Constructing the Cardashift ICO: A Look Behind the Scenes

erable°
4 min readJan 19, 2022

As you probably know, in September 2021, smart contracts were partially released on the Cardano Mainnet. Only the “on-chain” portion was delivered, and we are still waiting for an official end-to-end solution to come. The Cardano community has a strong long-term vision and the quality of its deliveries is outstanding. Things done well take time, and we completely support its careful approach.

Nevertheless, to mitigate the risks, we have chosen a solution without smart contracts for the ICO. Let’s be clear: this is a centralized solution! But it is circumstantial and temporary, and in this article, we’d like to be completely transparent about how it works. Also, the codebase is open-source on Tokenomia.

The ICO specifications

  1. Only investors passing the KYC process are able to provide funds.
  2. First come first served: funds are processed in chronological order.
  3. If we receive less than 200 ADA, you won’t receive CLAP token in exchange and you won’t be automatically refunded. You will have to contact us to get a refund(minus fees).
  4. If we receive more than 50K ADA during the Flash Sale, the amount exceeding 50K will be moved automatically to the public sale.
  5. If we receive more than 50K ADA during the Public Sale, the amount exceeding 50K will be refunded automatically (minus fees).
  6. Transaction fees are paid by investors.

Solution

HD Cardano Wallets & KYC

We are leveraging the HD (hierarchical deterministic) properties of Cardano Wallets by creating a Child Key Address for each Investor (validated via an upstream KYC process).

We will have a different wallet for each round of the ICO (Flash and Public sale) to receive funds. From these round wallets, with their Stake Keys, we will derive a key for each valid KYC “1852H/1815H/0H/0/X” where X == Child Key Index == investor Id.

After the KYC process, at the beginning of the sale, the investor:

  1. Must have provided a payback address to receive either the exchanged tokens or a refund.
  2. Will be given a payment address (the child public key address) where they will send their funds. This address will be available for each investor only when the round starts.

N.B: For handling multiple rounds, investors will keep the same index for the different round wallets. From the investor point of view, only the payment address changes between rounds.

Wallet Stake key derivation scheme

Deterministic Funds Flow

Funds validation

Inputs: n child addresses filled up with each investor y funds (UTxOs)

Validations:

  1. Minimum ADAs per UTxOs and without Native Tokens
  2. Maximum ADAs sent on an address
  3. Within the round time range

Outputs:

  1. Validated Funds are sent on the token exchange address.
  2. Unvalidated ones are:
  • either moved to the next round token exchange address;
  • or sent back to the investor via their payback addresses;
  • or kept when funds are too small (< 200 ADA) or when funds contain unexpected native tokens.

Transactions

  1. Multi-sig/multi-wallet.
  2. Balanced: no change address used for fees; they are fairly deducted from the funds involved.
  3. Since the inputs could eventually be unlimited, we are using streaming techniques that clump the IOs into several transactions.
  4. The n child addresses are fully processed before proceeding to the exchange, but only the funds that have arrived before the beginning of the scan will be processed, guaranteeing the total chronological order of funds processing.

Exchange

Inputs

  1. All validated funds coming from the previous stage at a given time in chronological order.
  2. An address with the tokens.

Validations : Funds received on the exchange address can only come from the child addresses of the Investors Flash and Public wallets.

Outputs

  1. Tokens exchanged are sent back to investors via their payback addresses.
  2. Funds exchanged are sent to our round sink address.
  3. When Tokens are sold out, the funds are:
  • either moved to the next round;
  • or refunded to the investor via their payback addresses.

Transactions

  1. Multi-sig/multi-wallet
  2. Balanced: no change address used for fees; they are fairly deducted from the funds involved
  3. Since the inputs could be eventually unlimited, we are using streaming techniques that clump the IOs into several transactions.
  4. The funds are processed in chronological order.
Diagram of exchanges between investment and sending of CLAP

Security

System inputs are secure; here are the different scenarios:

  1. Funds received on an investor child address: in the worst case scenario, these funds will benefit the investor or will be ignored.
  2. External funds received on the exchange address will be ignored.
  3. Funds received on the token address will be ignored.

Conclusion

In the end, it was quite a challenge to make this ICO without smart contracts. When you miss something you realize its value 😉

The next Cardashift deliveries will use Plutus Smart Contracts and we look forward to them! Thanks for your interest in this project.

Join us on Discord: https://discord.gg/9xdCKGZetV. Feel free to ask your questions there!

To participate in the ICO go to our official website

Follow us on Discord & share your opinion! 🔥

You can also follow us on Twitter and learn more about us on our Website.⚡️

Written by Nicolas Henin — Director, Cardano Solutions Architecture & Lead Haskell Engineer

--

--

erable°

erable° is a unique investment platform for funding the ecological transition, making investing in this transition accessible to retail investors.