Smart Contract Design

Trustless Finance with Modular Design

Overview

The Checks Platform is built on a modular, upgradeable architecture designed to balance flexibility, scalability, and resilience. At its core, the platform uses the Diamond Proxy Standard (EIP-2535), which enables virtually unlimited functionality under a single contract address. Combined with token-bound accounts (ERC-6551), this framework provides both a rich feature set and strong isolation of user assets.

Diamond Proxy Standard (EIP-2535)

At the core of the system is a Diamond proxy contract that delegates calls to independent “facet” contracts, each responsible for a set of related functions. This design provides:

  • Modularity: Facets can be added or upgraded without disrupting the overall system.

  • Shared Storage: All facets interact with a single storage layout, keeping state consistent.

  • Standardized Interface: The EIP-2535 Loupe interface allows anyone to query active facets and functions at any time.

  • Community Support: Well-audited reference implementations and developer tools support this standard.

  • Upgradeability: New functionality can be introduced without breaking the external interface.

This architecture ensures that the platform can evolve over time, with new features introduced through additional facets while maintaining stability for users.

Architecture Evolution

The modular design means that each major feature is implemented as its own facet, keeping complexity manageable and enabling incremental upgrades. For example:

  • A facet may handle NFT Check core logic.

  • Another manages token-bound accounts.

  • Others can govern yield strategies, escrow functions, or lending models.

Future upgrades such as new oracle integrations or novel lending mechanisms can be introduced by deploying a new facet and updating the Diamond’s function selector table through governance. This approach ensures long-term adaptability while preserving user-facing stability.

Token-Bound Account (ERC-6551) Integration

Each NFT Check is represented as an ERC-721 token that has the ability to own assets through the ERC-6551 standard. When a check is minted, it is assigned a deterministic account address that can securely hold collateral or interact with DeFi protocols.

Benefits of ERC-6551 integration include:

  • Asset Isolation: Each check maintains its own account, ensuring separation of funds.

  • Ownership Clarity: Assets belong to the NFT holder, not the platform.

  • Interoperability: ERC-6551 accounts work seamlessly with existing ERC-721 standards.

  • Deterministic Addresses: Account addresses can be predicted and audited in advance.

This system guarantees that every check functions as a self-contained unit, with collateral and logic tied directly to its token.

Implementation Approach

The practical flow for NFT Checks is:

  1. Account Creation: When minted, the NFT is associated with its token-bound account.

  • Proxy Deployment: If no account contract exists yet, the registry deploys a minimal proxy account.

  • Fund Transfer: The check’s owner or the protocol can deposit collateral into the account.

  • Smart Logic Execution: The check’s contract logic governs how and when assets can be released, transferred, or used in other protocols.

This approach ensures a clean separation of responsibilities, where the NFT Check defines rules and the token-bound account enforces custody.

Access Control

The platform’s contract design follows the principle of permissionless by default. All user-facing functions, such as minting checks, transferring ownership, or redeeming funds, are open and require no privileged access.

Administrative functions, such as pausing the protocol in an emergency or registering new modules, are restricted through role-based access. These roles are controlled by governance via time-locked contracts, ensuring that sensitive operations are transparent and cannot be executed unilaterally. This balance maintains user freedom while preserving safeguards for critical functions.

Standards & Testing

The platform is built on proven Ethereum standards to minimize risk and maximize interoperability. Core components include:

  • ERC-721 for NFT representation.

  • ERC-6551 for token-bound accounts.

  • ERC-4626 for standardized yield strategy vaults.

To validate reliability, extensive unit and integration tests simulate real-world conditions such as vesting schedules, cross-chain transfers, oracle failures, and edge cases. This comprehensive testing ensures predictable behavior even under stress, reducing the risk of unexpected outcomes once deployed to mainnet.

Strategy Integration

Integrating external yield strategies introduces potential risk, which is mitigated through careful design. The platform relies on ERC-4626 adapters to connect with established protocols such as Aave and Compound, ensuring standardized and transparent interactions.

To contain exposure, strategies are whitelisted and subject to strict limitations. They cannot move funds arbitrarily but only within approved boundaries. If a yield source becomes compromised, governance has the ability to quickly cut off access, protecting user funds while maintaining the broader system’s stability.

Built-In Security Reinforcements

While security has its own dedicated section, several safeguards are inherent to the architecture itself:

  • Upgradeability with Oversight: Diamond proxies allow new features to be added, but upgrades are gated through governance mechanisms to prevent unauthorized changes.

  • Transparency: The Loupe interface enables anyone to query which facets are active, ensuring users always know the rules governing their checks.

  • Resilience Through Isolation: Token-bound accounts ensure that even in the event of a protocol pause or module failure, user funds remain segregated and accessible.

These design choices embed security into the structure of the protocol itself, making it part of the architecture rather than an afterthought.

PreviousRevenue ModelNextTechnical Deep Dive

Last updated