Final ERC extending ERC-4626 with asynchronous deposit and redemption flows for vaults that cannot settle synchronously. Designed for RWA, undercollateralized lending, cross-chain vaults, liquid staking, and insurance safety modules.
- 01real-world asset vaults
- 02illiquid / off-chain settlement strategies
- 03cross-chain lending vaults
- 04liquid staking with unbonding
- 05insurance safety modules
- forge install centrifuge/liquidity-pools
- pnpm add @openzeppelin/contracts
Implement async vaults against the IERC7540 interface (extends IERC4626 + IERC165). Use `requestDeposit(assets, controller, owner)` to lock assets and emit `DepositRequest`, then transition state Pending → Claimable → Claimed; the user later calls the overloaded `deposit(assets, receiver, controller)` (or `mint`) to claim shares. Mirror this for redemptions via `requestRedeem` + `redeem`/`withdraw`. Track per-controller request state via `pendingDepositRequest`, `claimableDepositRequest`, `pendingRedeemRequest`, `claimableRedeemRequest`. Centrifuge's liquidity-pools repo is the canonical reference implementation. Use `setOperator` / EIP-712 `authorizeOperator` to allow third parties to manage requests on behalf of an owner.
- ⚑Async settlement timing: requests do not settle in the same block — frontends must subscribe to claimable-state changes and surface a two-step UX (request, then claim) rather than treating deposits as instant.
- ⚑ERC-7540 vaults MUST NOT skip or short-circuit the Claimable state, even when economically equivalent — integrators rely on `claimableDepositRequest > 0` as a gating signal.
- ⚑Pricing is fixed at the moment a request becomes Claimable, not at request time and not at claim time — integrators that quote price-per-share at request submission will mis-price.
- ⚑`previewDeposit`/`previewMint`/`previewWithdraw`/`previewRedeem` MUST revert for fully-async vaults; do not rely on them for routing — use the request/claim flow instead.
- ⚑Operator approvals (`setOperator`, `isOperator`) are separate from ERC-20 allowances and from ERC-4626 share approvals — confusing them leads to phantom unauthorized claims.
- ⚑`requestId` semantics are implementation-defined (some impls always use 0 for fungible requests, others mint per-request NFTs) — never assume uniqueness without reading the impl.