The Connext Vault

A Deeper Dive into the Vault Architecture

Crosspost: This post was originally written by CEO & Founder Arjun Bhuptani of, here.

We’re humbled by the amazing response that we’ve received from the community on our Intro Post. True to our word, we’re releasing more information about the Connext platform. In this post, we’ll discuss the Connext Vault — the gateway to the Connext ecosystem.

The trustless, managed wallet

The Vault is a managed wallet that sits between a decentralized application, a user and Connext’s services. Like the managed wallets that many companies are building, the Vault abstracts away the difficulties of directly interacting with smart contracts: paying gas, connecting to a node and signing transactions.

The Vault differs in two key respects from in-house managed wallet solutions, however. First, Vaults are linked to the user, meaning that they are dapp-agnostic. A Vault is deployed any time a new user interacts with a Connext client’s technology, but other third parties that transact with the user don’t need to go through the process of collecting that user’s data. Instead, they “plug in” to a user’s existing Vault to transact for them. This design pattern removes the need to recentralize user accounts in order to improve UX.

Second, Vaults are trustless. Although the solution is built on the premise that the user does not have access to wallets or know anything about interacting with blockchains, this does not mean a user should lose sovereignty over transactions. This is why Vaults allow users to sign transactions without needing their own wallet even when the transaction is initiated by another party. When a user wishes to use the tokens in their Vault while interacting with a dapp, the Vault requests an identity verification from them (done currently using a password). A zero knowledge password proof of this verification is used to generate a one-time signature which is required by the Vault in order for the transaction to be executed. Since the signature is based on a ZKP, it can be shared with the party that initiates the transaction. These one-time signatures can only be used for the specific transaction that they are associated with and expire after use, which prevents a bad actor from transacting a user’s tokens without their permission.

The ecosystem

Vaults automatically interact with the rest of our services as and when required by a user or dapp:

First and foremost, Vaults decentralize compliance. Rather than having discrete processes that are enforced from the top down by each dapp/protocol or financial entity separately, Vaults identify the risk of a given transaction and restrict signature generation if the transaction will be noncompliant. This standardizes policy, making enforcement provably fair since it occurs from within the contract itself. This also results in a preventative rather than punitive approach to stopping fraud, a method that we believe to be significantly more efficient and cost-effective. We’ll cover this topic much more extensively in future posts, so stay tuned.

Since each Vault is associated with a unique end-user, Vaults act as a decentralized identity mechanism. We store a user’s identity information off-chain (with their permission) when they transact with credit cards or provide KYC information to a third party. We then verify KYC through existing APIs if it has not been done already and update their “status” in their Vault. If a dapp needs the KYC status of a user, they can then directly pay a small fee to the Vault, in lieu of collecting and verifying KYC information themselves. This dramatically reduces the unit cost of KYC for dapps, removes the need for end users to share identity data and seamlessly integrates with Vault compliance checks. Our eventual goal is to move over to a zero knowledge verification system, so that end-users and on-chain entities no longer have to trust Connext with their data either. More to come on this in the future as well.

The combination of the above integrations satisfies the requirements for one of the most exciting applications of the Vault: using credit/debit cards to directly purchase tokens. Integrating Vaults and accessing our compliance and KYC processes allows companies to manage fraud and money laundering on their platforms. By doing so, dapps are able to directly sell their tokens to users, removing the massive amount of friction that is associated with listing tokens on an exchange and forcing users through a 3rd party process. After integrating Vaults, accepting cards through the Connext card processing API looks exactly like using existing payment processors like Stripe or Square for both the user and for the financial services that are involved in facilitating the transaction. We think that this is optimal because large-scale adoption of this technology will require that the blockchain token ecosystem can interact directly with traditional financial services infrastructure in a way where executing KYC and controlling fraud is as straightforward as possible.

We have a host of other exciting service integrations and features planned for the future such as charge reversals through automated dispute resolution, account recovery schemes, “cashing out” with the help of exchanges, decentralized atomic swaps, and more! Be sure to follow us to keep up with our progress.

To learn more:

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.