Full backing & rounding
The invariant that makes "fully backed" checkable instead of promised.
"Fully backed" on Vimen is not a marketing claim; it is a machine-checkable invariant:
For every constituent i, at all times:
constituent[i].balanceOf(vault) ≥ ceil(totalSupply × units[i] / 1e18)
You can check it yourself: every basket exposes
isFullyBacked(): open the
contract on Blockscout's read tab and call it. It should return true
forever, after any sequence of operations by anyone.
How the invariant is enforced
Three mechanisms, all protocol-favoring:
- Mint rounds deposits up.
getRequiredUnitscomputesceil(amount × units[i] / 1e18)per constituent, so a mint can never deposit a wei less than what backs the minted supply. - Balance-delta verification.
mintdoesn't trusttransferFrom's return value; it measures the vault's actual balance before and after each pull and requiresdelta ≥ required. Fee-on-transfer, deflationary or lying tokens make the mint revert (InsufficientDeposit) instead of under-collateralizing the vault. - Redeem rounds payouts down.
redeempaysfloor(amount × units[i] / 1e18), so a redemption can never withdraw more than the burned supply released.
The suite proves this holds: an invariant test hammers the contract with arbitrary call sequences and asserts full backing after each; fuzz tests pin the rounding bound exactly.
The rounding budget
Rounding costs a user at most 1 wei per constituent per operation, and the dust always accrues to the vault, never the other way:
- Fuzz-tested bound: each deposit leg lands in
[required − 1 wei, required]of the ideal amount. - A full mint→redeem roundtrip costs at most
nConstituentswei of constituents: for a 7-token basket, 7×10⁻¹⁸ of a token. Economically nil at 18 decimals. - No sequence of operations lets a user profit from rounding (fuzzed explicitly).
Why the mint fee can't break backing
The 0.30% mint fee is taken in basket tokens, not by skimming
constituents: mint amount, receive amount − fee, and the fee recipient
receives fee freshly minted. Every outstanding basket wei (user's or fee
recipient's) is backed by the same deposit that minted it, so the invariant
needs no special case for fees. See Fees.
Reentrancy and hostile tokens
mint and redeem are nonReentrant, and the test suite includes malicious
constituent mocks attempting reentry on transfer hooks in all four
entry-combinations; all revert. Combined with the balance-delta check,
hostile or non-standard constituents can fail a transaction but cannot
extract backing.