Skip to main content

Core Vault

Overview

FAssets Core Vault ArchitectureFAssets Core Vault Architecture

The Core Vault (CV) is a specialized FAsset system vault that operates on the underlying network. It allows FAsset agents to deposit and withdraw underlying assets while optimizing capital efficiency through reduced collateral requirements. The CV was introduced in FAssets v1.1 to solve key limitations of v1, such as limited minting capacity, high collateral burdens, and poor agent exit flexibility.

Only whitelisted users can withdraw from the Core Vault.

The Core Vault is:

  • A multisig-controlled reserve that enhances agent liquidity and profitability
  • Integrated into the FAssets smart contract system on Flare
  • Designed to operate with manual, auditable, and time-bounded signing routines
  • Supported by escrow-based fund throttling to mitigate security risk

FAsset users don't need to take any action to benefit from CV — it automatically integrates with FXRP and other v1 tokens.

Key Features

Transfer Capacity

A system parameter defines the minimum percentage of minting capacity (based on collateral) that must remain on an agent's address after transferring assets to the CV.
This ensures redemption liquidity and protects the system from agent insolvency.

Security Design

Each asset type has a dedicated Core Vault, which is managed by a multisig contract under a formal agreement with Flare. The assets stored in the CV do not belong to any specific agent and can be can be requested to return to the agent's collateralized security. To ensure security, governance has the authority to pause deposits and withdrawals if necessary, such as in the event of a system compromise.

The Core Vault operates through a predefined address on the underlying chain and is managed via a multisig setup with smart contract oversight under formal Flare contracts. Governance has the authority to pause operations in the event of a security issue.

Operational Workflow

Transferring to Core Vault

  1. Agent Transfers Assets

    The agent announces a transfer and sends the underlying asset (e.g., XRP) to the Core Vault (CV) address with a valid payment reference.

  2. Proof of Payment Submitted

    Anyone (including the agent) submits a proof of the transfer to the FAsset system.

  3. Verification and Redemption

    After verifying the payment, the system releases the agent's collateral.

info

Transfer requests do not expire. Agents must either complete the transfer or cancel and re-queue it. Inaction leaves collateral locked indefinitely.

Redemption from Core Vault

There are two methods to retrieve assets from the CV:

Request for Return (Agents Only)

An agent can request assets from the CV through a special minting process, which creates a collateral reservation. Once the request is made, CV operators execute the transfer and submit proof of payment to the asset manager. There is no time limit for the CV to honor the request, but governance ensures timely execution.

Direct Redemption (Users)

Approved users can burn FXRP and receive underlying XRP from the CV. This Requires KYC approval and a minimum redemption threshold. It is typically processed once per day and has a lower priority than agent return requests. It is helpful for large, less time-sensitive redemptions.

XRP Core Vault Design

The XRP Core Vault is a multisig account on the XRP Ledger, backed by an audited Flare smart contract that emits transaction instructions for execution.

Transactions in XRP Core Vault

The XRP Core Vault (CV) uses two types of transactions:

  • Payment Transactions: Transfers XRP back to agents upon redemption.
  • EscrowCreate Transactions: Time-locks XRP to control fund releases and minimize spending risk.
info

The vault is operated manually. Multisig signers validate all outgoing transactions against a pre-approved rule set and sign them only during designated daily windows.

Daily Security Routine

  1. Escrow Expiry Adds Funds

    An expired escrow (size L) adds XRP to the vault’s available pool.

  2. Withdrawals & Payouts

    Users request withdrawals; multisig operators validate Flare’s offchain instructions and process payouts.

  3. Re-escrow Excess & Maintain Reserve

    Remaining funds are escrowed in batches (size L), while a minimum reserve (M) is kept in the vault.

Three escrows are created if remaining_funds = M + 3L, and M stays in the wallet.

Security Model

The XRP Core Vault features enhanced security measures for managing daily liquidity, including escrow time-locking and a minimum reserve in multisig setups. It has an emergency pause function and "Red Alert Mode" for urgent threats.

In case of a security issue, all signing is halted pending governance review. Escrow accounts may be unlocked to prevent asset loss, with governance overseeing the restoration of operations. Only one escrow can be unlocked per day, minimizing potential damage.