The Reserve Protocol enables a class of token called RToken: self-issued tokens backed by a rebalancing basket of collateral. While the protocol enables any number of RTokens to be created, further discussion is limited to the characterization of a single RToken instance.
RTokens can be minted by depositing a basket of collateral tokens, and redeemed for the basket as well. Thus, an RToken will tend to trade at the market value of the entire basket that backs it, as any lower or higher price could be arbitraged.
The definition of the issuance/redemption basket is set dynamically on a block-by-block basis with respect to a reference basket. While the RToken often does its internal calculus in terms of a single unit of account (USD), what constitutes appreciation is entirely a function of the reference basket, which is a linear combination of reference units.
RTokens can be over-collateralized, which means that if any of their collateral tokens default, there's a pool of value available to make up for the loss. RToken over-collateralization is provided by Reserve Rights (RSR) holders, who may choose to stake their RSR on an RToken instance. Staked RSR can be seized in the case of a default, in a process that is entirely mechanistic based on on-chain price-feeds, and does not depend on governance votes or human judgment.
But markets do not over-collateralize holders for free. In order to incentivize RSR holders to stake in an RToken instance, each RToken instance can choose to offer an arbitrary portion of its revenue to be directed towards its RSR over-collateralization pool. This encourages staking in order to provision over-collateralization.
As with any smart contract application, the actual behavior may vary from the intended behavior. It's safest to observe an application in use for a long period of time before trusting it to behave as expected. This overview describes its intended behavior.
For a much more detailed explanation of the economic design, including an hour-long explainer video (!) see the Reserve website.
The DeployerRegistry, which contains a link to all official releases via their Deployer contracts, can be found here.
Deployed collateral plugin addresses and their configuration parameters can be found here.
We have a p0
and p1
implementation for each contract in our core system. The p0
version is our specification prototype, and is intended to be as easy as possible to understand. The p1
version should behave identically, except that it employs substantial optimizations and more complicated algorithms in order to achieve lower gas costs.
We implement and maintain both of these systems in the name of correctness. Implementing p0 helps us to specify the exact intended behavior of the protocol without needing to deal simultaneously with gas optimization; maintaining equivalent behavior of both serves as a substantial extra form of testing. The behavior of each contract in p1
should be identical to the behavior of the corresponding contract in p0
, so we can perform differential testing between them - checking that they behave identically, both in our explicit tests and in arbitrary randomized tests.
We thought p0
and p1
would end up being a lot more different than they ended up being. For the most part the contracts only really differ for StRSR.sol
, and a little for RToken.sol
.
P0 implements our "abstract" economic protocol; it should have equivalent observable behavior to P1, but be expressed just as clearly as we can manage it in Solidity. In several places, we achieve that clarity by forgoing any attempt to be realistic to deploy to Ethereum.
P1 is the production version of the economic protocol.
contracts
holds our smart contracts:
p0
and p1
each contain an entire implementations of our core protocol. p0
is as easy as possible to understand; p1
is our gas-efficient system to deploy in production.plugins
contains our initial implementations of these (plugins/assets
, plugins/trading
), as well as mock implementations of each asset and auction platform that we're using for testing purposes (plugins/mocks
).interfaces
contains the contract interfaces for all of those implementations.test
holds our Typescript system tests, driven through Hardhat.
The less-central folders in the repository are dedicated to project management, configuration, and other ancillary details:
common
: Shared utility types, methods, and constants for testing in TypeScripttasks
: Hardhat tasksscripts
: Hardhat scriptstypes
: Typescript annotations; currently just export interface Address {}
hardhat test
yarn test:unit
Target: Full branch coverage, and testing of any semantically-relevant situations
hardhat test
yarn test:integration
Target: Each integration we plan to deploy behaves correctly under all actually-anticipated scenarios.
Located in fuzz
branch only.
Target: The handful of our most depended-upon system properties and invariants are articulated and thoroughly fuzz-tested. Examples of such properties include:
If you would like to contribute, you'll need to configure a secret in your fork repo in order for our integration tests to pass in CI. The name of the secret should ALCHEMY_MAINNET_KEY
and it should be equal to the suffix portion of the full URL.
Usage: https://eth-mainnet.alchemyapi.io/v2/${{ secrets.ALCHEMY_MAINNET_KEY }}
To get setup with tenderly, install the tenderly cli. and login with tenderly login --authentication-method access-key --access-key {your_access_key} --force
.
See: Immunefi