Smart Contracts
Collective uses minimal, audited smart contracts for deposit and vault token management.
Our contracts are intentionally simple:
┌─────────────────┐ ┌─────────────────┐
│ User Wallet │────▶│ Vault Contract │
└─────────────────┘ └─────────────────┘
│
▼
┌─────────────────┐
│ Vault Tokens │
│ (ERC-4626) │
└─────────────────┘
What the contract does:
Mint vault tokens proportionally
Process withdrawal requests
Burn vault tokens on withdrawal
Track vault token price via oracle updates
What the contract doesn't do:
Hold inventory (cards are physical)
Contract Addresses
Contracts will be published and verified on block explorer.
Design Principles
Minimal complexity — Less code = fewer bugs
Battle-tested standards — ERC-4626 for vault tokens
No admin keys — Immutable where possible
Transparent upgrades — Timelock for any changes
Audit status: Pending
We plan to have contracts audited before mainnet launch. Audit reports will be published here.
We will operate a bug bounty program for responsible disclosure:
Details: [TBD]
The vault value includes off-chain inventory. We use an oracle to update this:
Update frequency: At least weekly, always at epoch boundaries
Data source: Vendor-reported inventory valuations
Verification: Cross-checked against market data
Dispute window: [X] hours before finalization
The oracle is a trusted role initially. As we grow, we'll explore more decentralized solutions.
Smart contracts carry inherent risks:
Bugs: Undiscovered vulnerabilities could lead to loss of funds
Oracle manipulation: Incorrect valuations could affect withdrawals
Chain risk: HyperEVM is newer and less battle-tested than Ethereum mainnet
See Risks for full details.
→ Transparency → Risks