This contract is designed to hold ether safely and automate payments to a pre-approved white list of recipients. While this contract is still being tested ether will generally come straight from a trusted Multisig as a safety precaution, but once fully tested and optimized this contract will be a safe place to store funds equipped with optional variable time delays to allow for an optional escape hatch to be utilized if necessary.
function Vault( address _escapeCaller, address _escapeDestination, uint _absoluteMinTimeLock, uint _timeLock, address _securityGuard, uint _maxSecurityGuardDelay)
In the constructor of the Vault, you assign:
_escapeCaller: The account/contract (ideally one account given to multiple trusted individuals) given the power to call the escape hatch and empty the Vault to a trusted destination in the case of an emergency; the
owner can do everything the
escapeCaller can do and can reassign the
escapeCaller if necessary. The escape hatch is optional and can be removed by setting the
_escapeCaller to 0x0.
_escapeDestination: The account/contract (ideally a trusted multisig that does not include anyone holding the key for
escapeCaller) that receives the ether in the vault in the case of an emergency and the function
escapeHatch() is called.
_absoluteMinTimeLock: The absolute minimum number of seconds needed to elapse before an authorized payment from the vault can be executed (giving time for
escapeHatch() to be called or for the
owner to reject the payment).
_timeLock: The default number of secondsneeded to elapse before an authorized payment from the vault can be executed.
_securityGuard: The account/contract (ideally one account given to several trusted individuals) given the power to delay payments in the case of payment disputes; the
securityGuard can do nothing other than delay the authorized payment's execution. The Security Guard feature is optional and can be removed by setting the
_securityGuard to 0x0.
_maxSecurityGuardDelay: The absolute maximum number of seconds that
securityGuard is able to delay an authorized payment (giving time for the escape hatch to be called or for the
owner to reject the payment).
Loading the Vault with Ether
This version of the vault only holds ether (once tested, it will be upgraded to hold tokens as well), ether can be sent directly to the vault (effectively using the fall back fucntion) or by calling
receiveEther(). If tokens are sent to the Vault, at this point, they will be lost.
Managing the White List of Authorized Spending Accounts
owner can add or remove accounts/contracts that are allowed to authorize payments from the
allowedSpenders mapping. To do so, the
function authorizeSpender(address _spender, bool _authorize)
_authorize is set to
true if the owner wants to add
_spender to the white list or is set
false if the owner wants to remove
_spender from the white list.
Preparing and Executing a payment
The addresses in the
allowedSpenders map are able to authorize payments from the Vault by calling:
function authorizePayment( string _description, address _recipient, uint _amount, uint _paymentDelay ) returns(uint)
The expected inputs are:
_description: A brief description of the payment
_recipient: The address that can call
collectAuthorizedPayment() and recipient of the payment.
_amount: The amount to be paid (in wei)
_paymentDelay: The number of seconds the authorized payment is to be delayed before being executed, if this value is less than the default
timeLock determines the number of seconds the payment is delayed.
And this function generates the Payment ID Number (
idPayment) for this payment.
After the time delay has elapsed (described as a UNIX time by
earliestPayTime) the authorized payment can be executed by the recipient of the payment calling
The vault records all of its payments on the blockchain; the details of each payment can be viewed using:
function payment(uint _idPayment)
Delaying and Canceling a Payment
To allow the
owner and the
escapeHatchCaller time to take any action necessary in the case of a questionable payment, the
securityGuard can delay any payment by calling:
function delayPayment(uint _idPayment) onlySecurityGuard
owner can assign an address to act as the
securityGuard by calling:
function setSecurityGuard(address _newSecurityGuard)
also only the
owner can cancel payments by calling:
function cancelPayment(uint _idPayment) onlyOwner
Change the Timelock Requirement
owner can change the minimum time delay for payments by calling:
function changeTimelock(uint _newTimeLock) onlyOwner
owner can not lower the time delay below the hardcoded
_absoluteMinTimeLock set when the Vault was deployed.
Change the Owner
owner can reassign it’s role to another address (or remove the role of
owner completely by reassiging it’s role to 0x0) by calling:
function changeOwner(address _newOwner) onlyOwner
Escape Hatch Mechanism
The escape hatch is configured in the constructor so that
escapeCaller can call
escapeHatch() sending all the ether in the vault to
escapeHatchCaller can be changed by the
owner or the
escapeCaller by calling:
function changeEscapeCaller(address _newEscapeCaller)