Understanding the iEx.ec crowdsale smart contract

Gilles Fedak
iExec
Published in
4 min readApr 11, 2017

iEx.ec has released the source code for the smart contrat that manage the RLC token crowdsale.

The Smart contract has been audited by OpenZeppelin, a reference in security audit. The review is publicly available and can be read on their medium blog. The analysis did not show severe or critical vulnerabilities and all recommandations have been addressed.

The smart contract has a certain number of advanced features:

  • Issue the RLC tokens, fully compliant with the ERC20 standard
  • Implement the token distribution as described in the white paper
  • Allows funding in Bitcoin and Ether
  • Allow full traceability of the contributions being in BTC or ETH and the corresponding RLC issuance
  • Tokens are immediately issued and sent to contributors
  • Tokens are locked until the end of the smart contract
  • Funds are automatically saved in a multisig wallet
  • Backer protection in case where the mincap is not reached

Crowdsale process

There are three main periods, before the crowdsale (initialization), during the crowdsale (funding) and after the crowdsale (finalization).

The Crowdsale Contract is created and initialized with the following parameters: milestones that corresponds to the start, the end and the bonus periods, several addresses for token recipient (reserve, team, bounty), and a multisig wallet to receive the ETH collected.

The crowdsale starts when the current block is after startBlock and continue until all token are sold or the blockchain has reached startBlock + 30 days.

During the crowdsale, participants can contribute either by sending ETH to the crowdsale contract address, or by sending BTC to a specified address. The smart contract records each contribution as well as the RLC issued in exchange.

To contribute in BTC, backers have to provide first the ETH address that will receive the RLC tokens. Each backer are given a unique BTC address to send their bitcoin to. Thus the pair (ETH, BTC) is unique and recorded in the smart contract.

Payment in BTC are monitored thanks to hierarchical deterministic wallet. This kind of Bitcoin wallet allows to derive a tree of addresses from a single xpub address. At the end of the crowdsale, we will reveal the xpub address allowing anyone to verify for each BTC address how much has been sent and how much token has been issued, thus ensuring full traceability and transparency.

The crowdsale duration is 30 days. The base price is 5000RLC/BTC. During the first 10 days a 20% bonus is applied (6000RLC/BTC), the second period of 10 days a 10% bonus is applied (5500RLC/BTC). The ETH price is computed according to the ETHBTC the smart contract is updated every ten minutes.

Tokens are immediately issued and sent to the backers ETH address.

If the min cap is not reached after the end of the crowdsale, backers have 15 days to claim their ETH, BTC, or RLC according to their own decision. ETH are sent automatically, but BTC have to be sent mannualy by the team. If you’re not sure about this process, please consider using ETH instead of BTC. However this process makes the use of wallet mandatory. Don’t use exchanges !

The crowdsale ends as soon as the max cap is reached: 60.000.000 RLC tokens, which corresponds to 10.000 BTC considering a 20% bonus.

After the crowdsale

  • ETH stored in the smart contract are moved to the multisig wallet.
  • RLC are sent to team, reserve and bounty addresses.
  • Unsold RLC tokens are burnt and the max token supply is adjusted accordingly.
This is cold storage !!!

Additional security measures

We have opted for a number of security features:

  • usage of multisignature wallet to store the ETH and BTC funds
  • usage of Ledger Hardware Wallet Nano/S
  • cold storage of the private keys using traditional bank vaults
  • geo-distributed signers: France, China + an other secret place ;-)
Preparing the multisig wallet with the Ledger Nano/S hardware wallet.

--

--