4. Go Live

Achieving liquid markets for any asset is non-trivial in general and out of scope of this document. If an off-chain liquid market already exists, then an on-chain market can be established through either a standard LP based DEX (requires correlated token pairs) or a rain DEX order book (requires a market making strategy). For example, if the custodian is willing to use or provide a price oracle they can create a rain order that automatically tracks a spread of +/- some % around the oracle price. This will buy and sell onchain around the peg without any further management by the custodian (e.g. no need for bots etc.). If the peg breaks completely through the onchain order due to exhausting the custodian's funds in the order, the custodian can continually withdraw from the DEX, then buy/sell off chain, then deposit more funds from the off chain trade until the peg is restored (at a profit for the custodian defined by their order spread).

There's no assumption that the fungible ERC20 tokens maintain a price peg with the off-chain markets for the assets in custody. It is definitely implied and expected due to the profitable arbitrage both above and below the peg for the custodian, but the fidelity of the peg relies on the actions of the custodian. This may be a desirable property of the system so it is achievable given some additional conditions:

• There is a liquid secondary market for the ERC20 token that allows efficient arbitrage
• The custodians can participate in profitable arbitrage through off-chain markets for the assets in custody
• The custodian actually does take an active role in buying and selling the offchain assets on the time scale that the peg is expected to be maintained over

The final point is important. It is entirely possible that a custodian has the ability to buy and sell off chain assets reliably over days/months/years but no ability to maintain a spot price over minutes/hours/days. In this case the price will fluctuate organically as traders speculate against each other between the orders placed by the custodian.

LOVE TO Be Bright Green example:

• LOVE TO are concerned about primary and secondary market sales:
• Sell SFT via treasury to investors; at this stage all understand it’s got limited liquidity
• Limit supply of sold SFTs to business needs so to not flood market with supply
• In parallel to listing options / shares on any regulatory sandbox or stock exchange which will only enhance the SFT and it’s liquidity
• After a period of the SFT live but no liquidity launch a marketplace which gives possibility of liquidity and choose tokens to trade the SFT against
• Treasury issue supply at discretion through this period
• Support LOVE TO and users to do price discovery on - Scale up price discovery as SFT develops the offchain market.

Audit

We will need to build an auditing system for onboarding the physical gold and tokenising each as an NFT; and the ERC20 gold coins backed to each NFT; and the entire back-office to mint and burn, and even insure the accounting of all of these tokens along with the auditors…

Ideally the auditor does their normal audit, then does "export to csv", then runs the script against a recent blockchain snapshot.

If they have more than enough money, great; if they don’t have enough money, if you are short you have to buy the tokens back off the market and burn them to cover the audit.

• Auditor gets data, assets have to be able to make commitments
• If auditor is happy, call the certify function
• If happy call until function, to continue operating the system
• Pass in data that goes with the certification
• Whole system freezes itself if certification runs out

Seriously how would the monthly audits tie into this? Do we or should we tie the audits into this?

1. Each month the auditor signs off on an extension to the system
2. Exactly like how PCI-DSS audits work
3. If you don't pass audit you're not legally allowed to continue processing payments

If they are doing monthly audits maybe the auditor signs off on a 3 month extension or something; do we can build in some buffer, but at some point there has to be a consequence of NFTs onchain that aren't in the vault. This is also how Ethereum itself works btw, if all the nodes don't hard fork periodically with a new version of the core code then the whole blockchain stops.

Maybe a very tiny buffer but is it necessary?

Only necessary to the point that ppl tend to be disorganised. If an auditor gets covid and can't come in for a few weeks we don't want that to blow up the system.

Maintain / scale

Offchain Asset Vault

Enables curators of offchain assets to create a token that they can arbitrage offchain assets against onchain assets. This allows them to maintain a peg between offchain and onchain markets.

At a high level this works because the custodian can always profitably trade the peg against offchain markets in both directions.

Price is higher onchain: Custodian can buy/produce assets offchain and mint tokens then sell the tokens for more than the assets would sell for offchain thus making a profit. The sale of the tokens brings the onchain price down. Price is higher offchain: Custodian can sell assets offchain and buyback+burn tokens onchain for less than the offchain sale, thus making a profit. The token purchase brings the onchain price up.

In contrast to pure algorithmic tokens and sentiment based stablecoins, a competent custodian can profit "infinitely" to maintain the peg no matter how badly the peg breaks. As long as every token is fully collateralised by liquid offchain assets tokens can be profitably bought and burned by the custodian all the way to 0 token supply.

This model is contingent on existing onchain and offchain liquidity and the custodian being competent. These requirements are non-trivial. There are far more incompetent and malicious custodians than competent ones. Only so many bars of gold can fit in a vault, and only so many trees that can live in a forest.

This contract does not attempt to solve for liquidity and trustworthiness, it only seeks to provide baseline functionality that a competent custodian will need to tackle the problem. The implementation provides:

• ReceiptVault base that allows a transparent onchain/offchain audit history
• Certifier role that allows for audits of offchain assets that can fail
• KYC/membership lists that can restrict who can - Ability to comply with sanctions/regulators by confiscating assets
• ERC20 shares in the vault that can be traded minted/burned to track a peg
• ERC4626 compliant vault interface (inherited from ReceiptVault)

Fine grained standard Open Zeppelin access control for all system roles.

What if one asset is underperforming?

If one asset is underperforming, it can be propped up by another asset, You can also buy back the tokens

• In aggregate across all ERC20s, this is how much money everybody is entitled to get that number, here is our commitment across all constituent assets
• Model can continue to scale with each new income generating asset increasing the supply of the ERC20
• And each asset disposal or income reduction decreasing the supply of the ERC20.

One way of maintaining the peg is where people are choosing which tokens they believe are equal quality. Drawing from parallels with USDT/USDC/DAI they pick tokens and a threshold to defend the peg. Everyone chooses for themselves which pegs they are willing to be buyers/sellers of 24/7 and if a peg breaks, game over. It has the potential to give custodians a lot of liquidity for their tokens, because they all have full access to any capital sandbox they are included in.

Future, maintaining an open marketplace built on the rain order book themed by asset class.

People can place orders defined in terms of oracle prices for the assets like "buy/sell +/- X% from the CC price oracle" and bots will just maintain the peg. Any time someone wants to know where an asset comes from they just click the audit history and it's all there right down to the certification batch from the EV machine.

Cycling assets or maintaining the system

Custodians may not hold perfectly static eternal assets. While a gold bar in a vault or a house may be easy to consider, there are many assets such as agricultural crops that have natural life cycles.

At first glance it may seem easy for connectors and disconnectors to work together to buy back ERC20 assets from the market, burn the NFTs for the old assets and connect new assets for new assets. The problem with this is that liquidity for any tradable asset starts high and then quickly drops as the market runs dry, leading to huge price spikes.

Said another way, as the ERC20 holders notice what is happening, they have every incentive to ask for astronomical prices knowing that the old NFTs cannot be disconnected until the disconnector holds enough ERC20 tokens to cover the NFTs being burned.

This can be solved very simply by ensuring the connection of new assets happens first before old assets are disconnected. In this case the newly minted ERC20 tokens can simply be handed from the connector to the disconnector directly without ever touching the secondary market.

The key here is to ensure that the connector and disconnector can coordinate the cycling before the next certification audit.

The primary risk is that the minting and burning will not be complete before the next audit, forcing the system into an uncertifiable state until all the previous cycle's NFTs are disconnected.

Wind down

It is not required that the custodial assets are held "forever". It is entirely possible that the custodian may only mint and manage offchain and onchain assets for a specific period of time, a season, year, decade etc.
For example, barrels of whiskey mature over the course of 8-12 years typically. The custodian may hold the barrels in a bonded warehouse until maturation but fully intends to sell 100% of all barrels at a specified maturation date to an offchain buyer (for a profit that more than covers the storage costs over the prior decade).

This presents a problem for the fungible tokens on the secondary market. The custodian wants to distribute profits by buying tokens back at, for example, 2x their original sale cost. Secondary markets for crypto assets are typically powered by price curves rather than order book style where the buyer/seller can dictate a specific price.

The custodian needs to establish a primary market for the fungible tokens where the price per token is:

• Fixed according to the final sale price of the offchain assets, e.g. 2x mint cost
• Respected so that speculators cannot manipulate the price by pumping and dumping liquidity on an AMM style DEX
• Will be permanent and always available to FT token holders even if they want to sell into the offer several years after the offchain sale has been finalised by the custodian, without further effort/permission on behalf of the custodian.

In this case the Rain DEX can be used exactly as in the case of total asset wipeout, but the funds for the order are backed by the total revenue of the offchain sale (minus the custodian's cut) rather than a fractional insurance payout. The order can be placed by a smart contract that itself has no logic or ability to remove the order, this means the end-users are fully protected once the revenue funds are deposited onchain.

The mechanics are exactly the same as the insurance recovery:

Price per token = total revenue / total tokens in circulation

The difference is that here we expect the price per token to be greater than the cost the end-users paid for the tokens when they were minted (profit!) whereas in the insurance case we expect the price per token to be less than or equal to the mint cost.

The custodian after making the offchain sale can immediately mint new tokens for a new batch of replacement barrels to mature in the same warehouse space. These new custodial tokens are a completely new contract, with a new (or identical) set of users and contracts for all the management roles, and can be put up for sale in a standard Rain sale. The end users holding the old tokens can immediately sell their old tokens into the DEX order, then roll as many or as few funds from their sale into buying new tokens from the new contract or just exit (to be replaced by new users hopefully).

Buying / selling of the ERC20's by the ERC1155 holders should only ever happen to maintain the peg or meet audit requirements in case of an NFT deficit. A simple wind down mechanism would be what we discussed with a vending machine that takes 20 and gives USDC at a fixed rate, and the LLC dumps USDC = total 20 supply * price into the vending machine after which the ERC20 tokens are trapped in the vending machine, so the system will never again be eligible to pass any further audits.