and our Web3 applications and the Web2 API is completely trustless thanks to Zero Knowledge Proofs and Ethereum Signatures. Anyone can examine our code and run a local instance (instructions on our GitHub - GitHub - vault-tron/vault). Regarding smart contracts, we’ll conduct external audits as our project gains traction. When deployed to mainnet, they’ll be fully open-source with compiled bytecode available on reputable block explorers. We’ve also ensured the full recovery process and mirroring are completely trustless to qualm our users’ concerns, which users can verify themselves.
Plans for TRON: Absolutely. We plan to implement cross-chain account abstraction and asset recovery soon. We’ll also integrate new cross-chain primitives like instant cross-chain swaps, backed by liquidity providers and secured with escrows and zero-knowledge proofs. We’ll maintain the vaulted or locked state during transfers and make the process completely trustless - which will be a first unlike other Layer 3 solutions that are currently being built. Users could vault wBTT on BitTorrent, then instantly transfer to Tron for wTRX/TRX at a quoted price. This will be instant thanks to ZKPs and escrow guarantees and available on all EVM-compatible chains, whether layer 1 or layer 2 but first prototyped on BTTC & Tron.
It is a 1:1 mapping. The underlying assets are always securely held in our core smart contract. Meaning if you are issued a mirrored token it functions as a guarantee there is a matching token held in the smart contract itself.
Hello. Yes sorry. Should have done that earlier in retrospect…
We formulated what we planned to build but haven’t last hackathon if you recall. There was no code. We have since built a variant 3 months ago that was primarily focused around zero knowledge proofs for another hackathon.
We have since implemented/are implementing numerous and significant updates:
Implementing custom Web2 & Web3 MFA security sequences as requirements to unvault and unlock assets
Solving the Oracle problem of trustless, efficient, secure off-chain computation by developing a pattern available to all Web3 protocols gaslessly, allowing any new Web3 protocol to leverage Web2 as needed - this was due to our inability to find an oracle service capable of trustless offchain computations on BTTC/Tron but we were enthusiastic to integrate Web2 MFA providers so we decided to make a pattern for chains that do not have this infrastructure available yet
Complete UI/UX and dApp overhaul with style guide and countless new iterations. Our old variant:
Significant smart contract updates & web3.js frontend updates to support the above added functionality (verification via old repo: GitHub - vaultblockmagic/vault)
Drastic speedup in token lookups and table loading by converting from Covalent to bttcscan’s API
Cross-chain Account Abstraction & recovery (to be added via ENS-like registrar)
Implementation of DAO smart contract, tokenomics
Implementation of quadratic voting & Sybil resistance measures for upcoming release of mainnet DAO
Integration of DEX capabilities for vaulted assets, including cross-chain/asset translation with quotes
Hello welcome to hackathon S7! Your idea is good but I have question What steps do you take to audit the smart contract to make sure it is secure and not vulnerable to hacking?
Your project is really impressive! The “vaulting” mechanism for securing assets while using mirrored tokens is a great idea, and the trustless asset recovery system is a standout feature.
Do you provide a simple dashboard for users to monitor vault activity and security alerts in real-time?
What truly sets Vault apart is its comprehensive asset recovery system combined with flexible security customization. While hardware wallets can be lost and multi-sig solutions require coordination between multiple parties, Vault enables complete asset recovery even if a wallet is compromised or lost, through its trustless Account Abstraction system. Users can implement any combination of time-based locks and Multi-Factor Authentication (MFA), including both Web2 and Web3 verification methods, providing a level of security customization that isn’t available in traditional solutions. This bridges the gap between Web2 and Web3 security measures, allowing for bank-grade security while maintaining the flexibility needed for blockchain applications.
I should clarify that Vault isn’t designed as a real-time monitoring solution - it’s actually a proactive security measure that prevents asset loss before it happens. Through our dApp dashboard, users can view their vaulted and mirrored assets and manage their security settings, but the core value lies in the preventive protection our vaulting mechanism provides.
Think of Vault as a vault in a bank - it’s not about monitoring threats as they happen, but rather about securing your assets behind multiple layers of protection from the start, making them virtually impossible to steal. This prophylactic approach to security, combined with our recovery system, means users don’t have to worry about real-time monitoring because their assets are already protected by design.
Two of our team members work in cybersecurity, which has helped us build Vault with good security practices from the ground up. We’ve done thorough internal testing and code reviews, but we plan to get professional third-party audits as soon as the project gains traction - we know this is essential for a security-focused protocol like ours.
Hey, that’s awesome to hear! Having team members with cybersecurity expertise is a huge advantage. The plan for third-party audits once the project gains traction sounds like a solid move to ensure top-notch security. Keep up the great work!
How does Vault’s vaulting mechanism ensure the security of the original tokens while providing users the flexibility to use mirrored assets across Web3 applications?
