VimenDocs
Protocol

Full backing & rounding

The invariant that makes "fully backed" checkable instead of promised.

"Fully backed" on Vimen is not a marketing claim; it is a machine-checkable invariant:

For every constituent i, at all times: constituent[i].balanceOf(vault) ≥ ceil(totalSupply × units[i] / 1e18)

You can check it yourself: every basket exposes isFullyBacked(): open the contract on Blockscout's read tab and call it. It should return true forever, after any sequence of operations by anyone.

How the invariant is enforced

Three mechanisms, all protocol-favoring:

  1. Mint rounds deposits up. getRequiredUnits computes ceil(amount × units[i] / 1e18) per constituent, so a mint can never deposit a wei less than what backs the minted supply.
  2. Balance-delta verification. mint doesn't trust transferFrom's return value; it measures the vault's actual balance before and after each pull and requires delta ≥ required. Fee-on-transfer, deflationary or lying tokens make the mint revert (InsufficientDeposit) instead of under-collateralizing the vault.
  3. Redeem rounds payouts down. redeem pays floor(amount × units[i] / 1e18), so a redemption can never withdraw more than the burned supply released.

The suite proves this holds: an invariant test hammers the contract with arbitrary call sequences and asserts full backing after each; fuzz tests pin the rounding bound exactly.

The rounding budget

Rounding costs a user at most 1 wei per constituent per operation, and the dust always accrues to the vault, never the other way:

  • Fuzz-tested bound: each deposit leg lands in [required − 1 wei, required] of the ideal amount.
  • A full mint→redeem roundtrip costs at most nConstituents wei of constituents: for a 7-token basket, 7×10⁻¹⁸ of a token. Economically nil at 18 decimals.
  • No sequence of operations lets a user profit from rounding (fuzzed explicitly).

Why the mint fee can't break backing

The 0.30% mint fee is taken in basket tokens, not by skimming constituents: mint amount, receive amount − fee, and the fee recipient receives fee freshly minted. Every outstanding basket wei (user's or fee recipient's) is backed by the same deposit that minted it, so the invariant needs no special case for fees. See Fees.

Reentrancy and hostile tokens

mint and redeem are nonReentrant, and the test suite includes malicious constituent mocks attempting reentry on transfer hooks in all four entry-combinations; all revert. Combined with the balance-delta check, hostile or non-standard constituents can fail a transaction but cannot extract backing.

On this page