In the alpha version, Quiver is running as a centralized exchange.

Sign In with Ethereum

Quiver does not use traditional email/password login. Instead, it uses Sign In with Ethereum. Instead, users are required to sign a message proving ownership of the account.

When the user connects their wallet for the first time, they will be required to sign a message with a statement that they are not US persons.

The address used in connection to sign up is also necessarily the address used for deposits and withdrawals. This guarantees that, while Quiver can be used pseudonimously, giving users the right to privacy, it cannot be used for cryptocurrency mixing, an activity that is illegal in many jurisdictions.

Stablecoin Conversions

Users are able to deposit different stablecoins in different EVM chains. Initially the following four are supported:

• USDC on Ethereum

• USDC on Polygon

• wXDAI on Gnosis Chain

• BUSD on Binance Smart Chain

Each of these assets is accounted for internally independently as different assets.

We define another asset to denote the primary USD balances for each user. These balances are 100% backed by USDC on the Ethereum Mainnet, and are the balances used as margin on all existing markets.

Special internal liquidity pools are used to convert 1-1 the different stablecoins internally, and these conversions are triggered automatically on deposit and withdrawals.

For instance, you can deposit 500 BUSD on Binance Smart Chain. Once the deposit is received, it is going to be converted automatically to a 500 USD primary balance.

After making some trades, your balance may increase to 550 USD. If you’d like to, you can withdraw 550 USDC on Polygon, and the 550 USD will be converted to 550 USDC (Polygon) automatically.

Because these pools have limited liquidity, it is possible that a large enough deposit will not be converted. For example, a deposit of 100,000 BUSD on Binance Smart Chain may exceed the amount available in the conversion pool.

In this case, a user will end up with an available balance of 100,000 BUSD, which can be used for withdrawals, but it won't be converted into a USD balance for trading. This mechanism prevents any stablecoin collapse (except the USDC on Ethereum) from undermining the security of the USD balances.

Proof of Assets and Liabilities

All user USD balances are backed by USDC stored on a single multisignature safe contract in the Ethereum Mainnet.

This address is associated with ENS domain quivertrade.eth, and is a 3-out-of-4 multisignature contract. Two signer keys are held by team members, and two signer keys are held by investors. No more than two keys are held simultaneously in a single continent.

For users to check that 100% of user assets (as shown by the user balances) are indeed stored in this safe contract, they need to be able to know what the sum of user balances is.

The most advanced way of doing that is through a Merkle-tree proof of reserves. This preserves privacy of balances while allowing users to check individually whether their own balances are included in the totals.

While Quiver intends to implement Merkle-tree proof of reserves, in its alpha version it currently uses a much more simple method: all balances are made public every day.

This sacrifices some privacy in exchange for transparency and simplicity. Any interested party can verify that their own balance is included in daily snapshots, and that the sum of USD balances in each snapshot is strictly less than the USDC stored in the multisignature safe.

Hot Wallets

Withdrawing from cold multisignature wallets takes time and effort. This is by design! The signers need to manually approve any withdrawals, and run security checks before signing any requests.

However, users expect their withdrawals to be performed quickly, and even consider delays as a sign that something is wrong with an exchange!

As a result, most custodial exchanges offer hot wallets that service most withdraw requests instantly. However, these hot wallets are often an extremely attractive target for hackers. Security violations in hot wallets often result in exchanges losing customer assets and becoming insolvent.

Quiver decided to solve this problem by keeping 100% of user funds in the cold, multisignature wallet, but at the same time using some of the exchange's DAO treasury to fund a small hot wallet for faster withdrawals. As a result, an eventual security violation in the hot wallet will not generate any losses to exchange users.

A large volume of withdrawals may deplete the hot wallet. If this occurs, withdrawals will be delayed until a secure transaction can be made from the safe contract.

When a withdrawal is performed from the hot wallet, the total funds stored in the cold wallet remain unchanged. Instead, such withdrawal is registered internally as a transfer from the withdrawing user to the internal hot wallet user.

The internal hot wallet user performs the withdrawal on behalf of the exchange, and in exchange receives the internal balances from the withdrawing user.