The general architecture combining the Chainlink proof of reserve with an Enzyme vault is illustrated below for arbitrary native and target chains, showing how Celsius can generate yield on both while preserving transparency:

Oracle Integration

We utilize the Chainlink Oracle's feed for proof of reserve data integrated into the wrapped token smart contract on the target chain. To guard against the drift of collateralization ratios between the target and native chains as well as determine minting conditions, we employ the following protocol, which is currently in development:

Isomorphic Proof of Reserve

The actions of minting, burning, and withdrawing tokens depend on a complex series of conditions that the Chainlink oracle must verify, since each function is gated by reserve conditions and the state of other associated tokens.
Specifically, for wrapped tokens:
  • Mint allows owners to mint tokens to valid addresses. It calls on Chainlink and only enables the call if the oracle approves reserves on the native chain.
  • Burn allows minted tokens to be burned and can only happen if the resulting unburnt value is greater than the value in user accounts. This ensures that when burning a wrapped token, Celsius doesn't affect ones owned by customers.
On the native chain:
  • Withdraw can only happen if enough wrapped tokens have been burned. Specifically, the protocol avoids a race condition between the withdraw and mint functions, where potential oracle subversion could occur with simultaneous commands to withdraw on the native chain while minting on the target chain.
  • Deposit can always occur.
These items are handled in a manner that does not require the end user to trust Celsius by employing a smart contract that prevents withdrawing reserves without a sufficient corresponding amount of wrapped token being burned.