C
C
CEX Claims Docs
Ask or search…
K

Validity & Security

May 30, 2023

Introduction

This page is analogous to the occasional "Trust & Safety" statements in web2 ecosystems. However, for our real-world asset (RWA) attestation and support services (currently limited to bankruptcy claims) for on-boarding into web3, we find that reassurances on validity and security are more accurate.
The philosophy is not having to "trust" that a bankruptcy claim (represented by an NFT) is valid, but incorporating sufficient evidence for parties with a need to know to independently verify with sufficient confidence that such claim is valid. Because the evidence inherently contains some private data, we discuss how it is secured by encryption and access control.
These containments of fraud and personal information abuse both support the safety of the ecosystem, enabling parties to efficiently trade claims or productively unlock capital in exchange for yield.

Claim Validity

The hallmark of a valid NFT bankruptcy claim is its ability to be minted after passing due diligence which is replicable. A "claim evidence" section is added to the metadata of each NFT, containing proofs that are verifiable manually or programmatically. Only actual or prospective purchasers or lenders with a need to know can access the evidence containing private data, which is stored encrypted.

Documentation Supporting the Claim

The “claim evidence” section contains mostly emails sent by the claims agent and an assignment of claim, but might include other documentation.
If a claim transfer to a claim administrator such as the planned private foundation was filed with the court, a public link to the filing will be present in the NFT metadata.

Email Evidence

The NFT metadata generation process requires original emails received by claimants from the CEX or claims agent confirming their claim. Claimants must also confirm their email during the claim on-boarding. If the email is authentic, it confirms the minter's control of the claim.

Court Records Check

We check if the claim was transferred to another party on the bankruptcy case docket or is involved in legal proceedings, so as to not authorize their minting. This information is publicly verifiable by traditional means without the need for data attached to the NFT. However, we might host open-source tools to make these checks more accessible.

Facultative Video Verification and KYC

In addition to email verification, claimants can verify their ID matches the claim holder name and confirm the claim on-boarding in video; then a KYC attestation (not hard proof) would be added into the NFT metadata. This is an extra step that involves trust in an attestation, but does not change that validity is ascertainable independently by other means (i.e., by email signature verification and by an uncontested transfer on file with the court). We will not share data from the KYC process (held until claim resolution), unless required by legal process in the US (or Singapore for future cases in Singapore).
This step is facultative at least for claimants with locked value under $10,000, and will likely remain requested for claims from $10,000.

NFT Collection Tiers

There will be different NFT collections representing different tiers of claim verification. Once deployed, the verification requirements are immutable. This ensures marketplace participants can transact according to their risk acceptance simply by logical organization of the collections.
For illustration, there may be a collection for claims under $10,000 with no KYC, a collection for claims under $10,000 with KYC, and another collection for claims over $10,000 with KYC.

AML

In addition to the Court Records Check, per our terms, the claimant represents and warrants that the assets owed to the claimant by the bankrupt entity were lawfully obtained and owned by the claimant, free from any connection to, or involvement in, money laundering or other illegal activities. If the new claim owner finds any such connection or involvement, the new claim owner shall have the right to cancel the purchase and the claimant shall promptly refund the purchase price. In such conditions, a lender may similarly cancel a loan.

Sanctions / Enforcement

An attestation of the country and state in which the minter was based (relying, for example, on the IP address used when on-boarding for small non-KYC claims or document country if KYC was completed) is posted in the NFT metadata (not the information itself) for parties with a need for sanctions compliance or wanting to deal with counterparties in specific jurisdictions.
Since the bankrupt CEXs usually did not on-board sanctioned customers and the on-boarding process has a Court Records Check, much efforts should not be necessary.

Additional Requirements in Private Deals

When transacted P2P rather than by market order, purchasers or lenders may customize more validity checks or other requirements in addition to the existing metadata.
Contractual rights are evidenced in the NFT metadata. We forked the legal agreements used by the top bankruptcy claims marketplaces, and a redline is available to review minimal modifications (essentially for Claim NFT On-Boarding Consent, Cooperation and Compliance).
These model agreements have been used routinely for successful claim assignments and transfers on file with the US Bankruptcy Courts. Once the transfer is noticed and uncontested, recovery should be paid out to the transferee (subject to legal processes and remedies).

Self-custody or Administration

Unlike an order book model on a CEX that may require transfer of the claim to an administrator or trustee, our model makes self-custody possible (not just of the token but also the claim itself).
Given it is not efficient to record claim transfers with the courts (which charge $26) after every blockchain transaction, optional administration through a private foundation may also be offered. At this time, we are considering Panama for the jurisdiction, which guarantees property rights constitutionally and enables private foundation assets to be entitled to certain beneficiaries. Ideally and with the claims agent's cooperation, the foundation might be able to direct payments directly to beneficiaries without temporarily having custody for distribution. The NFT holder would be a beneficiary who can elect to whom the distribution shall be made. Otherwise, the distributors would be lawyers and paralegals with trust accounts and ethical accountability in the handling of funds.

Protections Against Hacks

The NFT contract currently does not have an audit or bug bounty. The ERC-721 contract is based on the OpenZeppellin standard and incorporated changes essentially for minting authorization, which was tested with Foundry.
Legal security is a positive aspect of tokenizing bankruptcy claims versus assets living on-chain only. The final distributions remain under the jurisdiction of the bankruptcy court, which can protect creditors in cases of misappropriations of claims such as a hack on the infrastructure.
In case of an individual hack, we have a finality clause in our legal agreements, which gives a previous claim holder a week to dispute an NFT transfer in arbitration. This period is limited to a week due to transaction finality being important for the counterparty and further transactions. We recommend monitoring transfers out of your wallet and may even implement monitoring infrastructure to alert you.
Given these considerations, the contract is updateable and we may transfer ownership of an NFT if ordered by legal process either by arbitration or court. Again, an improper transfer of ownership (even by us) can be contested with legal remedies.
In a future contract upgrade, we would like the arbitration and enforcement of legal process to be trust-minimized with on-chain conditions, an oracle and/or decentralized justice.
If any aspect of the current centralization causes a concern for minting your NFT, we are happy to discuss ways to increase decentralization and consider a new, more decentralized collection.

Cybersecurity

Aside from the web3 security necessary for the smart contracts, wallets and encrypted data on IPFS, we handle information prior to the minting of claims and keep records that are necessary for our support functions such as attestations of KYC and the sharing of due diligence to prospective buyers or lenders. We will implement good security practices and standards, and will update this section.

Summary of Trust Assumptions

  • Opt-in custody of claims by a private foundation or administrator chosen by the minter
  • Opt-in attestation of information not included on the chain or metadata such as KYC
  • Trust that we will not misuse or breach data that is to be shared with bona fide parties only (at least initially as more on-chain access control may be implemented)
  • Stewardship of contract functions, including contract upgrades (at least initially) and enforcement of legal process
If you think we forgot some trust assumptions, let us know and we will gladly add more disclosures.

Dependencies and Supply Chain

We currently use the following solutions and providers (and might use some more), which might introduce security risks.
  1. 1.
    Lit Protocol* for encryption/decryption of claim evidence
  2. 2.
    Microsoft for forms, cloud hosting and business productivity
  3. 3.
    KYC providers Veriff or KYCAid (facultative for claims under $10,000)
--
*Risk of failure in the crypto methods or compromise of nodes. Lit responded they would share reassurances on node security practices, expects to release the node code in May 2023, has a bug bounty and has pending audits in addition to a past one.

Disclaimers

We do not guarantee the validity of bankruptcy claims; our role is providing an on-boarding process for parties to independently verify with sufficient confidence according to their risk acceptance. We do not guarantee any results as a consequence of the processes described herein. We do not give legal or professional advice, only general information. See also the full terms and conditions and privacy policy.

Changes

This is an early version subject to modifications based on feedback from the blockchain and legal communities.