Nimiq Contribution Smart Contract
Nimiq Exchange Token (NET) functionality, NET Smart Contract and Security.
Smart Contract
The Contributions open on June 28 and will be controlled by an Ethereum Smart Contract which is available for peer-reviewing here:
https://github.com/nimiq-network/nimiq-exchange-token
Our Smart Contract is based on the contract used in the BAT Token Sale. We think they did a thorough job and their battle-tested, well-designed contract served as inspiration and guidance in following the best level of security possible.
The NET
The NET is a standard ERC20 token. The ERC20 functionality is provided by StandardToken contract (defined in the StandardToken.sol file) and the basic Math functions including safety checks are provided by the SafeMath contract (defined in the SafeMath.sol file).
Contract Periods
The contract will undergo three different periods:
- Creation Period: After the
fundingStartBlockEthereum Block is mined, the contract will begin the creation period accepting Ethereum contributions. - Trading Period: After the Contract has been finalized, NET held by contributors become tradable.
- Redeem Period: Roughly two months before the Mainnet launch we initiate the Redeem Period. We will provide a tool for you to create the Nimiq account and address to which the NET equivalent Nimiq Mainnet Tokens (NIM) are going to be deposited. This is concluded by crediting the account with the corresponding NIM in the Genesis Block of the Nimiq Mainnet Blockchain. The Exchange Rate is fixed at 1 NIM = 10 NET and the tool will lead contributors through the simple process.
Contract Conditions
The conditions controlling the Contributions are implemented in the NEToken contract (defined in the NEToken.sol file) and reflect the Contribution Terms and Conditions. Note the disclaimer that final adjustments may be made on June 24 based on market conditions.
Start
The contract will begin to accept contributions at the start of the Ethereum Block, which will be announced with the deployment of the Smart Contract on the Ethereum Mainnet. The contract will issue NET to the sender’s balance at these rates:
- First 2 Weeks (from June 28 ~1PM UTC): 1 ETH = 175 NET
- Remaining 2 Weeks (if applicable): 1 ETH = 125 NET
Refund
If the funding period has ended and the minimum ETH CAP of 5'000ETH was not reached, contributors will be able to execute the refund function and transfer back the ETH that they participated with.
Stop
If the Minimum ETH CAP is met or surpassed, the contract will be finalized as soon as one of the following conditions is met:
- End Time: The contributions run for up to 28 days.
- ETH CAP: The contract will stop receiving contributions when the Maximum ETH CAP of 60'000 ETH is reached.
- NET CAP: The contract will stop receiving contributions when the Maximum of 10'500'000 NET are allocated in return for ETH contributions.
Finalize
When the contract is finalized, we set the contract state toFinalized and send the received ETH for holding in a multi-sig wallet according to industry best practices.
Emergency Pause
In case we detect any security issue during the contributions, the Nimiq Team can pause the contract using the MultiSig key. Unless there is a real threat to the contributions we will not use this function.
Redeem
Once the Redeeming Period has started, the function redeemTokens is activated. The redeemTokensfunction, whose sole argument is the user’s Nimiq Mainnet Address, registers the balance of NET to be replaced as NIM in the Genesis Block.
Security
We take security very seriously, and it is one of the core competencies of our team.
Tests
The security wizards on our dev team, Jeff, Pascal, Marvin and Philipp devoted a significant amount of time finalizing and testing our contract. We created tests for all expected scenarios, including all corner cases one can possibly think of.
External Security Auditing
The Smart Contract is being audited by German software security firm Backes Security Research & Technologies GmbH. We expect the audit result soon [Edit: released]. A final audit result will be published in case any Contribution Term numbers are changed, on June 25.
Bug Bounty Reward
With the publishing of our Smart Contract for peer-reviewing, we are announcing a Bug Bounty Reward of US$5'000 for discovery and responsible disclosure of issues that represent a tangible security threat for the contributions. Importantly, such bug reports need to classify as actually executable under a realistic attack scenario. Eligible bugs are:
- Security threats: incorrect ETH/NET allocation
- DoS: incorrect execution of the contracts through malicious actor (stuck in invalid, irrecoverable state)
- Logical errors: issues in the contract that lead to significant deviation from specified intention and terms
Diversification
To protect the nature of the contributions — as means to deliver on the project roadmap — it is necessary to diversify post closing. Once the Minimum ETH of the Smart Contract is surpassed, ETH contributions are released to the MultiSig address so that further action can be taken to diversify the holding and lower single exposure to market volatility.
Conclusion
It took a few days more than we anticipated, but defining a smart contract that is responsible for securely receiving and applying contributors’ funds 100% right, is challenging. We wanted to be sure that our contract is carefully designed and rigorously tested before releasing it. That is the same approach that we took for our Betanet and the approach we plan for all other upcoming releases on our roadmap.
Read More about Nimiq
DISCLAIMER: None of the statements must be viewed as an endorsement or recommendation for Nimiq, any cryptocurrency, or investment product. Neither the information, nor any opinion contained herein constitutes a solicitation or offer by the creators or participants to buy or sell any securities or other financial instruments or provide any investment advice or service.
