Repository files navigation

This contract is designed to hold ether safely and automate payments to a pre-approved white list of recipients. While this contract is still being tested ether will generally come straight from a trusted Multisig as a safety precaution, but once fully tested and optimized this contract will be a safe place to store funds equipped with optional variable time delays to allow for an optional escape hatch to be utilized if necessary.

function Vault(    address _escapeCaller,    address _escapeDestination,    uint _absoluteMinTimeLock,    uint _timeLock,    address _securityGuard,    uint _maxSecurityGuardDelay)

In the constructor of the Vault, you assign:

_escapeCaller: The account/contract (ideally one account given to multiple trusted individuals) given the power to call the escape hatch and empty the Vault to a trusted destination in the case of an emergency; theowner can do everything theescapeCaller can do and can reassign theescapeCaller if necessary. The escape hatch is optional and can be removed by setting the_escapeCaller to 0x0.

_escapeDestination: The account/contract (ideally a trusted multisig that does not include anyone holding the key forescapeCaller) that receives the ether in the vault in the case of an emergency and the functionescapeHatch() is called.

_absoluteMinTimeLock: The absolute minimum number of seconds needed to elapse before an authorized payment from the vault can be executed (giving time forescapeHatch() to be called or for theowner to reject the payment).

_timeLock: The default number of secondsneeded to elapse before an authorized payment from the vault can be executed.

_securityGuard: The account/contract (ideally one account given to several trusted individuals) given the power to delay payments in the case of payment disputes; thesecurityGuard can do nothing other than delay the authorized payment's execution. The Security Guard feature is optional and can be removed by setting the_securityGuard to 0x0.

_maxSecurityGuardDelay: The absolute maximum number of seconds thatsecurityGuard is able to delay an authorized payment (giving time for the escape hatch to be called or for theowner to reject the payment).

This version of the vault only holds ether (once tested, it will be upgraded to hold tokens as well), ether can be sent directly to the vault (effectively using the fall back fucntion) or by callingreceiveEther(). If tokens are sent to the Vault, at this point, they will be lost.

Theowner can add or remove accounts/contracts that are allowed to authorize payments from theallowedSpenders[] mapping. To do so, theowner calls:

function authorizeSpender(address _spender, bool _authorize)

_authorize is set totrue if the owner wants to add_spender to the white list or is setfalse if the owner wants to remove_spender from the white list.

The addresses in theallowedSpenders[] map are able to authorize payments from the Vault by calling:

function authorizePayment(    string _description,    address _recipient,    uint _amount,    uint _paymentDelay) returns(uint)

The expected inputs are:_description: A brief description of the payment_recipient: The address that can callcollectAuthorizedPayment() and recipient of the payment._amount: The amount to be paid (in wei)_paymentDelay: The number of seconds the authorized payment is to be delayed before being executed, if this value is less than the defaulttimeLock thentimeLock determines the number of seconds the payment is delayed.

And this function generates the Payment ID Number (idPayment) for this payment.

After the time delay has elapsed (described as a UNIX time byearliestPayTime) the authorized payment can be executed by the recipient of the payment callingcollectAuthorizedPayment().

The vault records all of its payments on the blockchain; the details of each payment can be viewed using:

function payment(uint _idPayment)

To allow theowner and theescapeHatchCaller time to take any action necessary in the case of a questionable payment, thesecurityGuard can delay any payment by calling:

function delayPayment(uint _idPayment) onlySecurityGuard

Only theowner can assign an address to act as thesecurityGuard by calling:

function setSecurityGuard(address _newSecurityGuard)

also only theowner can cancel payments by calling:

function cancelPayment(uint _idPayment) onlyOwner

Theowner can change the minimum time delay for payments by calling:

function changeTimelock(uint _newTimeLock) onlyOwner

However theowner can not lower the time delay below the hardcoded_absoluteMinTimeLock set when the Vault was deployed.

Theowner can reassign it’s role to another address (or remove the role ofowner completely by reassiging it’s role to 0x0) by calling:

function changeOwner(address _newOwner) onlyOwner

The escape hatch is configured in the constructor so thatescapeCaller can callthe functionescapeHatch() sending all the ether in the vault toescapeDestination.

TheescapeHatchCaller can be changed by theowner or theescapeCaller by calling:

function changeEscapeCaller(address _newEscapeCaller)